A letter. Not a crash.
At 5:21 pm on Friday 12 June 2026, Anthropic received a directive from the United States Commerce Department, signed by Secretary Howard Lutnick. The order cited national security authorities. It demanded that Anthropic suspend access to Fable 5 and Mythos 5 — its newest and most capable models — for any foreign national, anywhere in the world, including Anthropic’s own non-citizen employees.
Anthropic had no reliable way to wall those users off in real time. So it did the only thing compliance allowed: it pulled both models for everyone.
Not a crash. Not a hack. Not a court order after months of litigation. A letter, and a few hours, and a product that hundreds of millions of people had been using that morning was simply gone. As of publication, both models remain offline. Anthropic executives have been in Washington negotiating with the administration, and the company has said it is confident access will be restored in the coming days — but no date has been confirmed.
The political story — the breakdown of trust between Anthropic and the White House, the disputed jailbreak finding, the prior Pentagon dispute, the lawsuits — is well covered elsewhere. This article is about the organisations on the other end of that shutdown. The employers, HR teams, and practitioners who integrated a frontier AI tool into live business processes, and found the tool was no longer there.
Their obligations under the Employment Relations Act 2000 and the Privacy Act 2020 have not moved at all.
What happened, briefly
Anthropic had released Fable 5 and Mythos 5 on 9 June 2026. Within three days, Amazon had alerted the administration to a method of bypassing Fable 5’s safeguards — a potential jailbreak. The administration, already operating in a strained relationship with Anthropic following months of dispute over Pentagon AI use, concluded the risk was sufficient to act.
Anthropic says it was given 90 minutes to comply and received no prior warning of any specific national security concern. The letter did not provide specific details. The company reviewed what it believes was the basis for the directive and found the technique involved asking the model to read a codebase and identify software flaws — a capability, Anthropic argues, that is widely available from other models and used every day by security professionals.
The directive technically targeted foreign nationals. Because Anthropic could not segregate those users from everyone else in real time, the practical result was a global pulldown. An unknown number of organisations that had integrated Fable 5 into production workflows in the three days between launch and shutdown found those workflows throwing errors mid-run, without warning and without a remediation path that did not involve rebuilding pipelines on a different model.
Three exposures that were already there
The shutdown is the most dramatic expression of a problem that was present before 12 June. When Fable 5 first launched on 9 June, it came with three features that should have prompted an immediate governance conversation in any organisation using the tool in employment-related work.
Process integrity. Under s 103A of the Employment Relations Act 2000, the test is what a fair and reasonable employer could have done in all the circumstances. That test applies to process as much as outcome. An employer who cannot say which AI tool, running which model version, produced the analysis underpinning a redundancy selection is already in a weak position. If the vendor changes the model mid-process — through a classifier update, a silent routing change, or a full withdrawal — and nobody records the change, the employer cannot reconstruct the sequence of events that led to the decision. That is not a technology problem. It is a documentation failure wearing technology’s clothes.
Silent capability changes. Fable 5’s system card — a 319-page document released alongside the model — disclosed that when the model detected certain categories of request, it would quietly route to an older, less capable model. In some workflows, users were notified. In others, reportedly, they were not. Anthropic described it as a safety calibration and apologised for the calibration within a day. Either framing lands in the same place for an employer: the tool’s behaviour can change beneath you, for the vendor’s reasons, without your input and possibly without your knowledge. Reasonable reliance on an AI tool requires knowing the tool can change. Most AI use policies do not address this.
Data retention and confidentiality. Fable 5 required all conversations to be retained and reviewable for up to 30 days, with no zero-retention carve-out. Anthropic was transparent about the reason: the retention was a deliberate safety mechanism, allowing the company to research and mitigate jailbreak attempts. That explanation is credible, but it does not change what it means for an organisation that has entered employee information, investigation material, or commercially sensitive content into the tool. Under the Privacy Act 2020, Information Privacy Principle 5 requires agencies to protect personal information against loss, misuse, and disclosure — and that obligation extends to third-party providers who process personal information on the agency’s behalf. An employer who uses a tool with mandatory 30-day retention and active vendor review of that data should understand what they have agreed to, and whether the Privacy Act permits it for the particular information they have entered. The Courts of New Zealand GenAI Guidelines state the principle plainly: do not enter private, confidential, suppressed, or legally privileged information into an open AI platform. Fable 5’s retention terms gave that guidance a current, named illustration.
The structural lesson
These three exposures were present before the shutdown. The shutdown makes the structural point unavoidable.
A vendor can change the behaviour of a model. It can change the retention terms. It can change the capability envelope. And — as 12 June demonstrated — it can make the model unavailable entirely, for reasons that have nothing to do with your organisation, on a timeline measured in hours, with no prior warning and no certain return date.
None of those changes alter what a fair and reasonable employer is required to do under s 103A. None of them alter an organisation’s obligations under the Privacy Act. None of them give an employer a defence in an Employment Relations Authority proceeding.
The gap between what a vendor can do and what an employer is required to do is not theoretical. It is the space where personal grievances are brought and investigated. An employer whose AI-assisted process ground to a halt mid-consultation because the tool went offline — and who has no documentation of what the tool had produced before that point — is in a genuinely difficult position. “The vendor pulled the model” is not a s 103A answer.
What governance infrastructure actually means
Governance is often framed as policy. A document, a set of rules, an approval workflow. The Fable 5 and Mythos 5 episode illustrates why policy alone is not enough.
Governance infrastructure means the systems that allow an organisation to answer questions after something goes wrong. Which AI tool was used in this process? Which model version? What did it produce? Who reviewed it? What was the human decision, and how does it differ from the AI output? When did the vendor change the tool, and did anyone record that?
In practical terms, this means an AI Use Register that records not just which tools the organisation uses, but which model versions, under what terms, and with what review triggers for material vendor changes. It means Decision Records for any AI-assisted employment decision — capturing the AI input, the human review, and the final decision as contemporaneous entries, not retrospective summaries. It means treating a vendor change of terms — or a vendor-level shutdown — as an event that triggers a review of every employment process touching that tool, not a background fact to be noted and forgotten.
The Lex Praxis tagline says technology evolves and governance must keep pace. The harder version of that principle, which 12 June made vivid, is this: governance must also keep pace with vendor decisions you do not control and may not be told about.
There is a harder version of the governance argument that 12 June made visible. AI tools do not embed themselves into workflows dramatically. They arrive incrementally, each adoption decision seemingly reasonable, until the aggregate effect is that entire business processes depend on infrastructure that can disappear in an afternoon. That dependency will deepen. As AI becomes more capable and more embedded in how organisations actually operate, the cost of losing access — without warning, without recourse, without a certain return date — rises with it. This is not an argument against government oversight of frontier AI. It is an argument that the bar for exercising that oversight needs to be commensurate with what is now at stake. Organisations that made reasonable decisions in good faith about the tools they use deserve better than 90 minutes’ notice. So do the people those organisations employ.
A disclosure
The AI Output Auditor on this website is powered by the Claude API. Anthropic is a Lex Praxis vendor. This article draws on that relationship with the same analytical independence Lex Praxis applies to every governance question: the lesson here is structural, not a vendor critique. Anthropic disclosed the silent-routing behaviour in its system card, stated the reason for the retention policy openly, and cooperated with the administration to work toward restoring access. None of that changes the governance argument. Any vendor, however well-intentioned and transparent, can change your tool overnight.