All Major AI Models Can Do It: Anthropic’s 19-Day Ban Reveals Jailbreak Parity Across GPT-5.5, Kimi, and Claude
Key Takeaways
- Anthropic's testing showed that the jailbreak technique flagged by Amazon works across OpenAI’s GPT-5.5, China’s Kimi K2.7, and its own older models, raising questions about whether such capability is unique or universal — and how a new classifier aims to block it.
Mentioned
Key Intelligence
Key Facts
- 1Amazon engineers bypassed Anthropic and reported a jailbreak technique for Claude Fable 5 to the U.S. Commerce Department on June 12, 2026.
- 2The resulting export control directive forced Anthropic to globally shut down both Fable 5 and Mythos 5 for 19 days, from June 12 to July 1, 2026.
- 3Anthropic’s testing found the same jailbreak worked on Claude Opus 4.8, OpenAI’s GPT-5.5, and China’s Kimi K2.7, indicating the vulnerability was not unique to Fable 5.
- 4To regain access, Anthropic built a new safety classifier and collaborated with Amazon, Microsoft, and Google on an industry jailbreak framework.
- 5On July 1, 2026, Claude Fable 5 became globally available again, while Mythos 5 was restored only for select organizations.
- 6CEO Dario Amodei delegated Washington negotiations to co-founder Tom Brown and policy leads, signaling a deliberate crisis-management strategy.
Analysis
AI researchers now have a critical data point: the jailbreak that brought down Claude Fable 5 for 19 days is not a singular vulnerability but a nearly universal trait. When Anthropic tested the same prompts on GPT-5.5, Kimi K2.7, and Claude Opus 4.8, every model generated similar exploit code — turning a regulatory crisis into a teachable moment about evaluation parity and the urgent need for robust, model-agnostic safety classifiers.
On June 12, 2026, a single report from Amazon engineers to the U.S. Commerce Department triggered the global shutdown of Anthropic’s two newest AI models, Claude Fable 5 and Mythos 5. For 19 days, every user on the planet lost access to the frontier systems, as the company grappled with an export control directive that demanded it block foreign nationals — an order impossible to implement without a global blackout. The incident spotlights the fragile intersection of AI safety, investor dynamics, and national security regulation, and it ends with a hard-fought resolution: a new safety classifier, a cross-industry jailbreak framework, and a reinvigorated debate about what constitutes dangerous AI capability.
Commerce Department triggered the global shutdown of Anthropic’s two newest AI models, Claude Fable 5 and Mythos 5.
The immediate trigger was a jailbreak technique discovered by Amazon researchers. They found that Claude Fable 5 could, under specific prompting, identify software vulnerabilities and generate example code demonstrating how such a flaw could be exploited. The researchers opted not to notify Anthropic directly but instead went straight to the Commerce Department — a move that raised eyebrows given that Amazon is Anthropic’s largest outside investor, with a multi-billion-dollar stake. The Commerce Department issued an export control directive that required Anthropic to prevent foreign nationals, including its own non-citizen employees, from accessing the models. Lacking any real-time nationality verification system, Anthropic had no choice but to pull the plug globally. Mythos 5 went dark alongside Fable 5, and the AI world watched a 19-day standoff unfold.
The heart of Anthropic’s defense — and the broader industry significance — lies in what happened next. The company conducted its own red-teaming across a spectrum of models: its own earlier Claude Opus 4.8, OpenAI’s GPT-5.5, and China’s Kimi K2.7. Every single model, when prompted similarly, could produce equivalent exploit identification and demonstration code. For Anthropic, this wasn’t a unique evil genius of Fable 5 but a routine capability that any reasonable defensive cybersecurity tool might exhibit. The company framed it as the AI equivalent of a cybersecurity professional probing for vulnerabilities — a necessary, even benign, use case. This parity finding became a crucial part of negotiations with Washington, arguing that the export control trigger was overly broad.
The resolution, announced on July 1, involved several layers. First, Anthropic developed and deployed a new safety classifier designed to detect and block the specific type of jailbreak prompt that triggered the original incident. Second, in an unprecedented display of industry cooperation, the company collaborated with Amazon, Microsoft, and Google to build a shared jailbreak framework — a template for how frontier AI labs would handle such threats in the future. Third, the Commerce Department accepted the combination of technical safeguards and industry-wide commitments, allowing Claude Fable 5 to return to global availability. Mythos 5, however, remained restricted to a select list of vetted organizations, suggesting lingering concerns or a tiered-access approach.
What to Watch
The fact that CEO Dario Amodei took a hands-off role, delegating negotiations to co-founder Tom Brown and public policy leads, signals a mature crisis-management strategy at a company that had previously been criticized for being too CEO-centric. It also hints at the delicate dance between maintaining technical credibility and political sensitivity. Amazon’s dual role as both investor and accuser adds a layer of corporate drama, but the collaboration on the framework shows that competitive tensions can give way to collective safety imperatives.
For the broader AI industry, this episode carries several lessons. Export control regimes, originally designed for physical goods and military technologies, are being applied to software models in ways that can result in abrupt, global service interruptions. The concept of a “jailbreak” is evolving from a mere embarrassment to a national security trigger. Moreover, the universal nature of the vulnerability across models from different continents underscores the need for consistent evaluation standards. If a jailbreak that works on a U.S. model also works on a Chinese one, the geopolitical framing of export controls appears shaky. Anthropic’s new classifier and the joint industry framework may become a template for proactive safety, but the incident also highlights the risk that a single investor or competitor can, with one report to regulators, bring a company to its knees. As AI models become more deeply integrated into global infrastructure, the mechanisms for governing their accidental or deliberate misuse must be as agile as the models themselves.
Timeline
Timeline
Amazon reports jailbreak; Commerce issues directive
Amazon engineers report a jailbreak technique on Claude Fable 5 to the U.S. Commerce Department, which orders Anthropic to block foreign national access. Anthropic globally shuts down Fable 5 and Mythos 5.
Claude Fable 5 restored globally; Mythos 5 partially restored
After 19 days, Anthropic deploys a new safety classifier and the industry jailbreak framework, winning approval. Claude Fable 5 returns worldwide, while Mythos 5 is made available only to select organizations.
From the Network
Investor Amazon’s Report Shuts Down Anthropic for 19 Days — Lessons for AI Startups
Anthropic’s largest investor Amazon bypassed the company to report a jailbreak to regulators, triggering a 19-day global shutdown of its flagship AI models — highlighting governance risks for high-val
LegalUS export control forces Anthropic to disable 2 AI models for 100s of millions
Anthropic's compliance with a vaguely defined national security order to block foreign access sets a contested precedent for government authority over commercial AI, with implications for export contr
SaaSAfter 18-Day Ban, Mythos 5 Returns, Boosting Enterprise AI Cybersecurity
The restoration of Mythos 5, with its world-leading cybersecurity AI, is a critical win for SaaS and cloud providers who rely on advanced threat detection. The government's security terms now align wi
CyberAmazon Found Fable 5 Bypass; Mythos 5 Still Restricted to 30% of U.S. Orgs
The Trump administration lifted bans on Anthropic's Claude models after a cybersecurity alert from Amazon researchers, but the most powerful model remains under tight federal control. This incident un
How we covered this story
Every story in our ai coverage is assembled from multiple primary sources, cross-referenced for factual consistency, and scored along three independent dimensions: sentiment, operational impact, and source-cluster confidence. Single-source rumors and unverifiable claims do not pass our editorial gate. When a story shows "Verified by N sources" with N≥2, the development is independently corroborated; when N=1, we mark it explicitly so readers can weigh the signal accordingly.
Impact scoring uses a 1-10 scale weighted toward regulatory, financial, and operational consequence rather than coverage volume. A topic that runs in every outlet but moves no real decisions ranks lower than a niche regulatory filing that reshapes how operators in the ai space have to behave. Read our full methodology for the scoring rubric, our glossary for term definitions, and our trends index for the longitudinal view across the beat.
| Signal on this page | What it tells you |
|---|---|
| Verified by N sources | Independent corroboration count. N≥2 is our confidence floor; N=1 is marked explicitly. |
| Impact score (1-10) | Regulatory + financial + operational weight. 8+ signals an experienced-operator action item. |
| Sentiment | Five-tier classification trained on labeled ai-specific corpora. |
| Timeline | Where applicable, the related-events sequence that contextualizes today's development. |