# The Fable 5 jailbreak wasn't unique — every frontier model shared it

> Anthropic's later investigation found the Fable 5 cyber jailbreak worked on rival frontier models too, not just Claude.

*The export order that pulled Claude Fable 5 traced to one cyber jailbreak. Anthropic's later investigation found the same bypass worked across the frontier.*

By WireRead Editorial · WireRead
Canonical: https://wireread.com/news/frontier-model-jailbreak-not-unique

The US export-control order that took Claude Fable 5 and Mythos 5 offline on 12 June began with a narrow, specific finding. Researchers at Amazon had discovered a way to bypass Fable 5's safeguards and coax the model into identifying software vulnerabilities — in at least one case producing working demonstration exploit code. That single result was enough to trigger roughly ninety minutes' notice and a fortnight of darkness for two of the most capable models on the market. What the intervening weeks established, however, is that the flaw was never Anthropic's alone.

## What actually triggered the export order

The immediate cause was cyber capability, not a general safety failure. Amazon's researchers showed that Fable 5 could be prompted past its guardrails to do vulnerability research — the dual-use capability that sits at the centre of the administration's frontier-model concerns. Anthropic was given minutes, not days, to comply; Fable 5 and Mythos 5 went dark on 12 June and stayed offline for more than two weeks while the company and the government negotiated the terms of their return. The episode read less like a routine safety review than a live test of how far Washington's leverage over a frontier lab actually reaches.

> Anthropic's decision to restore access to its most powerful models signalled what Fortune called a necessary truce with the US government — ending a standoff that began with the cyber-jailbreak finding and closed only once new safeguards were in place.
> — [Fortune](https://fortune.com/2026/07/01/anthropic-fable-mythos-ai-models-restored-trump-administration-export-controls/), 2026-07-01

## Anthropic's investigation: the flaw is industry-wide

During the standoff, a group of cybersecurity experts wrote an open letter to the administration making a simple argument: the vulnerability was not unique to Anthropic, and other leading models had the same weakness. Anthropic's own follow-up work, reported in early-July coverage, put names to that claim. The company said its subsequent investigation found the same bypass worked on Claude Haiku 4.5, Sonnet 4.6, Opus 4.6, Opus 4.7 and Opus 4.8, as well as OpenAI's GPT-5.4 and GPT-5.5 and Moonshot's Kimi K2.7 — an entire class of jailbreak spanning the frontier, not a defect specific to Claude.

- Claude: Haiku 4.5, Sonnet 4.6, Opus 4.6, Opus 4.7 and Opus 4.8
- OpenAI: GPT-5.4 and GPT-5.5
- Moonshot: Kimi K2.7

> **Key:** The model list — Opus 4.8, GPT-5.5, Kimi K2.7 and the rest — comes from Anthropic's own subsequent investigation reported in early July, not from anything known on 27 June. On the day, the public claim was narrower: experts asserted the flaw was shared, and Anthropic later demonstrated exactly which models shared it.

> Axios's account of how the world's top AI models were revived described the fixes Anthropic put in place — a new classifier, a draft severity framework and a researcher bounty programme — as the price of getting Fable 5 back online.
> — [Axios](https://www.axios.com/2026/07/03/anthropic-ai-models-revived-behind-the-scenes), 2026-07-03

## Why singling out one lab is the wrong fix

If the jailbreak is industry-wide, switching off one company's models is closer to arbitrary than surgical. The capability that worried Amazon's researchers exists across the frontier; taking Fable 5 out of the market did nothing about GPT-5.5 or Kimi K2.7. To bring its models back, Anthropic trained a new safety classifier specifically to block the technique, published a draft 'AI jailbreak severity framework' to grade such findings, and opened a HackerOne programme inviting researchers to report cyber jailbreaks. Those are shared-defence moves — the kind of standard that only works if every lab adopts it.

That is the strategic point beneath the episode. The durable fix for a class of vulnerability is a common defensive standard and a disclosure pipeline, not the selective de-platforming of whichever lab a regulator happened to notice first. The same dynamic is now pushing Washington toward voluntary pre-release testing standards, and it is sharpening a familiar objection: heavy-handed reach into US labs does nothing to constrain the cheaper open-weight models that carry the same flaws and answer to no export order.

> Reporting in The Hill noted that the administration's restrictions on private AI models were already turning attention toward open-source systems, which face no equivalent gatekeeping even as they inherit the same capabilities.
> — [The Hill](https://thehill.com/policy/technology/5952253-trump-administration-ai-restrictions-opens/), 2026-06-30

## Key takeaways

- The 12 June order that pulled Claude Fable 5 and Mythos 5 traced to Amazon researchers bypassing Fable 5's guardrails to find software vulnerabilities and, in one case, produce demonstration exploit code.
- During the standoff, cybersecurity experts wrote an open letter to the administration arguing the flaw was not unique to Anthropic and that other leading models shared it.
- Anthropic's subsequent investigation, reported in early July, found the same bypass worked on Claude Haiku 4.5, Sonnet 4.6, Opus 4.6, 4.7 and 4.8, plus GPT-5.4, GPT-5.5 and Kimi K2.7.
- To restore its models, Anthropic trained a new classifier to block the technique, published a draft jailbreak severity framework, and opened a HackerOne bounty for cyber jailbreaks.
- The analytical point: an industry-wide vulnerability calls for shared defensive standards, not the selective de-platforming of whichever lab a regulator noticed first.

## FAQ

### Was the Fable 5 jailbreak unique to Claude?
No. Cybersecurity experts argued during the standoff that the flaw was shared, and Anthropic's subsequent investigation, reported in early July, found the same bypass worked across the frontier — including on OpenAI's GPT-5.5 and Moonshot's Kimi K2.7.

### Which models did Anthropic's investigation say were affected?
Per early-July reporting, Anthropic found the bypass worked on Claude Haiku 4.5, Sonnet 4.6, Opus 4.6, Opus 4.7 and Opus 4.8, plus GPT-5.4, GPT-5.5 and Kimi K2.7 — a class of jailbreak rather than an Anthropic-specific defect.

### Why did the US pull Claude Fable 5 in the first place?
Amazon researchers found a way to bypass Fable 5's safeguards to identify software vulnerabilities, in one case producing demonstration exploit code. That cyber finding triggered the 12 June export-control order and roughly two weeks offline.

### What did Anthropic do to bring the models back?
It trained a new safety classifier to block the jailbreak technique, published a draft 'AI jailbreak severity framework', and opened a HackerOne programme for researchers to report cyber jailbreaks — the conditions for restoring access.

### Does this affect open-source models too?
Reporting suggests so. Open-source advocates warn that clamping down on US labs does nothing about cheaper open-weight models that share the same vulnerabilities and sit outside any export order.

## Sources

- [How the world's top AI models were revived](https://www.axios.com/2026/07/03/anthropic-ai-models-revived-behind-the-scenes) — Axios, 2026-07-03
- [Anthropic restoring access to its most powerful AI models signals a necessary truce with the U.S. government](https://fortune.com/2026/07/01/anthropic-fable-mythos-ai-models-restored-trump-administration-export-controls/) — Fortune, 2026-07-01
- [Trump restrictions on private AI models turn attention to open source](https://thehill.com/policy/technology/5952253-trump-administration-ai-restrictions-opens/) — The Hill, 2026-06-30
