U.S. Commerce Dept Imposes Export Controls on Anthropic’s Claude Mythos 5 and Fable 5

The Bureau of Industry and Security (BIS) has issued a landmark “Is Informed” letter to Anthropic CEO Dario Amodei, mandating that the company obtain an individually validated export license before sharing its Claude Mythos 5 and Claude Fable 5 AI models with any foreign national anywhere in the world.

In a letter signed by Commerce Secretary Howard W. Lutnick, BIS invoked the Export Control Reform Act of 2018 (ECRA), specifically 50 U.S.C. § 4817(b)(1), which empowers the agency to establish interim controls on emerging and foundational technologies essential to U.S. national security.

The order also relies on § 744.22(b) of the Export Administration Regulations (EAR), 15 C.F.R. Parts 730–774, which authorizes BIS to require export licenses whenever there is an unacceptable risk of use in, or diversion to, a “military-intelligence end use” or a “military-intelligence end user”. This marks the first time the Commerce Department has exercised this particular ECRA provision against a commercially available AI model.

Global Lock to Claude Mythos 5 and Fable 5

The BIS directive covers any export, reexport, or in-country transfer of the Claude Mythos 5 and Fable 5 models, including deemed exports and deemed reexports. Practically, this extends to:

• Sending or taking the model out of the United States in any manner (§ 734.13(a)(1) of the EAR)
• Sending or taking the model from one foreign country to another (§ 734.14(a)(1) of the EAR)
• Retransferring the model within a single foreign country (§ 734.16 of the EAR)
• Releasing the model to a “foreign person” inside the United States — including non-citizen Anthropic employees

Anthropic received the directive on June 12, 2026, at 5:21 PM ET, just three days after the models launched on June 9, and immediately disabled global access to both.

The catalyst for this unprecedented action appears to be a reported jailbreak vulnerability in Fable 5 that could bypass its safety filters, potentially exposing the advanced cybersecurity capabilities embedded in the underlying Mythos 5 framework.

Mythos 5 is particularly capable of identifying software vulnerabilities, including long-hidden flaws in production codebases, and was originally intended for exclusive use by government entities and select enterprise partners. Anthropic contends that the identified bypass only surfaces “minor” security flaws also discoverable by other publicly available frontier models.

More than 80 cybersecurity executives and experts including leaders at Nvidia and Adobe signed an open letter to Secretary Lutnick urging the administration to lift the restrictions, backing Anthropic’s position that the threat is overstated.

To continue operations, Anthropic must now submit license applications through the Simplified Network Application Process Redesign (SNAP-R) portal (snapr.bis.gov), noting the “Is Informed” letter in the Additional Information field. Failure to comply carries prompt criminal and civil penalties under U.S. law.

The EU Commission has already warned that the controls “should not be discriminatory,” signaling potential diplomatic friction. The restrictions also affect foreign nationals on H-1B visas working at U.S. AI firms, raising significant workforce and enterprise access concerns.

The BIS letter states the license requirements remain in effect until superseded by a subsequent letter from BIS revising or rescinding the order. This action sets a defining precedent for how the U.S. government may regulate advanced AI as a dual-use technology under export control law going forward.

CISO & Security Leaders: Your next breach may not have a face. Join ISC2’s LIVE webinar, “Ghost in the Machine”