US Government Authorises Mythos 5 Redeployment on 27 June 2026
On 27 June 2026, the US government notified Anthropic that Claude Mythos 5 — one of the most capable cybersecurity AI models deployed to date — could be redeployed to a defined set of organisations that operate and defend critical infrastructure in the United States. More than 100 verified organisations across energy, healthcare, financial services, and telecommunications received clearance to resume access, ending a fifteen-day suspension that had halted one of the most consequential security tools in the commercial AI industry. Commerce Secretary Howard Lutnick, the same official who had ordered the original suspension on 12 June 2026, issued the new authorisation.
The Suspension: What Triggered the 12 June Shutdown
Anthropic suspended access to both Claude Fable 5 and Claude Mythos 5 on 12 June 2026, three days after Fable 5 launched publicly, following an emergency export-control directive from Commerce Secretary Lutnick. The trigger was a report brought to the White House by Amazon's security team describing a jailbreak capable of bypassing Fable 5's safety measures. The directive ordered Anthropic to suspend access for all non-US users anywhere in the world, including Anthropic's own non-US employees. Mythos 5, which had been in a separate gated access programme since April 2026, was suspended alongside Fable 5 under the same order. For the more than 40 organisations already inside the Glasswing access programme, the suspension ended active security work that the model had been conducting on their behalf.
Project Glasswing and the Scope of the Restoration
Anthropic had been distributing Claude Mythos 5 through Project Glasswing, a curated industry consortium of organisations authorised to access the model's advanced cybersecurity capabilities under monitoring agreements. Named Glasswing members include Apple, Google, Cisco, Nvidia, and Microsoft, alongside more than forty cybersecurity firms and critical software maintainers. The June 27 authorisation substantially broadens the Glasswing framework, extending access to more than one hundred US critical infrastructure operators and defenders in energy, healthcare, financial services, and telecommunications — sectors where autonomous vulnerability discovery has direct national security relevance. Defenders within these sectors can now use Mythos 5 to identify vulnerabilities at machine speed rather than waiting for the slower pace of human-led security research.
What Mythos 5 Can Do for Security Teams
Claude Mythos 5's cybersecurity capabilities are qualitatively different from commercially available AI security tools that preceded it. In assessments conducted before launch, the model achieved a 72 per cent success rate in generating working exploits and chaining vulnerabilities on the first attempt, compared to zero per cent for the previous Claude Opus 4.8 model on the same benchmark. Mythos 5 uncovered a 27-year-old vulnerability in OpenBSD and a 16-year-old flaw in the FFmpeg media framework during its evaluation period, as well as chained Linux kernel exploits capable of full privilege escalation. The model can autonomously identify zero-day vulnerabilities across major operating systems and browsers, execute multi-step vulnerability analysis without requiring human intervention at each stage, and produce actionable remediation guidance alongside each discovered flaw. This combination of discovery speed and autonomous chaining represents a step change over what security teams could achieve with either human researchers alone or earlier-generation AI tools.
Claude Fable 5: Still Suspended, Return Expected Imminently
Claude Fable 5, Anthropic's most capable general-purpose model, remains suspended for all users as of 30 June 2026. Reporting from Axios dated 27 June indicates that the Trump administration expects to restore broader Fable 5 access imminently, with Pentagon and NSA sign-off identified as the remaining step. Anthropic has not provided a confirmed restoration timeline. For enterprise teams that built workflows on Fable 5 in the three days between its launch on 9 June and its suspension on 12 June, the outage has now extended past two weeks. Claude Opus 4.8 and the other Anthropic API models unaffected by the export-control order remain available as production fallbacks.
What This Means for Indian Security and Enterprise Teams
The Mythos 5 restoration authorises access for US critical infrastructure organisations only, and Indian organisations are not within scope of the current clearance. However, the episode carries practical implications for Indian enterprise teams on two levels.
The first is awareness of a new category of AI security tooling. Mythos 5 demonstrates that AI models can now autonomously discover vulnerabilities at a pace and scale that previously required large, senior security research teams. Indian cybersecurity firms, banking organisations, and enterprises managing large software estates should monitor the trajectory of Glasswing expansion to non-US partners as the programme matures. The 72 per cent first-attempt exploit success rate is a benchmark that will inform how enterprise security teams globally are staffed and what tools they are expected to use.
The second implication is architectural. The June 2026 suspensions and staged restorations signal that the US government treats frontier AI models as strategic assets subject to evolving access controls, comparable to dual-use technology. Indian organisations planning multi-year AI strategies that depend on access to US frontier models should build technology architectures capable of switching between frontier API models and locally deployable alternatives. Dependency on a single frontier model provider carries regulatory risk that was not a material consideration before the first half of 2026.
The Bottom Line
On 27 June 2026, the US government cleared Anthropic's Claude Mythos 5 for redeployment to more than 100 critical infrastructure organisations across energy, healthcare, financial services, and telecommunications. Commerce Secretary Howard Lutnick authorised the restoration, ending a fifteen-day suspension ordered on 12 June following a Fable 5 jailbreak report. Mythos 5 achieves a 72 per cent first-attempt exploit generation success rate, discovered a 27-year-old OpenBSD vulnerability and a 16-year-old FFmpeg flaw, and can autonomously identify zero-day vulnerabilities at machine speed. Claude Fable 5 remains suspended with Pentagon and NSA sign-off pending. For Indian enterprise teams, the episode is a signal to build AI architectures resilient to evolving US access controls on frontier models.
Frequently Asked Questions
Why was Claude Mythos 5 suspended and when was it restored?+
Claude Mythos 5 was suspended on 12 June 2026 under an emergency export-control directive issued by US Commerce Secretary Howard Lutnick, alongside Claude Fable 5. The trigger was a report from Amazon's security team about a jailbreak capable of bypassing Fable 5's safety measures, which led the US government to order suspension of access for all non-US users worldwide, including Anthropic's own non-US employees. On 27 June 2026, Lutnick issued a new authorisation clearing Mythos 5 for redeployment to more than 100 US organisations that operate and defend critical infrastructure, ending the fifteen-day suspension.
What is Project Glasswing and which organisations are part of it?+
Project Glasswing is Anthropic's curated industry consortium through which Claude Mythos 5 is distributed to organisations authorised to use its advanced cybersecurity capabilities under monitoring agreements. Named Glasswing members include Apple, Google, Cisco, Nvidia, and Microsoft, along with more than forty cybersecurity firms and maintainers of critical software infrastructure. The June 27 restoration extended the Glasswing framework to more than 100 additional US critical infrastructure operators across energy, healthcare, financial services, and telecommunications — significantly broadening the number of organisations with authorised access to the model.
What can Claude Mythos 5 actually do for security teams?+
Claude Mythos 5 can autonomously discover software vulnerabilities across major operating systems and web browsers, generate working exploits and chain vulnerabilities on the first attempt with a 72 per cent success rate, and produce actionable remediation guidance alongside each discovered flaw. In pre-launch assessments, the model found a 27-year-old vulnerability in OpenBSD, a 16-year-old flaw in FFmpeg, and chained Linux kernel exploits capable of full privilege escalation — findings that would previously require large, senior security research teams working over extended periods. The model's ability to conduct multi-step vulnerability analysis without human intervention at each stage represents a qualitative step change in AI-assisted security tooling.
What does the Mythos 5 export control situation mean for Indian enterprise teams?+
Indian organisations are not within scope of the current Mythos 5 access authorisation, which covers US critical infrastructure operators only. However, the episode has two broader implications. First, it establishes that a new category of AI security tooling — autonomous zero-day vulnerability discovery — now exists commercially, and Indian cybersecurity firms and regulated enterprises should monitor how Glasswing access expands to non-US partners. Second, the US government's willingness to suspend commercial AI model access under export-control authority signals that frontier model availability is not a guaranteed constant. Indian teams building on US frontier models should design architectures that can switch between providers or fall back to locally deployable alternatives to reduce access-dependency risk.
Written by
TechPillow Team
Sharing insights on technology, product development, and the Indian tech ecosystem.