JPMorgan Chase removed Anthropic’s Claude models from the internal “drop-down list of approved large language models” for Hong Kong staff after a reading of Anthropic licensing language reported to exclude usage in Greater China, including Hong Kong. Reuters attributed the account to the Financial Times, said it could not independently verify the report, and noted that JPMorgan and Anthropic did not comment. The practical border was not an airport gate or a customs form. It was a bank software menu. [E1]
Goldman Sachs had already made the same kind of move in April, barring Hong Kong bankers from Claude through its internal AI platform after a strict reading of its Anthropic contract. Other approved models, including rivals such as Gemini, reportedly remained available. That distinction matters: this is not a general retreat from workplace AI. It is a model-by-model, contract-by-contract compliance deletion, performed by firms that are not the state but have become the place where the state’s risk logic becomes employee access. [E2]
The state action sits upstream. Reuters reported that Commerce Secretary Howard Lutnick ordered Anthropic to suspend exports of Mythos 5 and Fable 5 “to all destinations and foreign nationals,” citing concern that the models could be used by military-intelligence users in China, Russia and other countries of concern. The letter invoked the 2018 Export Control Reform Act, required a license for transfers to foreign nationals in the United States, and warned of civil and criminal penalties. Export-control specialists questioned whether remote model access fits the traditional export-control frame, which is the hinge of the story: a hosted model session is being treated like an exportable capability. [E3]
Anthropic’s own account sharpens the access question. The company said the directive covered “any foreign national, whether inside or outside the United States, including foreign national Anthropic employees,” forcing it to “abruptly disable” Fable 5 and Mythos 5 for all customers. Anthropic said other models were not affected, disputed the technical basis by calling the demonstrated issues “previously known, minor vulnerabilities,” and argued that applying the standard industry-wide would “essentially halt all new model deployments for all frontier model providers.” [E4]
The three-layer trigger is now visible. First comes the Commerce and Lutnick national-security directive. Second comes Anthropic’s own licensing perimeter and supported-region policy, where Hong Kong is not listed among allowed regions. Third comes bank compliance, expressed through approved-tool lists and internal AI platforms. The resulting inference is the policy sentence the market has not fully priced: a frontier API is now a policy endpoint. It can be degraded, re-routed or switched off by a state order, vendor policy, contract reading or corporate compliance call. [E5]
Anthropic’s broader unsupported-region policy gives the vendor layer its own logic, apart from the Commerce order. The company has said organizations controlled from unsupported regions such as China can be restricted partly because subsidiaries could use the models for “military or intelligence purposes” or “to distill our models.” The Amazon-guardrail story remains unconfirmed in the primary record; Reuters, the Financial Times and Anthropic do not establish that Amazon researchers were the actors behind the demonstrated bypasses. Likewise, the claim that Fable 5 or Mythos 5 has actually been distilled into a named open model is contested. The primary record supports a general distillation concern, not a confirmed instance. [E6]
The second-order damage is already being argued by the people paid to defend systems rather than to write export doctrine. Reuters reported that cybersecurity leaders at companies including Nvidia and Adobe urged the United States to lift the curbs, arguing that the ban hampers defenders’ ability to find and fix vulnerabilities. Their letter called the restriction potentially “dangerous.” That is the counterpressure: if the most capable defensive models are switched off for the wrong users, the policy may reduce hostile access while also degrading friendly testing, triage and patching. [E7]
A narrower reading of the same record is available. The control, on that account, is not a general switch for all AI infrastructure but a targeted action around two named models, a license-terms trigger, unsupported-region exposure and a bank compliance surface; every other model in the Goldman example reportedly stayed available, and Anthropic itself says other Anthropic models were not affected. That counter-read does not erase the infrastructure point, but it limits it: revocability has been demonstrated at the frontier edge, not across the whole stack. The G7 “trusted partners” discussion shows the likely next patch, with selected countries or companies seeking access to advanced US models, but Reuters reported that this was still a discussion, not a live exemption. [E8]