U.S. Commerce Dept Imposes Export Controls on Anthropic’s Claude Mythos 5 and Fable 5
Cybersecurity NewsArchived Jun 17, 2026✓ Full text saved
The Bureau of Industry and Security (BIS) has issued a landmark “Is Informed” letter to Anthropic CEO Dario Amodei, mandating that the company obtain an individually validated export license before sharing its Claude Mythos 5 and Claude Fable 5 AI models with any foreign national anywhere in the world. In a letter signed by Commerce […] The post U.S. Commerce Dept Imposes Export Controls on Anthropic’s Claude Mythos 5 and Fable 5 appeared first on Cyber Security News .
Full text archived locally
✦ AI Summary· Claude Sonnet
HomeCyber Security
U.S. Commerce Dept Imposes Export Controls on Anthropic’s Claude Mythos 5 and Fable 5
By Guru Baran
June 17, 2026
The Bureau of Industry and Security (BIS) has issued a landmark “Is Informed” letter to Anthropic CEO Dario Amodei, mandating that the company obtain an individually validated export license before sharing its Claude Mythos 5 and Claude Fable 5 AI models with any foreign national anywhere in the world.
In a letter signed by Commerce Secretary Howard W. Lutnick, BIS invoked the Export Control Reform Act of 2018 (ECRA), specifically 50 U.S.C. § 4817(b)(1), which empowers the agency to establish interim controls on emerging and foundational technologies essential to U.S. national security.
The order also relies on § 744.22(b) of the Export Administration Regulations (EAR), 15 C.F.R. Parts 730–774, which authorizes BIS to require export licenses whenever there is an unacceptable risk of use in, or diversion to, a “military-intelligence end use” or a “military-intelligence end user”. This marks the first time the Commerce Department has exercised this particular ECRA provision against a commercially available AI model.
Global Lock to Claude Mythos 5 and Fable 5
The BIS directive covers any export, reexport, or in-country transfer of the Claude Mythos 5 and Fable 5 models, including deemed exports and deemed reexports. Practically, this extends to:
Sending or taking the model out of the United States in any manner (§ 734.13(a)(1) of the EAR)
Sending or taking the model from one foreign country to another (§ 734.14(a)(1) of the EAR)
Retransferring the model within a single foreign country (§ 734.16 of the EAR)
Releasing the model to a “foreign person” inside the United States — including non-citizen Anthropic employees
Anthropic received the directive on June 12, 2026, at 5:21 PM ET, just three days after the models launched on June 9, and immediately disabled global access to both.
The catalyst for this unprecedented action appears to be a reported jailbreak vulnerability in Fable 5 that could bypass its safety filters, potentially exposing the advanced cybersecurity capabilities embedded in the underlying Mythos 5 framework.
Mythos 5 is particularly capable of identifying software vulnerabilities, including long-hidden flaws in production codebases, and was originally intended for exclusive use by government entities and select enterprise partners. Anthropic contends that the identified bypass only surfaces “minor” security flaws also discoverable by other publicly available frontier models.
More than 80 cybersecurity executives and experts including leaders at Nvidia and Adobe signed an open letter to Secretary Lutnick urging the administration to lift the restrictions, backing Anthropic’s position that the threat is overstated.
To continue operations, Anthropic must now submit license applications through the Simplified Network Application Process Redesign (SNAP-R) portal (snapr.bis.gov), noting the “Is Informed” letter in the Additional Information field. Failure to comply carries prompt criminal and civil penalties under U.S. law.
The EU Commission has already warned that the controls “should not be discriminatory,” signaling potential diplomatic friction. The restrictions also affect foreign nationals on H-1B visas working at U.S. AI firms, raising significant workforce and enterprise access concerns.
The BIS letter states the license requirements remain in effect until superseded by a subsequent letter from BIS revising or rescinding the order. This action sets a defining precedent for how the U.S. government may regulate advanced AI as a dual-use technology under export control law going forward.
CISO & Security Leaders: Your next breach may not have a face. Join ISC2’s LIVE webinar, “Ghost in the Machine” – Book Your Spot Here
Tags
cyber security
cyber security news
Copy URL
Linkedin
Twitter
ReddIt
Telegram
Guru Baranhttps://cybersecuritynews.com
Gurubaran KS is a cybersecurity analyst, and Journalist with a strong focus on emerging threats and digital defense strategies. He is the Co-Founder and Editor-in-Chief of Cyber Security News, where he leads editorial coverage on global cybersecurity developments.
Trending News
Ghostwriter Hackers Abuse Gmail Admin-Themed Emails to Steal Credentials and 2FA Codes
152 Chrome Extensions Hide Ad Tracking and Fake Google Search Traffic
Hackers Use Rokarolla Android Malware to Disable Google Play Protect and Control Devices
Ivanti Endpoint Manager Mobile Vulnerability Enables Remote Code Execution Attacks
Oracle PeopleSoft 0-Day RCE Vulnerability Exploited in Attacks by ShinyHunters
Latest News
Cyber Security
AIRecon: AI-Powered Penetration Testing Tool with Kali Linux Sandbox
Cyber Security News
Critical LiteLLM Flaw Allows Authentication Bypass via Host Header Injection
Chrome
Critical Chrome Vulnerabilities Allow Attackers to Execute Arbitrary Code – Update Now!
Cyber Security News
Hackers Use Rokarolla Android Malware to Disable Google Play Protect and Control Devices
Cyber Security News
Deno-Based RAT Uses Microsoft Teams Impersonation and Mailbombing to Target Employees