The moment that triggered the Trump administration’s dramatic crackdown on Anthropic, and may completely reset the ground rules for U.S. regulation of AI, happened almost by accident.
And it was sparked by one of Anthropic’s top investors: Amazon.
Last week, researchers at Amazon were busy stress-testing Anthropic’s newly released Fable 5, a “safe” version of Anthropic’s Mythos AI model. Anthropic had repeatedly said that its Mythos-class models had superhuman software hacking skills that were too dangerous to be released to the general public. Fable 5, which Anthropic launched on June 9, was equipped with what it said were robust safeguards against cybersecurity risks.
The Amazon researchers testing Fable, however, discovered a “jailbreak” that they documented as allowing users to bypass safety rails and access information that could be used in a cyberattack. Amazon promptly notified Anthropic. But the situation suddenly escalated when Amazon Chief Executive Andy Jassy happened to be on a pre-scheduled call with White House officials last Thursday, June 11, regarding an unrelated topic, according to two sources familiar with Amazon. Jassy brought up the vulnerability his team had found, and White House officials encouraged him to flag the issue directly to Treasury Secretary Scott Bessent, the sources said.
Jassy spoke to Bessent that same day. He told the treasury secretary about the Fable jailbreak but also stressed that he was concerned about the cyber capabilities of all of the frontier AI models, including those from other labs. Bessent has been leading the administration’s response to Anthropic’s Mythos model, largely because of the threat Mythos-powered cyberattacks could pose to the global financial system. His phone call with Jassy set in motion a chain of events that quickly became international news.
By Friday evening, just four days after Fable’s launch, U.S. Secretary of Commerce Howard Lutnick had hit Anthropic with unprecedented export controls, forcing the lab to pull its most powerful models. The move marked the first time the U.S. government stepped in to explicitly limit the release of a frontier AI model, triggering a wave of tech and political alarm around the world. Since then, cybersecurity experts, AI policy thinkers, American officials, and foreign governments have fiercely debated the consequences, questioning whether the Trump Administration’s heavy-handed decision sets a dangerous precedent, or if it reflects wise caution.
The stage for the watershed decision had been set months earlier, as the Trump administration wrangled with Anthropic over a separate issue involving its contract with the Pentagon, a fight that deepened a growing animosity toward the San Francisco AI company within the circle of tech policy officials in Trump’s orbit. It was further primed by the surging unease within national security agencies as Anthropic began expanding access to Mythos to an broader roster of companies.
For Anthropic, which recently closed a $65 billion funding round at a valuation of $965 billion and has filed paperwork to list its shares on the public markets, the export controls represent an existential threat at a time when rivals OpenAI, SpaceX, and Google are competing aggressively to dominate the AI business.
Many of the details of the weeklong showdown between Anthropic and the Trump administration are still emerging, and efforts to resolve the situation are fluid. Fortune spoke to more than a half dozen people involved on various sides of the situation to piece together how it happened and what it could mean going forward.
An ultimatum, and a flurry of frantic calls
On Friday, following Jassy’s phone call with Bessent, the administration contacted Anthropic and Chief Executive Dario Amodei, demanding that they either fix the jailbreak or remove the models from the market. According to a source familiar with Anthropic, the warning arrived with no prior communication or indication from the government that it considered the export of Fable a national security threat. Despite the lack of warning, the Commerce Department issued a 90-minute deadline, followed by strict export controls banning foreign nationals from using the software, a directive that Anthropic interpreted as an effective ban on the models themselves.
That’s because the government uses a “deemed export” standard that interprets the distribution of an AI model to any foreign national, including those physically located in the U.S., as the equivalent of exporting the model. That standard would apply even to Anthropic’s own non-U.S. employees. What’s more, Anthropic had no effective way of verifying the nationality of its users.
Anna Moneymaker/Getty Images
The ultimatum set off a flurry of frantic calls between Anthropic and the White House. Anthropic maintained that the jailbreak was relatively simple and could easily be achieved using other available models, the source said. But the argument failed to sway administration officials, who maintained that the bypass unlocked dangerous cyber capabilities.
An official letter from Lutnick, whose department oversees export controls, arrived just after 5 p.m. Eastern Time on Friday, informing the company that it required government approval before making its Fable 5 and Mythos 5 models available to any user abroad or any foreign national globally. Lutnick warned that non-compliance could result in criminal and civil penalties, according to a copy of the directive obtained by Bloomberg News.
By 10 p.m. that evening, Anthropic had taken Fable 5 and Mythos 5 offline.
“We disagree that the finding of a narrow potential jailbreak should be cause for recalling a commercial model deployed to hundreds of millions of people,” the company wrote in its blog post after taking the models offline. “If this standard was applied across the industry, we believe it would essentially halt all new model deployments for all frontier model providers.”
An Anthropic spokesperson added that both parties are working quickly to resolve the issue. Representatives for the White House did not respond to multiple requests for comment.
The saga continued into the weekend and this week. By Sunday, senior Anthropic technical staff had arrived in D.C. to meet White House officials in person, the source familiar with Anthropic said.
“The Admin values Anthropic’s technical capabilities and feels that this issue, while serious, should be easily resolved,” David Sacks, a venture capitalist who serves in an advisory role in the Trump Administration, wrote on X over the weekend. “The ball is in Anthropic’s court.”
But by Tuesday, Fortune understands, those talks had concluded with the export controls still in place and the next steps unclear. The two sides reached an impasse.
Industry blowback
While the immediate future of Fable remains in limbo, many cybersecurity experts have come to Anthropic’s defense. They warn that government licensing of AI models will make U.S. labs less competitive and allow geopolitical rivals like China to swoop in.
“Anything that stops the evolution of technology and development of technology is just going to leave the U.S. behind,” Danny Jenkins, chief executive at cybersecurity company ThreatLocker, told Fortune. “Criminals don’t care whether they’re allowed to export something from the U.S. or not.”
At a demo this week, Jenkins said he used Anthropic’s Claude model, which is not considered as potent as Fable or Mythos, to “completely ransomware a machine,” which the model itself eventually identified as textbook ransomware. But, Jenkins said, vulnerabilities are going to be exposed eventually, whether by a human or an AI model. The AI model simply does it faster. He suggested the government’s focus should be on hardening security and creating “zero trust” environments, rather than trying to police a model’s existence.
Legal experts have also questioned the logic of the export controls. Charlie Bullock, a senior research fellow on LawAI’s U.S. Law and Policy team, told Fortune that Lutnick’s letter leans on authorities that were never designed for publicly accessible AI systems, especially where users only interact with a model via an API (a software interface that lets different programs communicate).
That distinction raises questions about whether the government has stretched its statutory powers and whether the move can withstand First Amendment scrutiny, since earlier court decisions have treated published computer code as a form of protected speech.
“I think the takeaway is that the export control letter is on very shaky legal ground,” Bullock said.
Elsa/Getty Images
Since first flagging the issue to White House officials, Amazon has taken a step back on negotiations between Anthropic and the U.S. government. Amazon is one of Anthropic’s largest investors, having invested at least $13 billion in the startup in a series of deals that date back to 2023.
One engineer at Amazon said that employees have been making jokes that their company “snitched” on Anthropic, while others lamented the fact that they never had an opportunity to use Fable 5.
In a statement, an Amazon spokesperson said that as one of the world’s largest cloud providers, “it’s not uncommon for governments to seek our counsel on potential security risks. When they occur, we don’t share the details of these discussions.”
While it’s unclear whether Jassy expected his comments to White House officials to result in the export controls, it’s almost certain that he would have been aware of the tension between Anthropic and the Trump administration.
International reverberations
Back in October, Sacks, who used to serve as the Trump AI and crypto czar, lashed out at Anthropic for advocating for AI regulation at both the federal and state level, accusing the company of running a “sophisticated regulatory capture strategy based on fear-mongering.” He had previously accused the company of being “woke” and staffed with “leftists.”
This was followed by a highly publicized feud between the lab and the Trump Administration over the Defense Department’s use of Anthropic’s models. The Pentagon wanted Anthropic to agree to a new contract that would make it clear it could use the company’s models for “any lawful purpose,” while Anthropic wanted specific exemptions built into the contract that would bar its models from being used to control autonomous weapons or for domestic mass surveillance. When the two couldn’t come to terms, the Trump administration ordered all federal agencies to stop using Anthropic’s models and labeled Anthropic “a supply chain risk,” a designation that had never before been applied to a U.S. business, and which meant Anthropic’s models could not be used by any part of the U.S. military or by any defense contractors when working on Pentagon contracts. Anthropic has challenged the designation in court.
When Anthropic released Mythos in April, the relationship with the U.S. government appeared to be resetting on better footing. Because Mythos can find previously unknown security vulnerabilities—including in open source code bases that have been subject to extensive scrutiny by human security researchers for decades—and can then autonomously string these vulnerabilities together to run entire exploits, Anthropic coordinated with U.S. national security agencies. Anthropic’s Glasswing program initially released the model to a carefully curated group of 12 launch partners, all U.S. technology or financial firms whose systems controlled critical U.S. infrastructure. The idea was that these companies would use Mythos to find and patch vulnerabilities in their own software before hackers, who are increasingly using AI to find vulnerabilities and automate attacks, discovered them. Amazon and Microsoft were part of the initial group, which was then expanded to some 40 additional U.S. software companies in consultation with U.S. security agencies.
But the model’s debut also sparked panic among foreign governments and businesses, who were clamoring for access to Mythos to help them secure their code bases. Several weeks ago, Anthropic gave the U.S. government a list of 111 trusted organizations, many of them located overseas, that would also get access to Mythos. The administration approved this list. However, the lab later informed officials it had expanded the list by about 50 additional organizations, The Washington Post reported.
One of those new entries, the newspaper reported, was a South Korean telecommunications firm the administration suspected of having ties to China. A source close to Anthropic said the company did receive a request from the U.S. government several weeks ago to cut off Mythos access to a global telecommunications company. The source said Anthropic did this quickly after receiving the request. Other news accounts suggest the company was SK Telecom, although SK issued a statement saying “there is no basis for considering our company to be linked with China.”
The revelation of the ballooning Glasswing roster and the inclusion of the Korean telecom firm in that group damaged trust between the U.S. national security establishment and Anthropic, according to the Post. Even before Fable was rolled out last week, the National Security Agency was actively pushing the administration to put emergency export controls in effect, the report said.
Can the rift be repaired?
Julia Demaree Nikhinson / POOL / AFP via Getty Images
Amodei reportedly spent last weekend working the phones, trying in vain to persuade the administration to reverse its decision, while the company prepared to send its delegation of technical experts to Washington. According to press accounts, government officials were insisting Anthropic create guardrails for Fable that can’t be bypassed. But many experts in AI security say that all AI models are currently susceptible to some form of jailbreaking and that there is no known technical fix for this vulnerability.
The rift between Anthropic and the White House was on display Wednesday on the global stage at the G7 summit in Évian-les-Bains, France, where Amodei and Trump found themselves in the same room for a roundtable discussion of more than two-dozen business and government leaders. Seated directly at the president’s side was Sam Altman, Amodei’s arch-rival from OpenAI, who has remained publicly mum about the latest feud between the U.S. and Anthropic.
Across the room, on the other side of a large oval table, Amodei sat next to French President Emmanuel Macron. Addressing the group, the Anthropic CEO reportedly offered a pointed warning: “resist the temptation to splinter” in how they handle AI regulation.
On Thursday, Politico reported that Anthropic and the U.S. government were working on a deal to restore access to Fable and Mythos that would also see them jointly develop a framework for judging when future jailbreaks of a model’s guardrails posed a serious danger.
Meanwhile, in Seoul, South Korea, Chris Cauri, Anthropic’s managing director of international, told reporters at a press conference that “we are very confident that in the coming days, the models will be available again.”
But, as of Thursday evening Pacific Time, exactly how that would happen remained a mystery.