Skip to main content

A Model Can Disappear Overnight. Plan Like It Will.

Gabe Hilado
Gabe Hilado
Founder and CEO, Zenpo Software Innovations

A model you build on can be switched off overnight, by someone who isn't your vendor, for reasons that have nothing to do with you. That's not a hypothetical anymore. It just happened.

On June 12, 2026, Anthropic disabled access to Claude Mythos 5 and Claude Fable 5 for all customers, following an export-control directive from the U.S. Commerce Department. Commerce Secretary Howard Lutnick sent a letter to Anthropic CEO Dario Amodei stating the models would be subject to export controls — requiring a license for "export, re-export or domestic transfer," and prohibiting access by foreign nationals inside or outside the United States, including Anthropic's own foreign employees. The government cited national security concerns, pointing to an alleged method of "jailbreaking" the models.

Anthropic's own description of the consequence is the part worth sitting with: "The net effect of this order is that we must abruptly disable Fable 5 and Mythos 5 for all our customers to ensure compliance." The company added that it believes the action is "based on a misunderstanding" and pledged to work toward restoring access. All other Anthropic models remain unaffected.

Set aside the policy fight, who's right about the jailbreak, and whether access comes back. Strip it down to what a business that was using Fable 5 experienced on June 12: a model their workflow depended on stopped existing, with no notice, on a timeline none of them controlled, for reasons that had nothing to do with their use of it. Existing sessions terminated with errors. That's the event. And it's a category of risk most AI adoption plans never priced in.

I had it for about eight hours

I want to make this concrete, because I lived the short version of it.

For roughly an eight-hour window, I had access to Fable 5, and I tried to put it to work on a clinical-trials SaaS we're building at Zenpo. Nothing sensitive — no PHI, no patient records, no medical decision-making. The data is the public kind: ClinicalTrials.gov listings, NLM public datasets, the openly available trial metadata anyone can pull. And Fable 5 wouldn't touch it. A guardrail kept blocking the work and bouncing me back to Opus 4.8 — which is an excellent model, but it wasn't the one I was trying to evaluate, and the refusal had nothing to do with anything I was actually doing. The mere proximity to "clinical trials" was enough to trip the rail, regardless of how public the data was.

So I pointed it at something else: an upcoming Microsoft Marketplace product we're developing, where I needed the full commercial-transaction flow wired up — free trial, license check, subscription management, and in-app purchase. I gave it one prompt. Fable 5 orchestrated thirty subagents and solved the whole experience in a single shot. Not a scaffold I'd spend a week finishing — the trial, the license-check, the manage-subscription, and the buy-in-app flow, coordinated across thirty parallel workers, from one prompt. I'd never watched a model decompose and execute work at that scale that cleanly. It was the most capable thing I'd put my hands on.

And the next day, it was gone.

That's the whole risk in one personal story. The model I most wanted couldn't be used where I needed it most, because of a guardrail I didn't control. The place it did deliver something genuinely remarkable, it delivered exactly once — and then a directive I had no part in, aimed at the vendor and not at me, took it off the table before I could build anything durable on it. Eight hours of access, one extraordinary result, and zero ability to count on any of it. If I'd wired that Marketplace flow to depend on Fable 5 specifically, June 12 would have been the day my product stopped working.

This is a new kind of model risk

The risks people plan for with AI vendors are the familiar ones, borrowed from how software has always behaved.

A model gets deprecated — but deprecation comes with a sunset window, migration notes, and time to move. A model gets repriced — annoying, sometimes expensive, but you see it coming and you can budget or switch. A model gets worse at your task after an update — you notice in evals and roll back or adapt. The provider has an outage — frustrating, but it ends, and you design retries around it. Every one of these is a known shape. Each gives you something to plan against: notice, a window, a fallback, an SLA to point at.

What happened to Fable 5 fits none of those shapes. There was no sunset window because the directive didn't care about one. There was no migration path because compliance was immediate. There was no price to negotiate and no outage to wait out. The vendor didn't choose it and couldn't refuse it. A government directive arrived, and a capability your business treated as infrastructure became unavailable the same day — for the vendor's entire customer base at once.

That's the new shape, and it's worth naming precisely: model availability is a dependency you don't control, and it can be revoked by a party who isn't in your contract. Your agreement is with Anthropic. The directive came from Commerce. No SLA, no enterprise tier, and no amount of spend changes that, because the constraint lives a level above the commercial relationship. You can't negotiate your way out of a regulation aimed at your vendor.

Why "just use a different model" is harder than it sounds

The obvious reaction is that this is fine — models are interchangeable, swap one for another. Sometimes that's true. Often it isn't, and the reasons are exactly the ones that make a switch hard precisely when you're forced into it.

Start with behavioral coupling. A workflow that's been tuned against a specific model isn't just calling an API — it's relying on that model's particular way of following instructions, its formatting habits, its failure modes, the prompts that were iterated until they worked. The prompts that produce reliable output on one model don't transfer cleanly to another. Swapping models isn't a config change; it's a re-validation of every prompt, every output format, and every downstream step that assumed a particular shape of response.

Then there's capability fit. Teams adopt a specific model because it was the one that cleared the bar for their task — the cheaper or more available alternative was the one they already rejected. "Fall back to another model" can mean "fall back to the option that wasn't good enough," which is a degraded service, not a continuity plan.

And in regulated contexts, there's validation debt. If you operate under a framework that requires you to know and document how a system behaves, the model isn't a swappable part — it's a validated component. Substituting it isn't a swap; it's a change that has to be tested, documented, and approved before it's allowed in production. The faster you're forced to switch, the more of that discipline gets skipped under pressure — and skipped validation in a regulated environment is its own finding, separate from the outage that caused it.

So "just use a different model" is a real answer, but only if you built the ability to do it before you needed it. Done in advance, it's an architecture decision. Done under a directive that landed this morning, it's a fire drill — and fire drills are where the corners get cut.

The dependency was always there. The directive just made it visible.

Here's the uncomfortable part: nothing about the underlying risk was created on June 12. The dependency existed the entire time. The directive only made it legible — the same way an audit doesn't create the control gaps it finds, it just surfaces the ones that were already there.

This is the same failure mode that shows up with low-code platforms in regulated environments and with generated apps that nobody owns: the tool optimizes for time-to-first-result, the organization gets the result, and the dependency it took on to get there stays invisible until the day it isn't. A model wired directly into a workflow with no abstraction between them is the same bet — that the thing you don't control will keep behaving the way it does today. The bet usually pays off. The cost of being wrong is the part nobody put on the slide.

What's specific about model dependency is how cleanly it hides. A model that works is the most invisible dependency there is — it just answers, every time, and the workflow built on top of it looks like your system. It doesn't feel like a third-party component you're exposed to. It feels like a capability you have. Fable 5 going dark is a reminder that the capability was always rented, on terms that could change above your head, and that "it's been reliable so far" was never the same as "you control it."

What continuity actually requires

The response isn't to avoid the best models, hedge into mediocrity, or treat every vendor as a threat. The best model for a task is usually worth using. The discipline is in how you build around it, so that depending on it doesn't mean being unable to function without it.

Put a seam between your workflow and the model. The single most valuable thing here is an abstraction layer — your own interface that your application talks to, with the specific model behind it as an implementation detail you can change. When the model behind the seam disappears, you're editing one boundary, not excavating model-specific assumptions out of forty integration points. This is ordinary engineering hygiene; what the Fable 5 event does is move it from "nice to have" to "the thing that determines whether an overnight switch-off is an afternoon or a quarter."

Know your real fallback, and know it's real. Not "there are other models" in the abstract — a specific, named alternative you have actually run your workload against, with eyes on the output. If you've never tested the fallback, you don't have a fallback; you have a hope. The time to find out whether the second-choice model clears your bar is before the first-choice one is switched off, not during the incident. And availability isn't only about whether the model exists — it's about whether its guardrails will let you do the work. I couldn't use Fable 5 on public clinical-trials data not because the model was down, but because a rail decided the domain looked risky and bounced me to another model. "Available" and "usable for my task" are two different tests, and both belong in your evaluation.

Match your validation discipline to your stakes. For a low-stakes internal task, direct dependency on one model is fine — if it vanishes, you adapt in an afternoon and the cost is an afternoon. For a workflow that touches sensitive data, an approval, a compliance process, or an operational record, the model is a validated component, and the continuity plan — alternative identified, swap procedure tested, change documented — has to exist before the workflow goes to production, not get improvised after a directive lands. The higher the stakes, the less you can afford to discover the dependency in the incident.

Separate the capability from the provider in how you plan. "We use AI for X" is the durable commitment. "We use this exact model for X" is an implementation choice that should be allowed to change without breaking X. Plans that conflate the two are the ones that turn a model becoming unavailable into a business becoming unable to operate. Plans that keep them separate turn the same event into a swap.

What this means for buyers

The lesson of June 12 isn't which AI vendor to trust or distrust. Anthropic didn't choose this and couldn't have prevented it; another provider could face a directive tomorrow for entirely different reasons. Picking a "safer" vendor isn't the move, because the risk doesn't live in the vendor. It lives in the dependency — and the dependency is structural, regardless of whose name is on it.

So the right question isn't "is this model going away?" Nobody can answer that, and the people who could didn't give the businesses on Fable 5 any warning. The right question is: if the specific model we depend on became unavailable this morning, what would it cost us, and how fast could we recover? If the answer is "an afternoon," you've built the seam and you have a tested fallback, and the directive is someone else's problem. If the answer is "we'd be down until we figure it out," the dependency was load-bearing and ungoverned, and the only reason you hadn't paid for it yet is that nothing had pulled the model out from under you.

Until June 12, that was a comfortable thing to assume would never happen. It's not comfortable anymore, because it just did — to every customer of two models, on the same day, with no notice. The model came back into the conversation as something that can be switched off above your head. Build as if any single one can be, because the one thing this event settled is that the assumption it can't was never safe.

A model is a capability you rent, not a capability you own. Plan continuity for the day the lease ends without warning — because for two models, on June 12, it did.

What happened with Claude Fable 5 and Mythos 5?

On June 12, 2026, Anthropic disabled access to Claude Mythos 5 and Claude Fable 5 for all customers, following an export-control directive from the U.S. Commerce Department. Commerce Secretary Howard Lutnick's letter to CEO Dario Amodei placed both models under export controls — requiring a license for export, re-export, or domestic transfer, and barring access by foreign nationals. Anthropic said the order forced it to abruptly disable both models for every customer to ensure compliance, called the action a "misunderstanding," and said it would work to restore access. All other Anthropic models remained available.

Why is this different from a model being deprecated?

Deprecation comes with notice, a sunset window, and a migration path. The Fable 5 and Mythos 5 shutoff had none of those — it was immediate, driven by a government directive the vendor couldn't refuse, and applied to the entire customer base at once. It's also outside the commercial relationship: the directive came from the Commerce Department, not Anthropic, so no SLA, enterprise tier, or contract term protected against it. That combination — no notice, no window, no negotiating party — is a different category of risk from the deprecation, repricing, and outage scenarios most plans account for.

Can't you just switch to a different model?

Sometimes, but it's harder than it sounds, and hardest exactly when you're forced into it. Workflows get tuned to a specific model's behavior, so prompts and output handling don't transfer cleanly. Teams often chose a model because the alternatives weren't good enough, so a fallback can mean degraded service. And in regulated environments, the model is a validated component, so substituting it requires testing, documentation, and approval. Switching is feasible if you built the ability in advance; done under pressure, it becomes a fire drill where validation gets skipped.

How should a business reduce model-dependency risk?

Put an abstraction layer between your workflow and the specific model so you can change the model behind a single seam. Identify and actually test a real fallback model against your workload before you need it. Match your continuity discipline to your stakes — low-stakes tasks can depend directly on one model, but anything touching sensitive data, approvals, or compliance needs a tested swap procedure documented before production. And in your planning, treat "we use AI for X" as the commitment and "we use this exact model" as a changeable implementation detail.

Is the lesson to avoid Anthropic or pick a safer vendor?

No. Anthropic didn't choose this and couldn't have prevented it, and a different provider could face an unrelated directive tomorrow. The risk doesn't live in any particular vendor — it lives in the structural dependency on a single model you don't control. Picking a different vendor relocates the same risk without removing it. The durable fix is architectural: build so that any single model becoming unavailable is a swap you can execute quickly, not an outage that takes your business down with it.