Writing on cyber strategy, statecraft, operations, and geopolitics in a personal capacity. Views are my own and do not represent any employer or client. I use modern research and editing tools; analysis and judgement are mine.

There are technology stories that are really power stories wearing a product badge.

The abrupt suspension of access to Anthropic’s Claude Fable 5 and Claude Mythos 5 is one of them. On the surface, this looks like a dispute between an AI company and the US Government over model safety, jailbreaking and national security controls. That is the visible story. The deeper story is more consequential: access to frontier AI is becoming an instrument of state power.

For businesses outside the United States, and especially for middle powers like Australia, that should land with some force. On 12 June, Anthropic said it received a US Government export-control directive at 5:21pm Eastern Time requiring it to suspend access to Fable 5 and Mythos 5 by foreign nationals, whether inside or outside the United States, including foreign-national employees. Axios reported that the directive came through a Commerce Department letter and would require a licence for export, re-export or domestic transfer of the models. The practical effect, according to Anthropic, was that it had to disable the models for all customers while it worked through compliance.

The key phrase is foreign nationals. Not simply people located in China. Not simply users outside the United States. Foreign nationals. That detail matters because it tells us the boundary being drawn is not just geographic. It is legal, political and strategic. It is a border written through identity, citizenship, jurisdiction and alliance management. Customers outside the United States lost access to capability because a foreign government made a national security decision under laws they do not write, through institutions they do not govern, for reasons they may only partially understand.

That does not automatically make the decision wrong. It does make the dependency visible.

The details will no doubt be argued over by lawyers, policymakers, AI safety researchers, national security officials and the usual online crowd that can turn a cup of tea into a constitutional crisis. Anthropic has said its understanding is that the government’s concern related to a potential jailbreak that could be used to identify software vulnerabilities. It also says the demonstrated vulnerabilities were minor, previously known and discoverable by other publicly available models without the same bypass. The government may see that differently. That is the nature of national security disputes. The public rarely gets the whole file.

Semafor’s reporting adds another layer. According to its account, the White House move was linked in part to concerns that a China-linked group may have accessed Mythos. Anthropic has disputed aspects of that story and said the government did not raise Chinese access in its conversations around the directive. It has framed the issue around a narrow jailbreak concern rather than a confirmed foreign-access incident.

That tension matters, but not because we can resolve it from the outside. We cannot. The point is that customers, allies, employees and downstream users may not get a clean explanation when national security authorities intervene. They may get partial disclosure, conflicting accounts and immediate operational impact. That is how state power often works. It does not wait for vendor transparency, legal neatness or a tidy root-cause analysis.

Some of the reporting remains contested. The dependency signal does not.

This Is Not Really About Anthropic

It is tempting to make this story about Anthropic. That would be too narrow. Anthropic is the case study. The real issue is that access to frontier AI is becoming a geopolitical control surface.

That phrase sounds abstract until the switch is pulled. A model can be announced, priced, documented, integrated into customer workflows and then effectively withdrawn because a government decides the risk calculus has changed. That is not a normal SaaS outage. It is geopolitical kill-switch risk.

If that sounds familiar, it should. We have seen this pattern before. Semiconductors became strategic. Cloud became sovereign. Data localisation became a regulatory battleground. Telecommunications vendors, undersea cables, firmware, app stores, identity platforms, security tooling and critical minerals have all been pulled into the same argument. Frontier AI models now sit inside that pattern.

A model that can write code, analyse intelligence, support cyber operations, accelerate vulnerability discovery, generate scientific hypotheses, automate workflows and sit inside enterprise decision-making is not just another piece of software. It is capability. And capability attracts the state. The state will regulate it, test it, procure it, restrict it, classify it, subsidise it and, when necessary, switch it off.

The real risk equation is no longer simply whether a model is powerful. It is who controls access to that capability, under what legal regime, subject to what political incentives, and with what ability to withdraw, restrict, monitor or compel its use. That is a very different conversation from vendor due diligence. A model can be technically excellent and still sit inside a jurisdictional structure that creates exposure. A vendor can be aligned today and misaligned tomorrow. The vendor may not fail. The political environment around the vendor may change.

That is the part many organisations have not yet absorbed.

Capability Is Only Half the Story

Much of the debate will focus on whether Fable and Mythos were uniquely risky. That matters, but it is only half the issue. If one model has crossed a meaningful threshold in autonomous cyber capability, governments should care. If a model can materially uplift malicious actors, defenders, intelligence agencies and private security teams at the same time, then safety controls are not theatre. They are necessary.

But focusing only on model capability misses the broader operating environment. A model can be safe enough for one policy environment and unacceptable in another. A deployment can be commercially normal one week and legally restricted the next. A provider can release capability globally and then discover that its home government has a narrower view of who should be allowed to use it. That is not a technical edge case. It is the operating model of strategic technology.

There is an almost absurd symmetry here. Frontier AI companies are commercial actors, safety institutions, defence suppliers, national champions, policy advocates and geopolitical assets all at once. The incentives do not align neatly. They grind against each other. The same companies warning governments that frontier models could create serious cyber, biological or national security risks are also trying to bring those models to market. That does not make them hypocrites. It makes them institutions living inside conflicting pressures. They want to move fast enough to compete, cautiously enough to avoid catastrophe, openly enough to build markets and selectively enough to satisfy governments.

No one should be shocked when that tension breaks into the open.

Governments face their own incentive problem. If they move too slowly and a model is misused, they will be accused of negligence. If they move too aggressively, they risk damaging trusted access, commercial confidence, allied relationships and defensive innovation. In the absence of mature governance, the state will reach for the tools it understands: export controls, citizenship restrictions, national security directives and pressure on vendors. That is not elegant, but statecraft rarely is.

For boards and executives, the lesson is blunt. Vendor risk is no longer just financial stability, cyber posture, audit reports, service levels and contractual terms. Vendor risk is now alignment risk, jurisdictional risk, access risk, policy risk and strategic dependency risk.

Cyber security leaders should recognise the pattern. For years, we have been told to think in terms of shared responsibility with cloud providers. That model is already strained. AI stretches it further. With frontier models, the organisation may not control the model, may not understand the training data, may not see the safety mechanisms, may not know the monitoring thresholds and may not receive full visibility into government-directed access changes. Yet the organisation may still become dependent on the output. That is not shared responsibility. It is partial control wrapped in contractual optimism.

The exposure is not only in the technology, but in the trust relationship around it.

The Middle-Power Problem

This is where the Australian lens matters. From Washington, the Anthropic case looks like a national security decision. From Silicon Valley, it looks like a fight over regulation, safety, capability release and state authority. From an AI safety perspective, it looks like a model governance problem. From Australia, and from much of the Indo-Pacific, it looks like dependency.

Australia is deeply integrated into the American technology stack. Our public sector, banks, insurers, healthcare providers, universities, telcos and critical infrastructure operators rely heavily on US-controlled cloud, software, identity, productivity, security and now AI platforms. These are world-class technologies. That is precisely why they are everywhere.

But reliance, however efficient, is still reliance. And reliance becomes exposure when access, pricing, availability, functionality or legal treatment can be shaped by a foreign state acting in its own national interest.

This is not an argument for retreating from American technology. That would be unrealistic and self-defeating. Australia’s alliance with the United States remains central to our strategic position, and the democratic technology ecosystem is still vastly preferable to the authoritarian alternatives. But alliances do not remove dependency risk. They change its character.

A friend can still have different priorities. A partner can still move first for domestic reasons. An ally can still impose controls that make sense in Washington and create operational problems in Sydney, Singapore, Tokyo or Seoul. That is the middle-power dilemma. Australia relies on trusted access, commercial relationships, diplomatic alignment and the assumption that its interests will remain close enough to US interests to preserve continuity. That assumption may hold most of the time. But resilience is not built for most of the time. It is built for the moment the assumption fails.

We want access to the best technology. We want alignment with trusted partners. We want resilience against authoritarian technology ecosystems. We want sovereignty. We want all of it, preferably without trade-offs and with a neat slide for the board pack.

Good luck with that.

The uncomfortable truth is that middle powers do not get to control the strategic logic of the great powers whose platforms they use. They can only decide how exposed they are when that logic changes.

Sovereign AI Is Not a Slogan

This is where “sovereign AI” starts to matter, provided we do not reduce it to procurement theatre.

Sovereign AI does not mean every country needs to build a frontier model from scratch. For Australia, that is probably fantasy dressed up as strategy. We do not have the capital depth, energy base, compute scale, data ecosystem or industrial machinery to replicate the United States or China at the frontier. Pretending otherwise is how countries end up with expensive national capability brochures and very little capability.

But sovereignty does not have to mean autarky. It can mean knowing which dependencies matter. It can mean maintaining alternatives for critical workloads. It can mean ensuring that regulated entities understand the jurisdictional exposure of the models they use. It can mean requiring transparency around model access, data retention, foreign-national restrictions, operational continuity and provider obligations under home-state law. It can also mean building domestic capability where it matters most: evaluation, assurance, orchestration, model routing, security testing, sensitive data handling, incident response and sector-specific adaptation.

For Australia, the practical sovereign AI question is not whether we can build our own OpenAI, Anthropic or DeepSeek. The better question is where we need domestic agency, where we can rely on trusted partners, where we need fallback options, and which workloads are too sensitive or too critical to leave entirely exposed to another country’s policy settings. That is less glamorous than announcing a national frontier model. It is also more useful.

Sovereignty is not a flag in a data centre. It is the ability to keep operating when someone else’s politics changes.

From Asset Register to Trust Relationship Register

For decades, enterprise security has been anchored in the asset register: what do we own, where is it, who can access it and how do we defend it? That still matters. But strategic competition is pushing us toward something else as well: the trust relationship register.

The asset register tells you what you have. The trust relationship register tells you who you depend on.

It asks a different set of questions. It maps which critical capabilities depend on providers we do not control, which jurisdictions govern those providers, and what access rights, update mechanisms, model behaviours, identity systems, data flows and legal obligations sit underneath the service. Then it presses the two that matter: which foreign state can alter the operating conditions overnight, and what happens when it does?

This is not a theoretical exercise. It is the practical expression of geopolitical cyber risk. If an organisation is embedding frontier AI into software engineering, cyber operations, fraud detection, customer service, legal review, risk analysis or executive decision support, then model access is no longer a productivity question. It is part of operational resilience.

Boards should not ask only whether the organisation is using AI. Everyone is using AI, formally or through the side door. Nor should they ask only whether the vendor is secure. That matters, but it is no longer enough. The better question is this: what critical capabilities are we building on technology we do not control, in jurisdictions we do not govern, under policies we do not set?

For AI specifically, boards should expect management to know which business processes now depend on frontier models, which providers and cloud platforms sit underneath those models, which jurisdictions control them, what data is exposed, and what happens if access is restricted by nationality, geography, sector, use case or regulatory category. They should also ask whether workloads can shift to another provider, whether the outputs remain reliable and compliant, and whether the fallback is actually tested or merely assumed.

This belongs in technology risk, third-party risk, operational resilience, cyber scenario modelling and board reporting. If that sounds heavy, it is. But it is still cheaper than discovering during a crisis that a critical workflow depends on a policy decision made in another capital.

The practical tool is an AI dependency register, but not as another compliance spreadsheet quietly dying in SharePoint. It should identify the model, provider, hosting path, jurisdiction, business process, data exposure, fallback option and operational impact if access is withdrawn. It should separate casual productivity use from critical workflow reliance. It should force a conversation about which dependencies are acceptable, which need mitigation and which are being disguised by convenience. That is where the real risk hides, not in the fact that a business uses AI, but in the fact that it may stop noticing where the dependency begins.

Australia’s Strategic Question

Even if this specific restriction is narrowed, reversed or explained away, the precedent matters. Model access can now be altered by sovereign decision, not just vendor availability. For Australian boards, AI is a dependency strategy conducted under foreign jurisdiction, whatever the innovation roadmap says.

That does not mean retreating from frontier technology. It means being honest about the bargain. We get capability, scale and speed. In return, we inherit exposure to decisions made by governments we do not elect, laws we do not write and policy settings we do not control. That is not a reason to panic. It is a reason to govern the dependency properly.

The Anthropic episode shows what it looks like when a trust relationship is revalued overnight by someone else’s state. The vendor remains. The product remains. The capability may even remain technically sound. But the terms of access change because the political context changes.

That is the lesson.

For Australia, and for every middle power sitting inside someone else’s technology stack, the intelligence layer your business depends on may be commercial at the front end, but it is geopolitical underneath.

When geopolitics reaches into the stack, the outage message will not say “service unavailable”.

It will say, in effect, “not for you”.

Sources

• Anthropic, statement on the 12 June US Government directive to suspend access to Fable 5 and Mythos 5. https://www.anthropic.com/news/fable-mythos-access

• Axios, on the Commerce Department export-control letter and the foreign-national restriction. https://www.axios.com/2026/06/12/anthropic-trump-mythos-fable-national-security

• CNBC, on the directive and Anthropic’s decision to disable the models for all customers. https://www.cnbc.com/2026/06/12/anthropic-disables-access-to-fable-5-and-mythos-5-to-comply-with-government-directive.html

• Semafor, on the wider White House context and the contested claim of China-linked access to Mythos. https://www.semafor.com/article/06/13/2026/white-house-move-to-limit-anthropic-linked-to-concerns-about-chinese-access-to-mythos

• CNN, on the suspension and the broader tension between Anthropic and the administration. https://www.cnn.com/2026/06/13/business/anthropic-mythos-model-national-security