A legal framework designed for another era produced a global outage
NAVER, Samsung SDS, LG CNS, Nexon, and Hanwha Solutions deployed Claude Code across tens of thousands of engineers—Asia's largest concentrated AI adoption—using models unaffected by the ban. The June 12 export ban targeted Fable 5 and Mythos models after NSA red-team testing showed Mythos could autonomously identify and chain vulnerabilities in classified systems within hours.
- NAVER, Samsung SDS, LG CNS, Nexon, and Hanwha Solutions deployed Claude Code across tens of thousands of engineers—Asia's largest concentrated adoption
- June 12 export ban disabled Fable 5 and Mythos 5 for all users worldwide due to inability to verify user nationality in real time
- NSA red-team testing showed Mythos could autonomously identify and chain vulnerabilities in classified systems within hours
- Stripe demonstrated Fable 5 completed a 50-million-line code migration in one day—work requiring two months by hand
- SK Telecom, South Korea's largest wireless carrier and Anthropic investor, had accessed Mythos 5 through Project Glasswing before the ban
South Korea's largest tech firms deployed Claude Code at record scale, but a US export control directive suspended access to Anthropic's most capable models citing national security concerns over autonomous cybersecurity capabilities.
South Korea's largest technology companies made a sweeping commitment to Claude Code this month, rolling it out across tens of thousands of engineers at NAVER, Samsung SDS, LG CNS, Nexon, and Hanwha Solutions. It was the most concentrated enterprise adoption of Anthropic's AI coding tool anywhere in Asia. The timing seemed fortuitous: Anthropic had just opened a Seoul office and announced that its Asia-Pacific revenue had grown more than tenfold in the past year, with Claude Code's weekly active users in Korea expanding sixfold over four months. But on day nine of the export control directive that followed, the full picture of why those top-tier models remained offline became clearer—and the reason had little to do with the narrow technical jailbreak that had triggered the ban.
On June 12, the Commerce Department sent Anthropic a directive under the Export Controls Reform Act of 2018, citing national security. The agency ordered the company to disable access to Fable 5 and Mythos 5—Anthropic's most capable models—for every user worldwide. The Korean deployments were unaffected because they ran on Claude Sonnet 4.6 and Opus 4.8, the older generation of models that the directive did not touch. But the ban itself was a blunt instrument. The legal doctrine invoked, known as "deemed export" under 15 CFR 734.13, treats releasing controlled technology to a foreign national inside the United States as equivalent to exporting it to that person's home country. The rule was written for semiconductor blueprints and weapons schematics—physical artifacts that can be inventoried and licensed individually. A cloud API endpoint serving hundreds of millions of users has no nationality field in its session tokens or request headers. There is no mechanism for Anthropic to verify, in real time, the citizenship of every user sending a query. The only way to comply was to shut off access for everyone.
Two separate developments had converged to produce the directive. First, the White House learned that SK Telecom, South Korea's largest wireless carrier and an Anthropic investor, had gained access to Mythos 5 through Project Glasswing—Anthropic's invite-only cybersecurity consortium for vetted organizations—and that US officials suspected undisclosed ties to China. SK Telecom has denied the allegations, and the evidence has not been made public. The White House asked Anthropic to revoke its Glasswing access, which Anthropic did immediately. Second, Amazon—Anthropic's largest investor, with a cumulative stake of approximately thirteen billion dollars—flagged a guardrail bypass in Fable 5 to the White House. Amazon researchers discovered that prompting the model to read a codebase and "fix this code" against known vulnerabilities surfaced those vulnerabilities, effectively bypassing the model's intent-classification layer. Security expert Katie Moussouris, founder of Luta Security and the only outside expert who reviewed the underlying research report, concluded that the capability exposed cannot be meaningfully fixed without weakening the model for legitimate defensive use—and that the same capability exists in other publicly available frontier models including OpenAI's GPT-5.5.
But the narrow jailbreak was not the full story. On June 21, ten days after the ban took effect, testimony surfaced that reframed the dispute as something larger. Senator Mark Warner, vice chair of the Senate Intelligence Committee, said NSA Director General Joshua Rudd told him that Mythos "broke into almost all of our classified systems, not in weeks, but in hours" during an authorized red-team exercise. The Economist's editor later clarified that the statement should not be read literally and depended on Mythos working alongside other tools in specific conditions. Warner used the example not to condemn Anthropic but to argue for mandatory pre-release government testing of frontier models, and to praise Anthropic for having submitted Mythos for controlled evaluation. Even with those caveats, the disclosure mattered. It confirmed that the US government's concern extended beyond the narrow "fix this code" jailbreak to the underlying autonomous offensive capability of Mythos-class AI. A model that can find and chain vulnerabilities at that speed, in authorized testing against its own government's infrastructure, is not a straightforwardly commercial product—regardless of the safety classifiers Fable 5 runs on top of it.
For the thousands of engineers at NAVER, Samsung SDS, LG CNS, and Nexon who started using Claude Code in the past two weeks, the practical situation was this: the tools they were using worked. Claude Code, Claude Cowork, and the full Opus 4.8 and Sonnet 4.6 lineup were fully available. What they did not have access to was the top-tier capability Anthropic had positioned as the leading edge of autonomous coding and cybersecurity work. During Fable 5's brief availability, Stripe reported that the model completed a codebase-wide migration of a fifty-million-line Ruby codebase in a single day—work that would have taken a full engineering team more than two months by hand. That benchmark captured the gap between what Korean engineers were working with now and what they had been told was coming. Anthropic's international managing director Chris Ciauri told reporters at the Seoul opening that he was "very confident" the models would return within days. Prediction markets gave roughly a fifty-seven percent probability of restoration before July 1 as of June 18. As of June 21, no restoration had been announced, and the NSA testimony circulating that weekend made the near-term timeline harder to call.
The deepest structural problem was not a question of Anthropic's intentions or SK Telecom's affiliations. It was a question of whether the legal architecture that governs the export of dual-use technology was built to handle a capability delivered at consumer scale through a shared cloud endpoint. Export control law developed around physical goods that can be tracked, licensed, and recovered. It then extended, imperfectly, to static software and technical data—artifacts that can be inventoried and restricted by recipient. Live AI inference over a cloud API has none of those properties. A query to Fable 5 and a query to Claude Sonnet 4.6 look identical to Anthropic's infrastructure until the model responds. There is no chokepoint at which nationality can be verified, no artifact that can be recalled, and no mechanism for partial compliance short of a global shutdown. That is what happened on June 12: a legal framework designed for another era of technology produced a global outage to enforce a domestic restriction—and the first time in history a US government directive pulled a commercially deployed frontier AI model for every user on earth. Whether the right answer is a better enforcement mechanism or a categorical access model for autonomous offensive AI capability, both answers take time. Korean enterprises, Anthropic, and their mutual commercial relationship are now waiting on that question.
Citações Notáveis
Broke into almost all of our classified systems, not in weeks, but in hours— NSA Director General Joshua Rudd, describing Mythos performance in red-team exercise (as reported by Senator Mark Warner)
Very confident the models would return in the coming days— Chris Ciauri, Anthropic's international managing director, at Seoul office opening on June 18
A Conversa do Hearth Outra perspectiva sobre a história
Why did the US government shut down access for everyone worldwide instead of just blocking Korean users?
Because the law wasn't built for cloud-delivered AI. Export controls were designed for physical goods—semiconductors, weapons blueprints—things you can count and license. When you send a query to an API, there's no nationality field in the request. Anthropic has no way to verify in real time whether you're American or Korean. So to comply with a rule that says "no foreign nationals," they had to turn it off for everyone.
But Anthropic could have just blocked IP addresses from Korea, right?
That would violate the "deemed export" doctrine. Under US law, giving controlled technology to a foreign national on American soil counts as exporting it to their home country. So even if a Korean engineer was sitting in a US office, they couldn't access it. The law treats the person's nationality as the boundary, not their location. There's no technical workaround that doesn't break the rule.
So what's actually being restricted? The companies in Korea are still using Claude Code.
They're using the older models—Sonnet and Opus. Those weren't banned. What's restricted is Mythos and Fable 5, the newest ones. Mythos is the security-focused model that the NSA tested. During that red-team exercise, it found and chained vulnerabilities in classified systems in hours. That's the capability the government is worried about—not a narrow jailbreak, but the underlying speed and autonomy of the model itself.
Is that capability actually dangerous, or is this overcautious?
The security expert who reviewed the research—Katie Moussouris—said the capability can't be fixed without weakening the model for legitimate defensive work. And she noted that other frontier models have similar capabilities. So it's not unique to Anthropic. But the government's concern is real: a model that can autonomously identify and chain vulnerabilities at that speed is a different kind of artifact than what export control law was designed to handle.
What does this mean for the Korean companies that just deployed Claude Code?
They're operational right now with the tools they have. But they're locked out of the next generation of capability. Stripe showed that Fable 5 could do a fifty-million-line code migration in a day—work that would take a team two months. That's the gap. Korean engineers have a working tool, but not the one they were promised.
When does this get resolved?
Nobody knows. Anthropic's leadership said days. Prediction markets gave it a fifty-seven percent chance of being restored by July 1. But the NSA testimony that came out on June 21 made that timeline harder to call. The government's concern isn't just about a jailbreak—it's about the model's core capability. Patching the jailbreak doesn't address that. So this might take longer than anyone initially thought.