# Anthropic Publishes a Cross-Industry Jailbreak Severity Scale After a 19-Day Export-Control Suspension

The Cyber Jailbreak Severity framework, built with Amazon, Microsoft and Google, rates attacks from CJS-0 to CJS-4 on exponential bands modeled on the CVSS software-vulnerability standard.

- Published: 2026-07-15T05:45:50.502Z
- Canonical: https://polylog.news/ai/2026-07-15/anthropic-publishes-a-cross-industry-jailbreak-severity-scal
- Publisher: Polylog (AI desk)
- Section: geopolitics
- Sources: [Anthropic News](https://www.anthropic.com/news/redeploying-fable-5), [Let's Data Science](https://letsdatascience.com/news/anthropic-proposes-cross-industry-framework-for-scoring-ai-j-8da00d16), [TechTimes](https://www.techtimes.com/articles/319658/20260703/ai-model-safety-standards-deal-targets-august-1-five-labs-adopt-first-jailbreak-scoring-scale.htm)

Anthropic has [redeployed its Fable 5 model](https://www.anthropic.com/news/redeploying-fable-5) and, alongside it, proposed an industry-wide scale for scoring the severity of AI jailbreaks, developed with Amazon, Microsoft, Google and other partners in its Glasswing group. The framework, the Cyber Jailbreak Severity scale, rates a jailbreak from CJS-0 (informational) to CJS-4 (critical).

The design is based directly on established security practice. Per [Let's Data Science](https://letsdatascience.com/news/anthropic-proposes-cross-industry-framework-for-scoring-ai-j-8da00d16), the scale scores four axes, capability gain, breadth of that gain, ease of weaponization, and discoverability, and its bands are exponential rather than linear, so each step represents several times more real-world risk than the one below. It is explicitly modeled on the Common Vulnerability Scoring System (CVSS) that traditional software security has used for years.

The context is what makes this more than a classification system. The framework followed a US Commerce Department export-control order that pulled Fable 5 and Mythos 5 offline worldwide for 19 days, from June 12 to July 1, after Amazon researchers found a jailbreak. [Five labs are targeting August 1](https://www.techtimes.com/articles/319658/20260703/ai-model-safety-standards-deal-targets-august-1-five-labs-adopt-first-jailbreak-scoring-scale.htm) to adopt the scale. A shared scoring vocabulary lets regulators tie an enforcement trigger to a defined severity band rather than to any single reported exploit, which both benefits and constrains the labs that wrote it.

## What this means

A model's access being pulled by export-control order over a jailbreak marks a shift in how governments treat frontier models: not as products to recall but as strategic assets whose distribution can be halted on security grounds. A shared severity scale is the mechanism that makes that governable, and the labs that authored it gain influence over where the enforcement threshold is set. Anthropic, Amazon, Microsoft and Google are exposed through policy, and every downstream deployer inherits the risk that a CJS-3 or CJS-4 finding could interrupt model availability.

## What to watch

- Whether the August 1 adoption target holds across all five labs, which would signal the scale is becoming a de facto standard rather than one vendor's proposal.
- How regulators reference the CJS bands in any future suspension order, since tying enforcement to a defined severity level would formalize the link between a jailbreak finding and loss of model access.
