In the days leading up to an unprecedented US government order that forced Anthropic to globally shut down access to two of its most advanced artificial intelligence models, Amazon’s chief executive, Andy Jassy, privately voiced serious security concerns about the very same systems to senior Trump administration officials. That revelation, shared by a person familiar with the matter, adds a significant layer of context to an already extraordinary sequence of events that unfolded this week in the rapidly evolving world of frontier AI regulation.
The situation began when Anthropic, the San Francisco-based startup that has confidentially filed for a US initial public offering, briefly released a public version of its model called Fable. The company had previously flagged the hacking capabilities of an earlier model named Mythos and kept it from wide distribution. With Fable, Anthropic claimed to have built in strong cybersecurity safeguards. But that public release lasted only days. On Friday, Anthropic announced in a blog post that the US government had informed the company of a belief that there exists a way to bypass—or “jailbreak”—one of those safeguards, specifically the one designed to prevent the model from being used to uncover software vulnerabilities.
Here is where the story takes an even sharper turn. According to Anthropic’s own account, the Trump administration issued an export control order directing the company to block any foreign nationals—whether located inside or outside the United States—from using both Fable 5 and Mythos 5. In response, rather than attempt a complicated partial shutdown, Anthropic made the striking decision to disable access to the models globally. It was a move that effectively pulled cutting-edge AI technology from users everywhere, including in allied nations.
White House adviser David Sacks later wrote on social media that officials had issued the export control “reluctantly” after Anthropic’s chief executive, Dario Amodei, “refused” to “fix the jail break or de-deploy the model.” Sacks, who co-chairs Trump’s Council of Advisors on Science and Technology and previously served as the White House’s AI czar, added: “The Admin’s hope now is that Anthropic remediates the safety issue, the export control is lifted, and Fable goes back into general release.”
Yet for many experts who follow AI export controls closely, the action raised more questions than answers. The unusual nature of the order is that it does not distinguish between adversaries and allies. It applies equally to researchers and employees in Canada, the United Kingdom, and other friendly nations. Jimmy Goodrich, a senior fellow at the University of California’s Institute for Global Conflict and Cooperation, did not hold back in his assessment. “This was not well thought-out,” Goodrich said. “It even bans Canadians and Brits employed at Anthropic from doing research and development.”
That criticism points to a deeper tension in how governments are trying to manage the national security implications of advanced AI. On one hand, the fear is understandable. If a model can be jailbroken to identify software vulnerabilities, that same capability could theoretically be used by hostile actors to discover and exploit critical flaws in infrastructure, financial systems, or military networks. On the other hand, sweeping export controls that treat Toronto and London the same as Beijing or Moscow risk alienating trusted partners and disrupting legitimate research collaboration.
Amazon itself walked a careful line when asked about Jassy’s reported discussions with government officials. A company spokesperson did not confirm or deny the specifics but offered a measured statement: “As a leading cloud provider that serves a large number of private and public sector customers, it’s not uncommon for governments to seek our counsel on potential security risks. When they occur, we don’t share the details of these discussions.” That response leaves room for interpretation, but it does not contradict the idea that Amazon has been an active participant in back-channel conversations about Anthropic’s models.
Anthropic, for its part, tried to downplay the severity of the security flaw at the heart of the government’s concern. In its blog post, the company stated that the jailbreak method found only “minor” security flaws—ones that other publicly available models can also discover. That defense, if accurate, raises an uncomfortable follow-up question: if other models already possess similar capabilities, why single out Anthropic with an export control order that disrupts global access?
