Cybersecurity

Special report: Anthropic and the first great AI cyber showdown — a timeline

Over the past few days, a dispute over AI safety guardrails escalated into a White House crackdown, a global sovereignty debate, and the first major clash between frontier AI cyber capabilities and government authority.

Last Friday, the Trump administration decided to effectively force Anthropic to withdraw its Fable 5 and Mythos 5 models, which may prove to be one of the most consequential AI and cybersecurity policy actions yet taken by the US government.

On the surface, the dispute centers on allegations that Anthropic's newest models could be induced to reveal information useful for identifying software vulnerabilities and supporting cyber operations. But the broader significance extends far beyond a single company or model release.

The episode raises fundamental questions about how governments should respond when AI systems become powerful enough to transform cybersecurity. It tests whether frontier AI models should be regulated like software, dual-use technologies, or strategic national-security assets. It also exposes growing tensions between AI developers, cybersecurity practitioners, cloud providers, and policymakers over who should decide what constitutes an unacceptable level of risk.

For cybersecurity professionals, the stakes are especially high. Most cyber experts argue that the same capabilities that can help attackers identify vulnerabilities are also essential for defenders seeking to secure increasingly complex software ecosystems. The controversy therefore highlights a central challenge of the AI era: technologies that improve defensive security often improve offensive capabilities as well.

The Anthropic dispute is also significant because it represents one of the first major instances in which the federal government has intervened directly to restrict access to a frontier AI model based on cybersecurity concerns. Whether viewed as a necessary national security measure or a troubling precedent, the action provides an early glimpse of how governments may seek to control advanced AI capabilities in the future.

Finally, the reaction from Europe, India, and parts of the cybersecurity community demonstrates that the implications extend well beyond Anthropic. The episode has triggered debate over AI sovereignty, dependence on foreign AI providers, the future of vulnerability discovery, and America's role in shaping global access to advanced AI systems.

For those reasons, the Anthropic controversy deserves attention not merely as a company-specific dispute, but as an early test case for how governments, industry, and security professionals will navigate the emergence of increasingly capable AI systems. In short, what happened over the weekend is the first real-world collision between frontier AI cyber capabilities and US government authority.

Given the complexity of the debate and the importance of its outcome for how cybersecurity operates, Metacurity is presenting a timeline below for what happened and how we got here.

February to March 2026 — Growing tensions between Anthropic and the administration

On February 27, Defense Secretary Pete Hegseth designated Anthropic in a tweet as a supply-chain risk and barred use of its Claude chatbot within the Pentagon, in what the company called an unprecedented step given that no US company, much less a leader in the all-important field of artificial intelligence, had ever received this designation. The dispute stemmed in part from Anthropic's efforts to prevent government use of the technology for autonomous lethal weapons and mass domestic surveillance. Days later, the Defense Department formally designated Anthropic a supply chain risk, sparking litigation that is ongoing today. These tensions established a political backdrop that later influenced reactions to Anthropic's newest models.

April 7, 2026 — Anthropic launches Project Glasswing

Anthropic unveiled Project Glasswing, a cybersecurity initiative built around its powerful Mythos model, which it said could autonomously identify software vulnerabilities at scale. Access was restricted to a closed consortium that included major technology companies and security vendors such as Amazon, Microsoft, Apple, Google, Cisco, CrowdStrike, Palo Alto Networks, and the Linux Foundation. Anthropic claimed the model had already identified thousands of vulnerabilities, including flaws that had survived years of human review. The initiative was presented as a controlled effort to improve software security rather than a public release. The announcement signaled a potential transformation in vulnerability discovery, suggesting that AI could dramatically accelerate the process of finding security flaws.

June 2, 2026 — Glasswing expands dramatically

Anthropic announced a major expansion of Project Glasswing, adding 150 additional companies with a particular focus on critical infrastructure sectors including power, water, healthcare, communications, and hardware. Anthropic argued that successful attacks against many participating organizations could affect more than 100 million people. The expansion reflected growing confidence in AI-assisted vulnerability discovery and Anthropic's ambition to make AI a foundational part of defensive cybersecurity. It also raised concerns about whether software vendors and security teams could keep pace with a surge in newly discovered vulnerabilities.

June 9, 2026 — Anthropic releases Fable 5 and opens Mythos-class AI to the public

Anthropic unveiled Claude Fable 5, a public version of its previously restricted Mythos architecture, while keeping the more permissive Mythos 5 model limited to trusted cybersecurity and critical-infrastructure partners. The company described Fable 5 as its most capable public model to date, with major advances in software engineering, scientific research, visual reasoning, and complex knowledge work. What made the release significant was Anthropic's attempt to solve a problem that has increasingly confronted frontier AI developers: how to make highly capable models broadly available without exposing potentially dangerous cyber capabilities.

To accomplish that, Anthropic built a system of automated safeguards that redirected certain cybersecurity, biology, chemistry, and model-extraction requests to a less capable model. The company argued that these guardrails made it possible to release Mythos-level intelligence to general users while reducing the risk of misuse. However, early testing by security researchers suggested the filters may have been more aggressive than Anthropic acknowledged, sometimes blocking routine defensive-security and incident-response tasks. The release represented one of the industry's most ambitious attempts to commercialize powerful dual-use AI capabilities while containing their offensive potential.

At the same time, Anthropic expanded access to Mythos 5 through Project Glasswing, giving selected cybersecurity organizations and critical-infrastructure operators access to a version of the model with cyber-related restrictions removed. Anthropic described Mythos 5 as possessing the strongest cybersecurity capabilities of any publicly discussed model, including advanced vulnerability discovery and exploit-development assistance. The distinction between the heavily guarded public Fable 5 model and the more capable Mythos 5 model would become central to the controversy that erupted just days later.

June 11–12, 2026 — Security concerns emerge

Within days of the release, concerns began circulating inside the administration regarding whether Fable 5's safeguards could be bypassed. According to administration sources, Amazon researchers and reportedly five other companies informed the White House that they had demonstrated methods that allowed portions of the model's cybersecurity capabilities to be accessed despite guardrails. Amazon's findings were reportedly shared with senior administration officials, triggering concern that the model could be used to facilitate cyberattacks. The issue became particularly significant because Amazon was not merely an outside observer; it was also one of Anthropic's largest investors and a participant in Project Glasswing.

June 12–13, 2026 — White House intervention

Following Amazon's warning, and purportedly those of other companies, senior administration officials held emergency discussions about how to respond. Treasury Secretary Scott Bessent, White House Cyber Director Sean Cairncross, Commerce officials, and other senior personnel engaged in multiple calls with Anthropic CEO Dario Amodei. During those conversations, Anthropic argued that the reported bypasses were limited and did not amount to a broad jailbreak of the system. Administration officials remained unconvinced, believing they had sufficient evidence that the safeguards could be circumvented. The discussions revealed a fundamental disagreement about acceptable levels of risk in frontier AI systems.

June 13, 2026 — Export controls imposed on Fable 5 and Mythos 5

After Anthropic declined to withdraw the models voluntarily, the administration imposed sweeping export restrictions. The order barred foreign governments, companies, and individuals from using Fable 5 and Mythos 5. Anthropic concluded that compliance was impossible without disabling the models entirely because foreign nationals, including some of its own employees, would be covered by the restrictions. The action marked one of the most aggressive government interventions yet directed at a frontier AI model and demonstrated the administration's willingness to act rapidly when national security concerns arise.

June 13, 2026 — Anthropic shuts down access worldwide

Anthropic responded by disabling access to Fable 5 and Mythos 5 for all customers. The company argued that the government's concerns involved a limited technique that exposed only previously known, relatively minor vulnerabilities and noted that other publicly available models could achieve similar results. Anthropic maintained that no universal jailbreak had been found and disputed the characterization of the threat. The dispute highlighted a growing divide between government officials and AI developers over how dangerous advanced cybersecurity capabilities actually are.

June 14, 2026 — Cybersecurity leaders rally behind Anthropic

A coalition of prominent security researchers, CISOs, and industry executives publicly urged the administration to reverse the restrictions. Among just some of the prominent signatories to a letter sent to Commerce Secretary and Howard Lutnick and Sean Cairncross are:

Alex Stamos — former Facebook CSO, former Yahoo CISO, one of the most influential voices in cybersecurity policy and practice. He appears to have organized the effort.
Katie Moussouris — founder and CEO of Luta Security, creator of Microsoft's bug bounty program, and one of the leading figures in vulnerability disclosure.
Rachel Tobac — CEO of SocialProof Security and one of the cybersecurity industry's best-known social engineering experts.
Chris Wysopal — Veracode co-founder and one of the pioneers of application security and software vulnerability research.

The group argued that the capabilities cited by the government were not unique to Anthropic and could be replicated by other leading American, open-source, and even Chinese models. They warned that removing access to the most capable defensive tools would harm cyber defenders more than attackers and could weaken US technological leadership.

June 14, 2026 — White House signals Anthropic case is unique

As criticism mounted over the export restrictions, sources close to the administration indicated that the government was unlikely to impose similar controls on other frontier AI developers. According to those sources, officials viewed the Anthropic action as a response to the company's handling of vulnerabilities in Fable 5 and Mythos 5 rather than a broader crackdown on advanced AI models.

June 14–15, 2026 — Political attacks intensify

Administration allies, including Defense Secretary Pete Hegseth, used the controversy to renew criticism of Anthropic. Supporters of the restrictions portrayed the company as reckless and insufficiently responsive to national security concerns. Anthropic and its allies countered that the administration acted with little notice, limited evidence, and no transparent process. The fight evolved from a technical debate about model safeguards into a broader political conflict over AI governance.

June 14–15, 2026 — Global backlash and sovereignty debate

The shutdown immediately triggered debate in Europe and India, where Anthropic and other frontier AI providers had become deeply embedded in national AI strategies. Politicians, founders, and technology leaders argued that the episode demonstrated the risks of depending on AI systems controlled by foreign governments. Calls intensified for investment in domestic AI models, open-source alternatives, and sovereign AI capabilities. What began as a dispute over one company's cybersecurity safeguards rapidly became a global conversation about technological dependence and geopolitical control over advanced AI systems.

June 15, 2026 — Anthropic launches an effort to repair relations with the White House

In the days following the export-control order, Anthropic dispatched senior technical personnel to Washington to meet directly with White House officials in an effort to resolve the dispute that led to the shutdown of Fable 5 and Mythos 5. According to sources close to the company, Anthropic had also been holding virtual meetings with administration officials since the initial government outreach.