On Saturday June 13, in the hours after Anthropic published its explanation for why Fable 5 and Mythos 5 had been pulled offline for every customer worldwide, the Wall Street Journal ran a follow-up that changed the story. The cybersecurity research the US government had cited as the technical basis for the export control directive was Amazon’s, not the government’s. Amazon chief executive Andy Jassy had personally shared the company’s findings with senior Trump administration officials in the days before the letter arrived at Anthropic’s headquarters. Stephanie Palazzolo at Axios confirmed the WSJ account within hours. The Information corroborated with its own sources. The Hacker News thread on the WSJ piece crossed 669 points within a day. The story is no longer about a “jailbreak.” It is about the new political economy of frontier AI.

The man who runs Anthropic’s largest cloud partner through AWS Bedrock, its largest chip supplier through Trainium, and one of its largest investors (Amazon has committed up to $4 billion to Anthropic since 2023), used export-control authority to take a rival’s most advanced products off the market. The “jailbreak” was the available pretext. The trigger was a phone call.

🔍 THE BOTTOM LINE

The Friday export control directive that forced Anthropic to disable Fable 5 and Mythos 5 for every customer worldwide was not initiated by a US intelligence agency discovering a national security threat. It was initiated by Amazon CEO Andy Jassy calling Treasury Secretary Scott Bessent, the WSJ and Axios reported Saturday. The cybersecurity research Amazon shared was, per Katie Moussouris — the founder of LutaSecurity, a co-author of Microsoft’s first bug bounty program, and one of the most credentialed security researchers in the industry — “not a jailbreak.” Anthropic’s own public statement, posted before the WSJ story broke, said the same thing: the capability is “widely available from other models (including OpenAI’s GPT-5.5) and is used every day by the defenders who keep systems safe.” The directive’s technical basis is now contested by both the company it targeted and an independent security expert who reviewed Amazon’s research. The directive’s political basis is no longer in dispute. For the G7 gathering in Évian tomorrow, the question is no longer whether AI API access is a national security capability. It is who gets to decide that, and on whose behalf.

What the Wall Street Journal Reported

The WSJ story, which broke late Saturday NZT, draws on unnamed US officials and people familiar with the conversations. The reporting has two main parts.

First, the cybersecurity research the government cited as the technical basis for the directive was Amazon’s, not the government’s. Per the State of Surveillance summary of the WSJ reporting, the research predated the directive by days. It was conducted by Amazon’s internal security team, briefed up through Amazon’s leadership, and shared with the White House in conversations that included Treasury Secretary Scott Bessent.

Second, Anthropic’s public response — the statement posted to Anthropic.com and CEO Dario Amodei’s subsequent communications — has been carefully measured. The company is publicly calling the action a “misunderstanding.” It is complying with the directive. It is not, as of this writing, contesting it through any legal channel. Anthropic declined to comment for the WSJ beyond its public statement. The Information, which broke its own version of the story, also received no on-the-record response from Anthropic beyond the existing statement.

The structural conflict is now public. Anthropic is the second-largest customer of AWS, the dominant cloud provider for AI workloads. Anthropic’s models are sold through Amazon Bedrock. Anthropic’s training runs on Amazon’s Trainium chips. Amazon has invested billions in Anthropic across two funding rounds. The same company that hosts, sells, and finances Anthropic’s products is also the company whose CEO briefed the White House on the security risks of those same products. That is the story beneath the story.

The “Jailbreak” That Wasn’t One

The technical question is narrower and more important than the political one. The directive’s stated basis is a method of jailbreaking Fable 5. Anthropic’s public statement said the demo it saw was “essentially asking the model to read a specific codebase and fix any software flaws,” a capability that is “widely available from other models (including OpenAI’s GPT-5.5), and is used every day by the defenders who keep systems safe.” In other words: the technique Amazon’s research demonstrated is a standard, defensive use case that every major frontier model can perform. It is not a novel capability. It is not a unique vulnerability. It is not a bypass of safety filters. It is a code-analysis feature that defenders use to find security bugs.

Katie Moussouris, the founder and CEO of LutaSecurity, posted on BlueSky that she had reviewed Amazon’s paper: “It’s not a jailbreak.” Moussouris is one of the most credentialed security researchers in the industry. She co-authored Microsoft’s first bug bounty program, has advised the US Department of Defense on vulnerability disclosure, and has spent two decades in the field. Her assessment, on the record, is that the research Amazon shared with the White House does not meet the technical definition of a jailbreak.

There are two ways to read this. The first is that Amazon’s research is real but was mischaracterised in the briefing. A demonstration of code analysis was escalated to “jailbreak” in the conversation between Amazon, the White House, and the Commerce Department. Anthropic’s response — “this is widely available, defenders use it daily” — is the correct technical rebuttal. The directive should not have been issued on this basis.

The second is that Amazon’s research was correctly characterised in the briefing, and the directive was issued knowing the technical claim was narrow. In that case, the directive was not about the jailbreak. It was about the precedent. The Commerce Department wanted a clean test case for AI API export controls, and Amazon provided the pretext. The “jailbreak” was the available justification. The policy outcome was the goal.

Either reading produces the same operational result: Anthropic’s most capable models are offline for every customer worldwide, including American customers, because the Commerce Department decided they had to be. The technical question is now academic. The political question is live.

The Political Economy of the Anthropic Story

The most consequential sentence in the WSJ reporting is the one that names the relationship. Anthropic’s largest cloud partner, chip supplier, and investor used the White House to take Anthropic’s most advanced products off the market. The immediate beneficiary is every other frontier lab whose models remain unrestricted. The direct competitor is OpenAI, whose GPT-5.5 was named in Anthropic’s statement as performing the same capability. The indirect beneficiary is Google DeepMind, whose Gemini 3 is also unrestricted.

The structural reading is straightforward. Anthropic was about to be the first profitable frontier AI lab in history. Internal forecasts circulated in the days after the Fable 5 launch suggested Q2 2026 would be the first quarter any frontier lab turned an operating profit, per Abhishek Gautam’s analysis. The model was benchmarked above every prior Claude on every standard measure. It was the first Mythos-class model available to paying customers at all. It was Anthropic’s S-1 story, running a week before its June 1 confidential filing with the SEC. Then it was gone. Three days from launch to global disablement.

For the public market, the implications are considerable. Anthropic’s S-1 was filed on the assumption that Fable 5 and Mythos 5 would be the company’s growth engine for the next 12–18 months. The directive, if it stands, removes that engine. The IPO valuation, which was already aggressive at $965 billion post-money, is now underwritten by Anthropic’s older models — Opus 4.8, Sonnet 4.6, Haiku 4.5 — none of which are at the frontier of the Mythos class. The IPO roadshow will have to answer for the loss of the two flagship products. Investors who committed at $965B will be marking down. The “first profitable frontier lab” narrative is gone.

The Anthropic Researcher Question

The other thing the WSJ reporting makes explicit is the open question of motive. Amazon has not publicly explained why Andy Jassy raised the Fable 5 concerns with the Trump administration in the days before the directive. The company has not said whether it believed the research was a genuine national security issue. It has not said whether it considered the competitive implications of having a competitor’s flagship product taken offline. It has not said whether the briefing was coordinated with Anthropic, with AWS’s Bedrock team, with Anthropic’s other major investors, or with anyone else.

The plausible explanations range from “Amazon genuinely believed there was a national security issue and acted in good faith” to “Amazon used its White House access to remove a competitor’s product from the market during the most consequential 72 hours of that competitor’s commercial life.” Both are possible. The evidence available right now does not let us distinguish between them. What the evidence does show is that the person with the most direct competitive interest in Anthropic’s flagship model being disabled was, per the WSJ, Axios, and The Information, the person who briefed the government in the days before the directive was issued.

That is not, in itself, proof of bad faith. Companies raise security concerns with regulators all the time. The information asymmetry between a research team that knows a model’s capabilities and a regulator that does not is real, and companies have a legitimate role in filling it. But when the company raising the concern is the same company that hosts, sells, and finances the target, the optics are not good. The structural conflict is real even if the motives are clean. The question Anthropic’s board, Anthropic’s other investors, and the public market will all be asking this week is: what did Andy Jassy say, to whom, and on whose behalf?

What It Means for New Zealand

The first-order impact on New Zealand is unchanged. Fable 5 and Mythos 5 are still offline. Anthropic’s other models are still available. The directive does not name New Zealand, and New Zealand is not on the long-standing US export control target list. New Zealand users with legitimate access to Anthropic’s API can still use the surviving models.

The second-order impact is the precedent. The Commerce Department has now demonstrated that it will issue export control directives on AI API access on the basis of cybersecurity research that (a) came from a competitor, (b) was briefed to the White House by a competitor’s CEO, and (c) does not meet the technical definition of the vulnerability cited in the directive. The bar for the next directive is therefore not “is this a real national security threat.” It is “is a sufficiently large and politically connected company willing to assert that it is.” That is a much lower bar. Every other frontier lab is now operating under that bar.

The third-order impact is the sovereign-AI tie. The G7 summit in Évian starts tomorrow. The “sovereign AI” framework Macron has been pushing assumes that AI infrastructure, models, and standards are under national control. The US directive is the most concrete sovereign AI action any G7 nation has taken to date. But the Anthropic directive is also, per the WSJ, the most politically compromised. A directive issued on the basis of a competitor’s research, briefed by a competitor’s CEO, applied to a competitor’s product, three days after launch and a week before the company’s IPO filing — that is not a clean sovereign AI action. It is a competitor using sovereign AI authority to take a product off the market. Other G7 leaders will be aware of this. The Carney statement from Ireland on Sunday — “nobody has done anything wrong in the situation. But we will have done something wrong if we just accept this, don’t take the lesson, don’t build out and diversify” — is the polite version of that awareness.

For New Zealand, the lesson is sharper. A small economy at the end of every global supply chain does not get to assume that the US export control regime will be applied neutrally. The directive’s neutrality is now a contested claim. The local-AI hardware option — a $2,000 AMD box running open-weight models on-device — does not depend on any sovereign AI framework or any US export control decision. It is the only AI stack the US government cannot cut off with a letter to a competitor’s CEO. That argument, made on the AMD article’s first pass, is now substantially stronger.

⚠️ THE OTHER SIDE

Three honest caveats. First, Amazon’s research is not in the public record. We have Moussouris’s assessment that it is “not a jailbreak,” and Anthropic’s public statement that the capability is “widely available from other models.” Neither of those is a complete technical rebuttal of the underlying research. Amazon has not released the paper. The Commerce Department has not released the technical basis for the directive. We are working from characterisations, not the underlying artefacts. Second, Jassy’s call to Bessent is not, on the available evidence, improper. CEOs brief the White House. Companies raise security concerns. The Treasury Secretary has a legitimate interest in financial-system cybersecurity. The chain of events — research, briefing, directive — is the same chain that produces good outcomes in many cases. The problem in this case is that the chain produced a directive that targeted a specific company’s product three days after launch, and the company that briefed the government is that product’s largest commercial partner. The optics are bad. The motives are unproven. Third, Anthropic’s compliance is not, in itself, evidence of guilt. The company has chosen to comply and contest through communications rather than litigation. That is a defensible strategy. It is also the strategy a guilty company would choose. We do not know which.

❓ FREQUENTLY ASKED QUESTIONS

What did the Wall Street Journal actually report? The cybersecurity research the Commerce Department cited as the basis for the export control directive came from Amazon, not from US intelligence agencies. Amazon CEO Andy Jassy personally briefed Trump administration officials including Treasury Secretary Scott Bessent on the research in the days before the directive was issued. The story broke late Saturday NZT (Friday US time) and was confirmed by Axios and The Information within hours.

Is Amazon’s research a real jailbreak? Two independent assessments say no. Anthropic’s public statement describes the demonstrated technique as “essentially asking the model to read a specific codebase and fix any software flaws,” a capability that is “widely available from other models (including OpenAI’s GPT-5.5), and is used every day by the defenders who keep systems safe.” Katie Moussouris, founder of LutaSecurity and a co-author of Microsoft’s first bug bounty program, said after reviewing Amazon’s paper: “It’s not a jailbreak.” Amazon has not released the paper publicly. The Commerce Department has not released the technical basis for the directive.

Why would Amazon’s CEO do this? We do not know. Amazon has not publicly explained the briefing. The plausible explanations range from “genuine national security concern” to “competitive action dressed as security concern.” Both are possible on the available evidence. The structural conflict — Anthropic is one of AWS’s largest AI customers, Amazon Bedrock sells Anthropic’s models, Amazon has invested billions in Anthropic, and Amazon’s Trainium chips train Anthropic’s models — is real and not in dispute.

What is Anthropic saying? Publicly, that the directive is a “misunderstanding.” The company is complying. It is not contesting the directive through any legal channel as of this writing. Anthropic declined to comment to the WSJ beyond its existing public statement.

What does this mean for Anthropic’s IPO? The IPO was filed confidentially on June 1 with the SEC at a $965 billion post-money valuation. The pricing and listing date are set independently. A long-term suspension of Fable 5 and Mythos 5 would reduce the company’s revenue trajectory and the multiple the public market is willing to pay. The “first profitable frontier lab” narrative, which depended on Fable 5’s commercial momentum, is gone. Investors who committed at $965B will be marking down.

What does this mean for the G7 summit? The summit starts tomorrow in Évian, France. Sovereign AI is on the official agenda. The US directive is the most concrete sovereign AI action any G7 nation has taken to date. Canadian Prime Minister Mark Carney, speaking in Ireland on Sunday, said countries should treat the directive as a warning and plan alternatives. The directive’s political compromise — briefed by a competitor, applied to a competitor’s product — will be on the table.

What should a New Zealand AI user do? Continue using Claude Opus 4.8, Sonnet 4.6, or Haiku 4.5 as normal. For long-term planning, the local-AI hardware option — a $2,000 AMD mini PC running open-weight models on-device — is now structurally more attractive than it was a week ago. Open-weight models cannot be cut off by a foreign export-control directive, and they cannot be targeted by a competitor’s White House briefing. Sovereignty, in the post-Anthropic world, is built locally first.