The three-tier access architecture did not last a month. It did not last a week. Four days after Washington drew the lines around Anthropic's most capable models, the Commerce Department lifted them and kept the authority to redraw them.
That is the signal enterprise security leaders should not miss.
On June 12, Anthropic disabled access to Fable 5 and Mythos 5 after a U.S. Commerce Department order restricted access by foreign nationals. The company did not have a real-time way to verify nationality across its global customer and workforce base, so the safest compliance action was to take both models offline. Security teams that had started building workflows around Fable 5 suddenly learned that frontier-model access is not only a vendor availability issue. It is now a policy dependency.
On June 26, the government partially reversed the restriction. Mythos 5 returned only to selected trusted U.S. organizations, while Fable 5 remained unavailable to general users. That created the tiered access structure ATB identified as the new operating pattern: government-cleared access, commercial access, and open-weight exposure. For a short window, that structure looked like the architecture enterprise security teams would have to plan against.
On June 30, the Commerce Department lifted export controls on both Fable 5 and Mythos 5 together, closing the gap the June 26 partial approval had left open. Anthropic confirmed that Fable 5 would return globally beginning July 1 across the Claude Platform, Claude.ai, Claude Code, and Claude Cowork, with access on AWS, Google Cloud, and Microsoft Foundry restored as quickly as possible. Mythos 5 was cleared under the same action, no longer limited to the narrower critical-infrastructure lane the June 26 approval had opened. The restoration announcement is confirmed. The operating details still matter: who regains access, under what safeguards, on what timeline, and whether the same authority can restrict access again.
That last question is not theoretical. In a letter seen by Reuters, Commerce Secretary Howard Lutnick said Commerce reserved the right to reevaluate its decision and reimpose licensing requirements if circumstances change or if Anthropic fails to meet its commitments. In other words, the access regime did not disappear. It became conditional.
The reversal did not happen because the original risk vanished. Reuters reported that the June 12 order followed Amazon researchers identifying a way to bypass Fable 5 safeguards, allowing the model to identify software vulnerabilities and, in one case, generate code demonstrating how a vulnerability could be exploited. Anthropic says it has now implemented a safeguard that blocks that behavior and routes blocked requests to Opus 4.8. The company also acknowledged a harder reality that security leaders already understand: no frontier model can be made fully immune to jailbreak pressure.
That is why this event should not be read as a simple restoration story.
The governance failure is not only that access can be revoked. It is that frontier capability can move from commercial availability to emergency restriction to partial restoration to conditional general restoration without a codified process enterprise security teams can plan against. The model may be available today. The legal posture may change next week. The security controls may shift again after the next jailbreak report, red-team finding, or government review.
OpenAI's GPT-5.6 Sol rollout reinforces the same pattern from the other direction. OpenAI delayed full public release at the U.S. government's request and limited early access to a small group of vetted partners. OpenAI's position was clear: safety testing is reasonable, but government selection of customers should not become the default. Anthropic shows directive-driven restriction and conditional restoration. OpenAI shows request-driven restricted rollout. Together, they point to the same enterprise reality: access to frontier cyber-capable models now depends on government-lab coordination that customers do not control.
That changes vendor risk.
Most enterprise AI procurement still evaluates model providers as if access status is a fixed input. Capability, cost, privacy posture, contractual terms, data retention, security controls, support model. Those questions still matter. They are no longer sufficient. Security leaders now need to treat frontier-model access status as a monitored variable in the vendor risk register.
If a model supports vulnerability discovery, security triage, malware analysis, code review, incident response, or threat intelligence enrichment, the enterprise should know whether that model could fall into a covered frontier category, a restricted access lane, a government-reviewed rollout, or a conditional export posture. That status should not live in a procurement memo. It should be tracked like dependency risk.
The contractual layer needs the same review. Many enterprise agreements contain "compliance with law" and force majeure language that gives vendors room to suspend service when a legal requirement changes. That language may be ordinary contract plumbing. In this capability class, it becomes an operational continuity risk. A model outage caused by a data center failure and a model outage caused by a government access restriction may look the same to a SOC workflow that depends on the output. They are not governed the same way.
The practical questions are direct.
Which AI models in your security stack would create operational exposure if access changed with less than one week of notice? Which workflows depend on model-specific behavior rather than vendor-platform availability? Which contracts require notice when government action, export control, national security review, or lab-imposed safeguards affect access? Which fallback model preserves enough capability for the workflow to continue? And who inside the enterprise owns the decision to accept a frontier-model dependency when the access tier is outside the company's control?
The access war did not end when Commerce lifted restrictions on Fable 5 and Mythos 5. It entered a more unstable phase. Enterprise security leaders now have to treat frontier-model access as a conditional operating dependency, shaped by government action, lab safeguards, and revocation authority outside the customer's control.
That is the framework.
The next access restriction will not arrive as a policy debate. It will arrive as a production dependency failure. The organizations that understand that now will design AI governance around control-plane reality, not vendor availability assumptions.
∞ The AI Threat Brief | AI Security Intelligence for Leaders