Anthropic has restored global access to Claude Fable 5 following an eighteen-day suspension triggered by US export controls, while announcing a new industry effort to standardise how AI jailbreaks are assessed and reported.

The controls, applied on 12 June, required Anthropic to restrict Fable 5 and its sister model Mythos 5 to US nationals only. With no reliable means of verifying nationality in real time, the company pulled access for all users rather than risk non-compliance. The order was lifted by the US government on 30 June, and Fable 5 became available again to Claude Platform, Claude.ai, Claude Code and Claude Cowork users from today. Mythos 5 access has also been partially restored, though only to a limited set of US organisations approved by the government on 26 June, with wider rollout to international Project Glasswing partners still under discussion.

The trigger for the controls was a report from Amazon researchers who found a way to prompt Fable 5 into identifying software vulnerabilities, in one case producing exploit code. Anthropic's own testing found the underlying capability was not unique to Fable 5. Every model it tested, including several rivals, could produce comparable exploit demonstrations. The company has characterised the bypass as a borderline case caught by its deliberately cautious safety margin, rather than evidence of a genuine jailbreak into dangerous territory.

Why CVSS is Failing CISOs: And what works instead.
How do you prioritize tens of thousands of open vulnerabilities when resources are finite and CVSS scores miss critical context? In this wide-ranging conversation, Stewart Tinson speaks with Stephen Fridakis, former CISO of Oracle Health, Google Health, HBO, and the United Nations, now advising clients across manufacturing, healthcare, and beyond. Stephen introduces the eBar framework—a revolutionary approach to vulnerability prioritization that adds business context, exploitability testing, and real-world risk factors that CVSS completely ignores. You’ll learn: • Why CVSS classifications are becoming irrelevant without understanding your specific implementation, business impact, and network topology • How the eBar framework prioritizes vulnerabilities using sensitivity, exploitability, and contextual risk scoring • Why overlooked medium vulnerabilities often create larger blast radius than isolated critical findings • How to communicate technical risks to boards using before/after states and operational impact (canceled surgeries vs. abstract data loss) • Why the CISO role has fundamentally shifted from technical implementation to business enablement and cross-functional leadership Key topics: Vulnerability debt accumulation • The critical importance of pen testing over automated scanning • Managing 12-13 overlapping security and privacy frameworks • GenAI security risks including fraud, synthetic identity, and non-human identity management • Healthcare innovation vs. regulatory compliance • EU AI Act vs. NIST frameworks and jurisdiction conflicts • Future CISO role convergence with compliance, legal, and information management Hard-won wisdom from someone who’s secured everything from UN peacekeeping operations to HBO content releases.

Anthropic has since trained a new classifier that it says blocks the specific technique in over 99% of cases, at the cost of a higher false-positive rate on routine coding and debugging requests.

More significant for the industry is Anthropic's proposal, developed jointly with Amazon, Microsoft and Google under the Glasswing banner, for a shared severity framework for jailbreaks. The draft scores a jailbreak against four criteria: how much capability it grants beyond existing tools, how broadly that capability applies across offensive tasks, how easy it is to weaponise, and how discoverable the technique already is. Anthropic says the aim is a consistent, objective standard the industry currently lacks, allowing developers to triage new findings and governments to know when to act. It is inviting other model providers to adopt it.

The announcement also sets out an expanded government collaboration package, including pre-release access for national security evaluators, faster sharing of safeguard details when serious jailbreaks are found, and dedicated compute for government-led AI security research.

For enterprise users, the commercial detail worth flagging: Fable 5 is included for up to 50% of weekly usage limits through 7 July on Pro, Max, Team and select Enterprise plans, after which it shifts to usage credits. Standard Enterprise seats have no included allowance at all and will need credits enabled from day one.


Why CVSS is Failing CISOs: And what works instead.
How do you prioritize tens of thousands of open vulnerabilities when resources are finite and CVSS scores miss critical context? In this wide-ranging conversation, Stewart Tinson speaks with Stephen Fridakis, former CISO of Oracle Health, Google Health, HBO, and the United Nations, now advising clients across manufacturing, healthcare, and beyond. Stephen introduces the eBar framework—a revolutionary approach to vulnerability prioritization that adds business context, exploitability testing, and real-world risk factors that CVSS completely ignores. You’ll learn: • Why CVSS classifications are becoming irrelevant without understanding your specific implementation, business impact, and network topology • How the eBar framework prioritizes vulnerabilities using sensitivity, exploitability, and contextual risk scoring • Why overlooked medium vulnerabilities often create larger blast radius than isolated critical findings • How to communicate technical risks to boards using before/after states and operational impact (canceled surgeries vs. abstract data loss) • Why the CISO role has fundamentally shifted from technical implementation to business enablement and cross-functional leadership Key topics: Vulnerability debt accumulation • The critical importance of pen testing over automated scanning • Managing 12-13 overlapping security and privacy frameworks • GenAI security risks including fraud, synthetic identity, and non-human identity management • Healthcare innovation vs. regulatory compliance • EU AI Act vs. NIST frameworks and jurisdiction conflicts • Future CISO role convergence with compliance, legal, and information management Hard-won wisdom from someone who’s secured everything from UN peacekeeping operations to HBO content releases.

200-character excerpt:

"US export controls on Fable 5 and Mythos 5 have lifted. Anthropic details the Amazon-reported bypass, its fix, and a new Glasswing-backed framework for scoring AI jailbreak severity."

(197 characters)

Share this post
The link has been copied!