Resources | Blog

June 14, 2026

After Fable 5, sovereignty is no longer optional

‍One US order switched off Fable 5 and Mythos 5 for everyone, including their maker’s own staff. The lesson is structural, and a European flag will not fix it.

Concentration risk: When access runs through a single provider in a single jurisdiction.

On Friday at 5:21 p.m. Eastern, a letter was sent by the US Commerce Department to Anthropic’s chief executive. By Saturday morning in Berlin, two of the world's most capable AI models, Fable 5 and Mythos 5, had been switched off. Not throttled, not regionally restricted. Off, for every customer, everywhere.

Anthropic did not choose this. The export-control directive barred access by any foreign national, whether outside or inside the United States, which reportedly swept in Anthropic’s own non-citizen employees. Faced with an order that broad, the company could not selectively comply, so it disabled the models for everyone. Anthropic has called the order a misunderstanding, disputes that the security finding behind it was serious, and is contesting it. I have no reason to doubt them. This piece is not a criticism of Anthropic. From the outside, they look like a well-run company that got caught by something larger than any vendor controls.

That is exactly why it is worth your attention.

Strip away the national-security drama, and what happened on Friday is an old problem: concentration risk. A capability that a great many organizations had quietly made critical sat behind one provider, in one jurisdiction, and a third party that none of those organizations could see or influence revoked it overnight.

The uncomfortable part is not that a vendor failed. It turns out the vendor’s goodwill was not the backstop everyone assumed. Anthropic did not want to cut anyone off, and it had no say. If you had built a workflow, a product, or an internal process on top of Fable 5, your continuity depended not on your contract and not on your vendor’s intentions, but on a decision taken in a room you will never enter.

What the 12 June order did.

I can be specific about this, because it happened to us. Unosecur is a member of Anthropic’s Cyber Verification Program, vetted and approved to use these models for legitimate security research. When the order came down, our approved status counted for nothing, and we went dark with everyone else. A private trust framework, the very mechanism the industry holds up as the responsible way to gate powerful capabilities, was overridden by a government instruction in a single afternoon.

There is a quieter detail in the order that security leaders should sit with. By restricting access on the basis of “foreign national” status, the directive forced affected companies to treat nationality as a live access-control decision, immediately, with real penalties for getting it wrong. A geopolitical category became an authorization attribute in the span of an afternoon. Ask yourself whether your current stack could answer the question “which of our people and service accounts may use which AI capability, broken down by nationality and residency” without a week of scrambling. For most organizations, the honest answer is no. The identity and access layer was never built to enforce a distinction that, until Friday, nobody had to enforce.

The reflex this sets off is predictable.

Move to European providers. Move to anything outside a US licensing regime. That instinct is rational, and the migration will accelerate, and every vendor with a European address is about to tell you they are the answer. That is the wrong lesson, and I say that as someone running one of those companies. Swapping an American dependency for a European one does not remove the risk. It changes which government holds the switch. A European model provider can be reached by European law, by a national order, or by a future rule none of us has read yet. What changed on Friday was not the building's nationality but the discovery that a single point of revocation existed at all and that someone was willing to use it.

So, for a security architecture, sovereignty has little to do with where your vendor is incorporated. It is a set of properties you can engineer for: whether you can swap one model for another without rebuilding around it, whether you know which jurisdictions and laws can reach each capability you depend on, whether the system degrades gracefully when a dependency goes dark, and whether you control the layer that decides who and what is allowed to act.

This is where open-weight models have just made their own case.

A model whose weights you hold and host yourself cannot be switched off from Washington, or anywhere else, and Friday turns open weights from a cost-saving into a board-level resilience question. Two catches arrive in the same breath. Self-hosting hands you the security burden you were comfortably renting, the infrastructure, the monitoring, the safeguards, and the misuse that the provider used to police. And it moves the dependency more than it dissolves it: the weights are yours, but the chips they run on answer to an export regime of their own. Open weights remove the remote kill switch and raise the stakes on your own controls rather than lowering them. The most important of those controls is the one that decides what any of these systems, open or closed, is allowed to do.

That is the part I care about most, and it is where this stops being commentary and starts being the thing we build for. As organizations wire AI agents into real work, every agent becomes an identity, a non-human one, that wants access to your data and systems and the ability to act on them. What each agent is allowed to do, and who decides, becomes the load-bearing wall of the whole structure. If the model provider is effectively the authority, then losing the model is losing control. If your own identity and access layer is the authority, and access is scoped to specific tasks rather than handed over wholesale, then the model is only an engine. Engines are replaceable. You can swap a closed model for an open one you host yourself, and your control plane does not have to change. That is the inversion worth internalizing: your control no longer depends on the model, and the model no longer depends on your control.

For years, one entry in my 5x5 risk register read like paranoia: a critical vendor switched off because of the country it operated from, or a government ban or sanction that caught that country. I raised it in risk reviews, especially once consolidation took hold in security, what the industry now calls platformisation, with more of the stack resting on fewer providers. It always scored low on likelihood, the line you note and move past. As of Friday, it is no longer theoretical, and precedents do not un-happen. It belongs in every threat model now, priced as something that can recur, because it can.

The same risk on a 5x5 matrix: severity unchanged, likelihood re-rated after 12 June.

So run the tabletop this week.

If your most-depended-on AI capability went dark at 5 pm on a Friday, by an order its own vendor argued against, what in your business stops working? And when you trace the blast radius, is your identity and access layer one of the casualties, or is it the thing still standing that lets you route around the gap? Start with the inventory: which AI capabilities are load-bearing, and who can revoke each one.

None of this is abstract for us; it shaped how we built Unosecur. The control plane is the set of keys to the house, so we built it to live wherever you need it to: run for you as a managed service in Frankfurt or another European region, inside a data center you own and operate, or walled off from the outside entirely, air-gapped, with no line in or out. Where it lives can change; who holds the keys does not. The layer that decides who and what may act stays within your jurisdiction and your control.

We build in Berlin, under European jurisdiction. A European flag is not a security control, and I would never sell it as one. But the layer that decides who and what may act is the one piece of your architecture you should never rent from anyone who can be ordered to take it back.