Amazon’s cybersecurity research team quietly handed the White House the paper that ended foreign access to two of Anthropic’s most advanced AI models.
According to a Wall Street Journal report published in June 2026, Amazon researchers demonstrated that Anthropic’s Fable 5 model could be manipulated through a sequence of carefully constructed prompts to produce information usable in cyberattacks. Amazon chief executive Andy Jassy then shared those findings directly with White House officials. Shortly afterward, the administration issued an export control directive barring foreign nationals from accessing Fable 5 and Mythos 5 — Anthropic’s flagship models at the time.
The directive’s consequences landed unevenly and immediately. Many of Anthropic’s own researchers are foreign-born, which meant they were abruptly locked out of the very products they helped build. That detail alone signals how blunt the instrument was — a national security measure that caught scientists and engineers inside the targeted company in its sweep.
Amazon has not responded to requests for comment on the research paper or its communications with the administration.
The Jailbreak Question
The word “jailbreak” sits at the center of this dispute, and it matters more than it might initially appear. In AI security contexts, a jailbreak refers to a technique that bypasses a model’s built-in safety guardrails — getting the system to produce outputs it was specifically trained to refuse. The term carries weight because it implies a fundamental failure of the model’s design, not merely an edge case or an artifact of how a particular user framed a question.
Anthropic pushed back directly on the government’s framing. In a public statement, the company argued that the vulnerabilities Amazon identified were not unique to Fable 5 and could be reproduced using other widely available models, including OpenAI’s GPT 5.5. The implication is significant: if the same prompting techniques yield similar results across multiple frontier models, singling out Anthropic’s products for export restrictions looks less like a targeted security response and more like a selective enforcement decision.
Some independent security researchers appear to share that skepticism. Katie Moussouris, founder and chief executive of LutaSecurity, posted on BlueSky that she had reviewed the Amazon paper and stated plainly: “It’s not a jailbreak.” Moussouris has a long professional history in vulnerability research and coordinated disclosure, which gives her assessment some standing in this debate. Her characterization suggests the Amazon paper may describe something closer to standard adversarial prompting — a known challenge across the entire field — rather than a novel exploit specific to Anthropic’s architecture.
Former Commerce Department official Kate Koren offered a separate line of interpretation to the Journal, speculating that the White House’s broader antagonism toward Anthropic may have shaped the decision as much as the technical findings themselves.
A Longer Dispute
The export control directive did not arrive in a vacuum. Anthropic and the Trump administration have been in open conflict for months over the company’s refusal to allow its AI systems to be used for mass surveillance of American citizens or to power lethal autonomous weapons systems. Those refusals put Anthropic in an unusual position among major AI developers — one that appears to have generated lasting friction with an administration that has moved aggressively to integrate commercial AI into defense and intelligence operations.
In February 2026, President Trump directed federal agencies to stop using Anthropic’s AI products entirely. Within hours of that directive, Secretary of Defense Pete Hegseth designated Anthropic a supply chain risk — a classification that carries formal procurement and security implications across the defense apparatus. The speed of that sequence suggested coordination rather than coincidence.
What makes the current situation more complicated is that the two sides had, at least on the surface, moved toward accommodation. Anthropic and the administration had reportedly worked together to expand access to Mythos, suggesting some degree of functional relationship had been restored. The June 2026 directive effectively collapsed that arrangement and reset the dynamic to something more adversarial.
What the Evidence Actually Shows
The core factual picture, stripped of the competing characterizations, looks like this: Amazon produced a research paper claiming Fable 5 could be prompted to surface cyberattack-relevant information. Jassy communicated those findings to the White House. The White House issued an export control directive. Anthropic disputed the severity and uniqueness of the vulnerabilities. Independent security researchers have questioned whether “jailbreak” is the accurate term. A former government official raised the possibility that political factors influenced the outcome.
That is a lot of contested ground. What is not contested is the practical effect: foreign nationals, including Anthropic’s own staff, lost access to Fable 5 and Mythos 5 under an export control framework typically reserved for technologies with clear weapons proliferation risk.
Export controls in AI are still a relatively new and unsettled area of policy. The Commerce Department has been developing frameworks for controlling access to advanced AI models, but the criteria for what triggers a restriction — and how technical findings translate into enforcement decisions — remain opaque. The Anthropic case is likely to become a reference point in that ongoing policy debate, precisely because the technical justification is disputed and the political context is so visible.
The Competitive Dimension
One element that observers have noted, though carefully, is that Amazon is both a major investor in Anthropic and a direct competitor in the AI model market through its own AWS AI services and its relationship with other model providers. Amazon’s investment in Anthropic is substantial — the company committed up to four billion dollars to Anthropic beginning in 2023. That relationship makes the dynamic between the two companies genuinely unusual. Amazon funds Anthropic’s research and simultaneously produced the security paper that triggered a government action restricting Anthropic’s products.
Whether that dual role influenced the scope or framing of the Amazon research is not something the available evidence resolves. But it is the kind of structural tension that tends to surface in policy and legal proceedings, and it is unlikely to go unexamined as this situation develops.
The administration’s decision to act on Amazon’s findings while Anthropic’s own rebuttal — and independent expert skepticism — was already circulating suggests the government was not primarily conducting a technical adjudication. It was making a policy choice, one that happens to have a technical paper attached to it.
Anthropic has indicated it intends to contest the export control directive through available legal and regulatory channels.
