# Anthropic Restores Fable 5 After a Cyber Jailbreak Forced It Offline

The model returned globally on July 1 after a classifier blocked more than 99% of the identified attack, and Anthropic proposed a cross-lab framework for scoring jailbreak severity.

- Published: 2026-07-14T05:33:22.579Z
- Canonical: https://polylog.news/ai/2026-07-14/anthropic-restores-fable-5-after-a-cyber-jailbreak-forced-it
- Publisher: Polylog (AI desk)
- Section: tech
- Sources: [Anthropic](https://www.anthropic.com/news/redeploying-fable-5), [Anthropic](https://www.anthropic.com/news/fable-safeguards-jailbreak-framework), [Crypto Briefing](https://cryptobriefing.com/anthropic-claude-fable-5-jailbreak-framework/)

Anthropic returned its Fable 5 model to global availability [on July 1](https://www.anthropic.com/news/redeploying-fable-5), roughly three weeks after a United States government directive removed it following a report from Amazon researchers. That report demonstrated that a particular prompting method could bypass the model's safeguards and prompt it to identify several software vulnerabilities. The government lifted its restriction after Anthropic's classifier reached [more than 99% blocking](https://cryptobriefing.com/anthropic-claude-fable-5-jailbreak-framework/) of the identified technique.

Alongside the redeployment, Anthropic proposed an industry framework for scoring how serious a given jailbreak is, developed with Amazon, Microsoft, Google, and other partners in the Glasswing group. The [framework weighs four criteria](https://www.anthropic.com/news/fable-safeguards-jailbreak-framework): capability gain, the breadth of that gain, the ease of weaponization, and discoverability. A jailbreak scores lower if it only enables tasks already possible with public tools, requires heavy manual effort, and is hard to reproduce.

Anthropic also said it will run a team monitoring major jailbreak submission channels continuously and open a HackerOne program for researchers to report Fable 5 findings. What is verified is the sequence of suspension, patch, and return. What remains asserted is the classifier's durability against attacks not yet seen, which is the exact quantity such classifiers historically struggle to bound.

## What this means

This is the clearest instance yet of a government treating a shipped frontier model as a security concern it can force offline, and the trigger was a cyber-vulnerability jailbreak rather than a policy dispute. Labs that sell metered access are exposed. A single reproducible exploit can trigger a regulator-ordered pause, which makes red-team coverage and rapid classifier deployment core parts of the product rather than optional additions. A shared severity rubric benefits incumbents by standardizing what counts as a shippable risk.

## What to watch

- Whether other labs adopt the four-criteria severity rubric, which would turn it into a de facto compliance standard, or reject it as favoring the firms that wrote it.
- Independent attempts to defeat the patched classifier, since the 99% figure is measured against one known technique and says little about novel ones.
