Fifteen days after the Commerce Department forced Anthropic to pull Fable 5 and Mythos 5 from global access with 90 minutes of notice, the US government has partially reversed course. On June 27, 2026, Commerce Secretary Howard Lutnick sent a letter to Anthropic authorizing the redeployment of Mythos 5 to approximately 100 US organizations that operate and defend critical infrastructure. Fable 5 remains suspended pending further negotiations. This is the fifth post in our ongoing coverage of what has become the most consequential frontier AI governance story of 2026.
For full context, see our prior coverage: June 13 — Initial Suspension | June 15 — The Background Story | June 24 — NSA Red-Team and Five Eyes Fallout | June 26 — Is This Now US Frontier AI Policy?
What the Letter Says
The authorization came in a letter from Commerce Secretary Howard Lutnick to Anthropic's chief compute officer Tom Brown, obtained by Semafor and reported by NBC News, Reuters, and others. Lutnick wrote that he had "determined that appropriate safeguards are in place to permit certain trusted partners to access the Claude Mythos 5 Model."Three details in that authorization are worth calling out specifically.
First, the scope: approximately 100 organizations, comprising US government agencies and private sector critical infrastructure companies. This is a significant reduction from the roughly 200 Project Glasswing partners who had access before the June 12 suspension — suggesting the restored list is a vetted subset, not a full restoration of prior access.
Second, the foreign national carve-in: the approved organizations reportedly include non-American employees working at those entities, as well as Anthropic's own non-US staff, who had initially been barred from accessing the model. This is a meaningful change from the original export control directive, which was so broadly written that it covered foreign nationals anywhere — including inside the US — and forced Anthropic to pull the model globally. The new authorization explicitly includes non-American employees at approved organizations, which resolves one of the most operationally disruptive aspects of the original order.
Third, the explicit exclusion: the letter does not address Fable 5. Anthropic's statement confirms it is "continuing to work with the government to expand access to Mythos 5 and make Fable 5 available for general use again" — but there is no timeline and no indication of what conditions need to be met.
What Changed in 15 Days
The shift from the June 12 suspension to the June 27 partial restoration reflects a two-week period of intensive negotiation. In response to Lutnick's export control directive, Anthropic dispatched a team of its top scientists and engineers to Washington to work with government counterparts in the Commerce Department and the Office of the National Cyber Director, aiming to restore public access to the models while preventing cyber risk.The tone of Anthropic's June 27 statement — "working closely with the US government" — is markedly different from the adversarial framing of the initial suspension period, when Anthropic publicly disputed the severity of the jailbreak finding and characterized the action as arriving without prior communication of a national security threat. The two-week engagement appears to have moved both sides toward a working arrangement, even if it falls well short of full restoration.
Commerce Secretary Lutnick's concern about Fable 5 specifically was that senior administration officials became increasingly concerned that users could circumvent Fable 5's guardrails, and the administration was not convinced that Anthropic's leadership understood the severity of their worries. The fact that Mythos 5 — the more restricted, purpose-built cybersecurity model — is being restored first while Fable 5 remains suspended is consistent with that framing: Mythos 5 was already operating under tighter access controls through Glasswing, while Fable 5 had been available to the general public.
What Mythos 5 Actually Is
For readers who have been following this series, the capability picture is now clearer than it was on June 12. Claude Mythos first made headlines in April 2026 when Anthropic described it as a potential "cybersecurity reckoning" — an AI model so capable that the company initially chose not to release it publicly. The model demonstrated an unprecedented ability to autonomously discover software vulnerabilities, uncovering thousands of high-severity flaws across every major operating system and web browser. Among its documented findings were a 27-year-old vulnerability in OpenBSD and a 16-year-old flaw in FFmpeg, along with chained Linux kernel exploits capable of full privilege escalation. The model reportedly achieved a 72% success rate in generating working exploits and chaining vulnerabilities on the first attempt — compared to 0% from the previous Opus model.That capability profile makes the partial restoration both logical and significant. Logical because critical infrastructure defenders — energy grids, financial systems, healthcare networks, telecommunications — are precisely the organizations that would benefit most from a model capable of finding vulnerabilities at that speed and depth before adversaries exploit them. Significant because the US government is now explicitly authorizing the deployment of a model with autonomous offensive cyber capability to defend national infrastructure, while simultaneously restricting the same model from broader public access. That is a considered policy position, not an accident.
The Fable 5 / Mythos 5 Distinction Matters
One point of confusion in public reporting on this story has been treating Fable 5 and Mythos 5 as interchangeable. They are not, and the distinction is relevant to understanding why one is being restored and the other isn't.| Model | Original Access | Capability Profile | Current Status |
|---|---|---|---|
| Mythos 5 | ~200 vetted Glasswing partners only | Full cybersecurity capability, purpose-built for vulnerability research | Restored to ~100 critical infrastructure orgs |
| Fable 5 | General public | Same technical foundation as Mythos 5, stronger guardrails on cyber/bio topics | Still suspended, Fable 5 return timeline TBD |
Fable 5 was the public-facing model — the one general users, developers, and commercial customers had access to. Its suspension is the one with the broadest commercial impact. Mythos 5 was always a restricted model; its restoration to a defined set of critical infrastructure organizations is closer to a return to the pre-June 12 Glasswing model than it is to a genuine policy reversal.
What This Means for Healthcare
Healthcare Qualifies as Critical Infrastructure — But Access Is Not Automatic
Under CISA's framework, healthcare and public health is one of 16 designated critical infrastructure sectors. That designation means healthcare organizations are within the category of organizations eligible for Mythos 5 access under the June 27 authorization. It does not mean access is automatic. The approximately 100 organizations in the initial restored list represent a vetted subset — likely weighted toward government agencies and large private sector operators with existing Glasswing relationships. Healthcare organizations not already in that list should monitor Anthropic's official communications for information on how to apply or request access as the list expands.The Defensive Use Case Is the Explicit Rationale
The government's stated reason for restoring Mythos 5 to critical infrastructure organizations is defensive: ensuring those organizations can use the model for defensive cyber purposes. For healthcare security teams, that framing is directly relevant to how Mythos 5 access should be justified and governed internally. Use cases that map cleanly to defensive vulnerability identification — scanning clinical systems, EHR integrations, medical device firmware, and network infrastructure for exploitable flaws before adversaries find them — are the use cases the government has explicitly authorized. Use cases that approach the dual-use boundary should be approached with appropriate governance documentation.Fable 5's Continued Suspension Is the Operational Gap
For most healthcare organizations, Mythos 5 was never accessible — it required Glasswing vetting and was purpose-built for advanced cybersecurity research. Fable 5 was the model integrated into commercial workflows: documentation assistance, clinical communications support, coding help, administrative automation. Its continued suspension is the gap that affects day-to-day operations, and there is currently no timeline for its return to general availability. Healthcare organizations that built workflows around Fable 5 should continue operating under their fallback plans and should not assume a near-term restoration.The Foreign National Resolution Is Operationally Significant
One of the most disruptive aspects of the original June 12 order was the broad foreign national prohibition, which affected not just international users but non-citizen employees at US organizations. The June 27 authorization explicitly includes non-American employees at approved critical infrastructure organizations. For healthcare systems with diverse workforces — which is most large health systems — this is a meaningful operational improvement for organizations that make the approved list, removing an access control problem that would have been difficult to manage in practice.The Bigger Picture
The partial restoration of Mythos 5 is a meaningful development, but it is worth being precise about what it does and doesn't represent. It is not a vindication of Anthropic's position that the original suspension was unjustified. It is not a full reversal of the export control action. And it is not a resolution of the underlying policy questions about frontier AI governance that this series has been tracking.What it is: a working arrangement between a frontier AI lab and the US government, negotiated over 15 days of intensive engagement, that allows a powerful cybersecurity model to be deployed defensively to vetted critical infrastructure organizations while the broader questions of Fable 5 access and the long-term governance framework remain unresolved.
The partial reversal reflects the delicate balance the administration is trying to strike between national security concerns and the need to maintain US leadership in AI. Restricting access too broadly risked leaving critical infrastructure exposed, while unrestricted access raised fears of misuse by adversaries. That tension is not resolved by the June 27 authorization — it is managed, partially, for now.
For healthcare security and AI program leaders, the practical state of play as of today is this: Mythos 5 is available to a defined set of critical infrastructure organizations for defensive purposes; Fable 5 remains suspended with no public timeline; GPT-5.6 is in a limited partner release with broader availability expected in coming weeks; and the US government has established a de facto review posture for frontier AI models with no formal framework yet in place to govern it. That is the operating environment your AI programs are running in. Plan accordingly.
We will continue tracking as Fable 5 negotiations develop and as the broader frontier AI governance framework either takes shape or doesn't.
AI Industry Watch posts track developments in the AI landscape relevant to healthcare security practitioners. This is the fifth post in our frontier AI governance series. bregg.com takes no position on the underlying disputes between AI labs and the administration.
Key Links
- Anthropic (@AnthropicAI): Official Statement on Mythos 5 Restoration (X)
- NBC News: US Government Gives Anthropic Green Light for Limited Re-Release of Mythos 5
- IBTimes: US Reverses Course, Restores Mythos 5 for Critical Infrastructure — Fable 5 Still on Hold
- CybersecurityNews: Anthropic Confirms Claude Mythos 5 Redeployment for US Critical Infrastructure
- Euronews: Anthropic Cleared to Restore Mythos 5 Access to Certain US Organisations
- bregg.com: Is This Now US Government Frontier AI Policy? (June 26)