Fable Is Back, and the Kill Switch Is the Real Story
On the evening of June 12, Anthropic switched off two of its AI models for every customer on the planet. Not throttled, not paused for a suspicious subset of users. Off. Worldwide. The company cited a US government export-control directive and national security, and offered no detailed public reason. Around July 1, the restrictions were lifted and access started coming back. The shorthand going around is “Fable is back,” and everyone seems keen to move on. I don’t think you should move on quite yet.
A quick recap, in case you spent June doing something healthier than following AI news. Back in April, Anthropic announced a model called Mythos and then pointedly did not release it. It went to a small number of selected organizations, because it turned out to be very good at finding and exploiting vulnerabilities in code, and a wide release was judged too risky. On June 9, the public got Fable instead, a deliberately constrained version of Mythos. Three days later, both models went dark everywhere.
The reported trigger was a jailbreak, which is the industry’s word for tricking a model into ignoring its safety guardrails. Except the details, thin as they were, made it sound remarkably unscary. Anthropic itself characterized the evidence as verbal, and the jailbreak as “narrow” and “non-universal.” What it apparently amounted to was asking the model to read a specific codebase and fix its software flaws.
Read that again. Fix the flaws in this code. That is not a sinister exploit. That is a Tuesday. It is roughly what millions of developers ask AI tools to do before their first coffee has cooled. If prompting a code-analysis model to analyze code now counts as a national security incident, we are going to need a much bigger incident log.
Now, some fairness, because the dual-use problem here is real and I don’t want to wave it away. The skill of finding a vulnerability and the skill of exploiting one are the same skill pointed in different directions. A model that can spot a buffer overflow for a security researcher can spot it for someone considerably less charming. Anthropic clearly knew this, which is why Mythos was locked away in April and why Fable shipped with its wings clipped. That caution was sensible. Vulnerability-hunting models are genuinely powerful, and pretending otherwise would be naive.
But notice what the caution was for. Security researchers have spent years asking for exactly this kind of tool. Finding flaws in code is the whole job. A dual-use model doing the beneficial half of its dual use is not a malfunction, it is the point. So when the response to secondhand, verbal reports of a narrow jailbreak (one that reads suspiciously like ordinary developer usage) is to cut off every customer on Earth, that looks less like calibrated risk management and more like someone flinching at a shadow. Plenty of people argued in the aftermath that the jailbreak reports were inflated. On the available evidence, I’m with them.
The switch worked, and that is the actual story
Here is what I think matters more than whether one jailbreak report was overblown. For about three weeks in the summer of 2026, a government demonstrated that it can reach into a commercial AI product and turn it off for the entire world, on evidence it never had to show anyone. Not for American users. For everyone, in every country, every company that had built workflows on top of these models, every developer mid-project. One directive, and the lights went out globally.
You can believe that was justified this time and still find the mechanism unsettling. Because the mechanism doesn’t care whether the next justification is good. The precedent is now sitting there, warm and tested. The next shutdown will be easier to order, easier to comply with, and easier to shrug at, because we’ve already had one and the sky stayed up.
This is also why the episode reignited the open-versus-closed model argument, and honestly, both sides got fresh ammunition. Closed models like Fable can be switched off remotely, which is exactly what just happened, and if that idea bothers you, open models start looking attractive. But flip it around. An open model, once released, cannot be recalled at all. No directive, no kill switch, no take-backs. If Mythos had been open-weights, the April decision to restrict it would have been meaningless the moment the files hit a torrent. So the honest version of the debate is not “which approach is safe” but “which failure mode do you prefer”: a tool that someone else can take away from you, or a tool that nobody can ever take away from anyone.
I don’t have a tidy answer to that, and I’d distrust anyone who claims to. What I do know is that the wrong lesson from June is “the system worked, Fable is back, all’s well.” A vague report of a model doing its job triggered a worldwide blackout, the public was told almost nothing, and three weeks later everything quietly resumed as if nothing had happened. If that’s the system working, ask yourself who it was working for. And ask what happens the day the switch gets flipped and nobody flips it back.
Sources: Al Jazeera, The Washington Post, Schneier on Security, CNBC, The Hill, Snyk

