TL;DR
White House AI adviser David Sacks said the administration restricted Anthropic’s Fable S model after a trusted partner found a jailbreak that could restore Mythos-level cyber capability. Anthropic says the government provided no specific technical detail and that the issue was narrow and minor. The technical evidence, the full methodology and the partner’s identity remain non-public.
White House AI adviser David Sacks said the administration restricted Anthropic’s Fable S model because a trusted partner found a jailbreak that could restore dangerous cyber capability, a claim Anthropic disputes as the company argues the flaw was minor and not grounds for recalling a widely used model.
Sacks, who is identified in the source material as co-chair of the President’s Council of Advisors on Science and Technology, said on X that a “highly credible trusted partner” found a way around Fable’s guardrails. According to Sacks, the administration asked Anthropic CEO Dario Amodei to fix the issue or pull the model, and acted after he refused.
Anthropic’s account is materially different. In a June 12 blog post described in the source material, the company said the government did not provide specific technical detail, and said the demonstration showed only a few minor, already-known flaws. Anthropic also said other public models, including GPT-5.5, produced similar results without a bypass.
The core dispute is severity. Sacks frames the issue as a bypass that restores “operability of a cyberweapon.” Anthropic describes it as a “narrow potential jailbreak” that should not force action against a model it says is used by hundreds of millions of people. Neither side has released enough technical evidence for outsiders to verify either account.
The Safety Card, Played From Every Side
● ContestedA White House adviser says Anthropic refused to fix a cyberweapon jailbreak and got banned for it. Anthropic says the flaw is trivial. Almost every fact that would settle it is non-public — and “safety” is now the card every side is playing.
Both are claims, not findings. They don’t disagree on tone — they disagree on what the bypass actually is.
- A “highly credible trusted partner” found a jailbreak of Fable’s guardrails.
- The admin asked Amodei to fix it or pull the model. He refused.
- So the export control was issued — “reluctantly.”
- It restores operability of a cyberweapon; calling that “not serious” is indefensible.
- The government gave no specific technical detail.
- The demo found a few minor, already-known flaws.
- Other public models (incl. GPT-5.5) do the same without a bypass.
- A “narrow potential jailbreak” shouldn’t recall a model used by hundreds of millions.
Per reporting by Semafor (carried by Fortune and others), the entity that flagged the jailbreak was Amazon — with CEO Andy Jassy reportedly in contact with the administration. Amazon hasn’t confirmed specifics. Flagging a real risk is what a good partner does — but Amazon wears three hats at once, and none of them is neutral.
Each actor’s safety claim points toward its own advantage.
The entire evidentiary record is a matter of trusting parties who each have a reason to shade it.
A transparent, technically grounded, independently reviewable process — which is, notably, exactly what Anthropic says it wants, and exactly what would also constrain Anthropic. The reason to demand it isn’t loyalty to anyone; it’s that the alternative is decisions made on secret evidence and adjudicated in dueling press statements.
Independent commentary, produced with AI assistance under human editorial oversight; the views are the author’s own and may change. This is analysis and opinion, not investment, financial, legal, or technical advice, and it concerns an actively developing situation in which key facts are disputed and non-public. Claims attributed to David Sacks reflect his June 13, 2026 statement on X; claims attributed to Anthropic reflect its published statements; reporting on Amazon’s role reflects accounts published by Semafor and others — all read as of June 15, 2026, and presented as the claims of those parties, not as established fact. Characterizations are the author’s interpretation, offered in good faith and open to rebuttal. References to specific people, companies, and government actions are factual and analytical, not partisan, and imply no affiliation or endorsement.
Secret Evidence Drives AI Policy
The dispute matters because it shows how AI safety claims are now being used by government officials, AI developers and major technology partners in decisions that can affect access to frontier models. If the administration’s account is accurate, the action could be a rare example of fast government intervention to limit cyber misuse risk. If Anthropic’s account is closer to the facts, the case could become a warning about using undisclosed evidence to restrict commercial AI systems.
The case also cuts against the usual alignment of arguments. Anthropic has often argued for tighter controls on high-risk AI systems. In this case, the company says the danger has been overstated. The administration, meanwhile, is using safety grounds to justify what the source material describes as its most forceful intervention in commercial AI to date.

Privacy Tools in the Age of AI: Practical Strategies with VPNs, Secure DNS, Private Relay and Intelligent Defenses (Build Your Own VPN)
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
The Mythos Guardrail Dispute
The source material says Sacks’ argument depends on the relationship between Fable S and Mythos. Sacks says Fable is essentially Mythos with guardrails, and that a guardrail failure could give restricted users access to Mythos-class cyber capability. Anthropic disputes that framing and says the reported behavior does not support such a severe response.
Reporting cited in the source material by Semafor, carried by Fortune and others, says Amazon may have been the trusted partner that reported the jailbreak. Amazon has not confirmed the specifics. That point matters because Amazon is described as an Anthropic investor, cloud provider and competitor through its own AI model work. A real safety report can be valid even when the reporter has commercial interests, but those interests make independent review more valuable.
“A “highly credible trusted partner” found a jailbreak of Fable’s guardrails.”
— David Sacks, via X
The public record does not yet show the jailbreak method, the test setup, the model configuration, the exact cyber task, the mitigation requested by the government or an independent assessment of the risk. The identity of the trusted partner has also not been officially named in the material provided.
Because those facts are missing, readers cannot determine whether the flaw was a serious guardrail failure, a routine red-team result, or something between those two accounts. The current record consists mainly of competing statements from parties with policy, business or reputational stakes in the outcome.
Patch Timing Becomes The Test
The next signal will be whether the restriction is lifted quickly after a quiet fix or whether the standoff continues. A rapid return after a patch would support the view that a concrete vulnerability existed and was remediated. A prolonged dispute without public technical detail would add pressure for a reviewable process that can separate real safety risk from strategic claims.
Key Questions
What happened to Anthropic’s Fable S model?
According to David Sacks, the administration restricted the model after a trusted partner found a jailbreak of its guardrails. Anthropic disputes the severity of the finding.
What does Anthropic say about the alleged flaw?
Anthropic says the government gave no specific technical detail and that the demo showed minor, already-known issues seen in other public models.
Was Amazon involved?
Semafor reporting cited in the source material says Amazon may have been the partner that flagged the issue. Amazon has not confirmed the specifics in the provided record.
What is still unknown?
The jailbreak method, severity, testing process, partner identity and independent validation remain non-public.
Source: Thorsten Meyer AI