Within two weeks in June 2026, two of the most capable AI models in the world were pulled from general access — not for technical reasons, but by order of the US government. First Anthropic disabled its new Claude Fable 5 and Claude Mythos 5 models, three days after launch. Two weeks later, OpenAI launched its new flagship GPT-5.6 only as a government-cleared preview for a handful of vetted organizations.
For companies in Germany, Austria and Switzerland, this is more than a footnote from Silicon Valley. It is a precedent: frontier AI models are becoming export-controlled goods. Anyone who builds a production solution on a single US model is taking on a risk that few had on their radar. This article explains what happened and shows what conclusion EU companies should draw from it.
What Happened to Claude Fable 5 and Mythos 5
On 9 June 2026, Anthropic released two models of the new Mythos class: Fable 5 (claude-fable-5) with safety guardrails for production scenarios, and the access-restricted Mythos 5 (claude-mythos-5) without a safety classifier, which originates from the cybersecurity initiative Project Glasswing. Its predecessor, Mythos Preview, had already found thousands of previously unknown zero-day vulnerabilities, including a 27-year-old flaw in OpenBSD.
Three days later, on 12 June 2026, the US government issued an export-control / national-security directive. It prohibited access to Fable 5 and Mythos 5 for any foreign national — inside or outside the US, and explicitly including Anthropic’s own foreign-national employees. Because a user’s nationality cannot be verified in real time at the API layer, Anthropic had only one option left: switching off both models for all customers worldwide. Anthropic disclosed the matter the same day.
The background is an escalating dispute between Anthropic and the US government. The Pentagon had demanded unrestricted access to Claude; Anthropic refused two uses: fully autonomous weapons systems and the mass surveillance of US citizens. As the formal trigger, the government cited an alleged jailbreak of Fable 5. Anthropic disagreed: it had been a narrow, non-universal case that exposed only already-known, minor vulnerabilities — no reason to recall a commercial model.
The 26 June Update: Partial Reversal — US Only
On 26 June 2026, US Commerce Secretary Howard Lutnick partially lifted the directive. Mythos 5 was re-enabled for a defined list of more than 100 vetted US critical-infrastructure organizations — government agencies and private companies. Fable 5, by contrast, remains offline for all users worldwide. General users, foreign nationals and EU customers still have no access to either model. The clearance is explicitly limited to the vetted US cohort, and the criminal and civil penalties of the original directive remain in force.
Important for context: the other Claude models are unaffected. Claude Opus 4.8, Sonnet 4.6 and Haiku 4.5 remain available across all major platforms in EU regions. Following the withdrawal of Fable 5, Opus 4.8 is once again the most capable available Claude model. Details on our model page for Anthropic Claude.
GPT-5.6: Same Pattern, Different Mechanics
Just two weeks later, the basic pattern repeated at OpenAI. On 26 June 2026, OpenAI announced GPT-5.6, with a new naming scheme of three durable capability tiers:
- GPT-5.6 Sol – the flagship, focused on coding, cybersecurity and science. It reaches 88.8 percent on Terminal-Bench 2.1, and 91.9 percent with the new Ultra mode (orchestrated subagents).
- GPT-5.6 Terra – the balanced tier, roughly GPT-5.5 quality at half the cost.
- GPT-5.6 Luna – the fast, affordable tier.
Technically, GPT-5.6 would be a clear leap. But OpenAI released it only as a limited preview. At the request of the US government, access is initially restricted to around 20 individually vetted organizations — no public waitlist, no self-service. GPT-5.6 is exposed only in the API and in Codex, not in ChatGPT. General availability is promised “in the coming weeks,” but there is no firm date.
Here, too, the trigger is the model’s cybersecurity performance: according to OpenAI, Sol reached around 96.7 percent on an internal cyberattack benchmark, crossing the “High” risk threshold of its in-house Preparedness Framework. Clearing individual customers happens in coordination with the Office of Science and Technology Policy (OSTP), the Office of the National Cyber Director (ONCD) and the US Department of Commerce — reporting describes a logic that effectively treats API access like an export. OpenAI has publicly objected, stating it does not believe such a government access process should become the long-term default.
The difference from the Anthropic episode is the mechanics. Anthropic had to shut its models off worldwide; OpenAI starts from the outset with only a small, government-curated circle. The result for EU companies is the same: no access. The highest OpenAI frontier model deployable in EU regions therefore remains GPT-5.5. More on our model page for OpenAI GPT.
The Common Thread: AI Models Are Becoming Export-Controlled Goods
Two different providers, two different procedures, the same core: the most capable AI models are no longer self-evidently accessible to everyone. The US government treats frontier-grade cyber capabilities like dual-use goods and regulates access via national-security and export-control logic. Three points are decisive in practice:
First: it hits the performance leaders. The restrictions did not target arbitrary models, but the strongest ones in each case. The threshold is the cyber risk assessment — precisely the capability that makes advanced agentic workflows so attractive is what makes a model worthy of regulation in the authorities’ eyes.
Second: the providers are not in control of the process. By its own account, Anthropic received only verbal notice and had to act within hours. OpenAI objects publicly but complies. Anyone building on a single model depends on decisions that neither their own company nor the model provider controls.
Third: EU customers are structurally disadvantaged. The restriction is tied to nationality. Even if a technical deployment exists in an EU region, a foreign-national clause excludes European users. For Fable 5 and Mythos 5, a second, independent obstacle is added: Mythos-class models offer no zero-data-retention option, which would make GDPR-compliant use difficult anyway.
What This Concretely Means for EU Companies
The popular notion is: you pick the best available model and build your AI application on it. The events of June 2026 show why this logic is fragile. A model that is the gold standard today can disappear by order tomorrow — overnight, with no transition period, with no way for the provider to intervene. Anyone who has hard-wired their chatbots, agents or internal assistants to a single model ID is left without a solution in that case.
Add to that predictability. Roadmaps that budget around “once GPT-5.6 is available in the EU” are no longer a solid basis. As long as access hangs on government clearance processes, the date is open. For a company planning budgets and releases, that is a real risk.
The conclusion is not to forgo AI. It is to build the architecture so that no single model becomes a single point of failure.
The Answer: Model-Agnostic and Data-Sovereign
This is exactly where our approach with CompanyGPT comes in. Instead of hard-wiring applications to one model, inference runs through a routing layer that knows multiple models and providers — operated in your own cloud environment with EU endpoints.
This yields two protective mechanisms:
Model agnosticism. If a model is pulled at short notice — as Fable 5 recently was — the platform switches to another available model. A simple classification task goes to Haiku 4.5, a demanding agentic workflow to Opus 4.8 or an equivalent model from another provider. The application itself does not need to be touched.
Data sovereignty. Requests and data never leave the EU region you chose and do not end up with the model provider. This is not only a GDPR question but also one of independence: whoever controls the infrastructure is less vulnerable to short-notice access decisions by third parties.
For most companies in the DACH region, this is the pragmatic lesson from June 2026. The more interesting question is not “Which is the best model?” but “How do I ensure my operations keep running even if the best model is no longer available tomorrow?” Anyone who sets up a sound AI strategy and clean AI compliance treats model selection as an interchangeable building block — not as a foundation.
Conclusion
GPT-5.6 and Claude Fable 5 mark a turning point: the most capable AI models are no longer freely available tools but geopolitically regulated goods. For EU companies, this concretely means both models are unusable, and similar restrictions are more likely in the future, not less.
The right response is not panic, but architecture. A model- and provider-agnostic, data-sovereign setup turns model selection into configuration rather than dependency. You continue to use the best available option at any time — and stay operational when access changes overnight.
Want to set up your AI applications independently of individual models and providers? Talk to us about a data-sovereign setup with CompanyGPT.