Two days. That's how long Fable 5 and Mythos 5 were publicly available before Anthropic switched them off, for everyone. Not just foreign users. Everyone, including customers inside the United States. No warning, no grace period, no explanation beyond a government directive.12
What Happened
This is the first export control directive the US government has ever issued for LLM access.3 The order itself targeted foreign nationals, inside or outside the US, including Anthropic's own foreign employees. But Anthropic couldn't verify nationality at the scale required, so it disabled both models for its entire global customer base. “We must abruptly disable Fable 5 and Mythos 5 for all our customers to ensure compliance,” the company said.2 A directive aimed at foreign nationals took down access for everyone, American citizens included.
The Question Every Board Should Be Asking
If a vendor can be ordered to cut off its best product overnight, with no explanation owed to anyone, what exactly does your organization own? Not a capability. A lease. And the landlord just rewrote the terms without telling you.
This isn't an AI story. It's the same mechanism behind theCLOUD Act and the EU AI Act's enforcement teeth: the infrastructure your operations depend on answers to a jurisdiction you don't vote in. Sovereignty was never about which model is smartest. It's about who holds the switch.
Add this to the ledger. Every one of these stories, the CLOUD Act, the EU AI Actpenalties, and now this, is the same sovereignty deficit showing up in a different jurisdiction. Most organizations can't name a single vendor whose access they don't control. That's not a research gap, it's an unmapped dependency, and closing it is exactly what a sovereignty assessment is for. If this week made you wonder what else in your stack someone else can switch off, that's the starting point for a conversation with Sovereign GRC.