Washington’s Fable 5 and Mythos 5 control was built around access. A June 12 Commerce directive required Anthropic to suspend those models for any foreign national, inside or outside the United States, including its own foreign-national employees. Anthropic complied by disabling both models for all customers worldwide, while leaving its other models available. The company said the trigger was a narrow code-fixing jailbreak, not a universal exploit, and argued that the episode did not justify a full recall of a deployed system. [E1]
Forbes framed the order as part of a national-security treatment of frontier models as strategic assets, with concern around advanced or self-executing cyber capability. That matters because the policy object was not merely a product login. The order treated access to a model as a controlled capability, close to a deemed-export problem in software form. [E2]
Sakana’s launch answer is substitution. Its Fugu Ultra release says the system stands “shoulder-to-shoulder” with Fable 5 and Mythos Preview while delivering frontier capability “without the risk of export controls.” The claim is launch-day vendor language, not an independent finding, but the pitch is explicit: if one provider becomes legally unavailable, a routed system can sell resilience as policy arbitrage. [E3]
Fugu’s mechanism is not a weights-level replacement for Fable 5. Sakana describes Fugu and Fugu Ultra as a full multi-agent orchestration system reachable through one OpenAI-compatible API, with a learned orchestrator that selects, delegates to, verifies and synthesizes outputs from a swappable pool of underlying models. Fable 5 and Mythos Preview are not in that pool because they are not publicly accessible. [E4]
Benchmark discipline is the caveat. Sakana reports Fugu Ultra at 73.7 on SWE-Bench Pro, 95.5 on GPQA-D and 93.2 on LiveCodeBench, but those are provider-reported launch figures, with no visible third-party evaluation in the public material. A control regime can be weakened by substitution before the substitute has proven parity, because buyers only need a credible route around single-vendor dependency, not a perfect clone. [E5]
Sakana’s sovereignty pitch makes the policy logic plain. The company says recent AI disruptions show the risk of single-vendor dependency, and that Fugu can dynamically route around a provider restriction. This is the first escape route: approximate the controlled capability by wrapping multiple accessible systems in a control layer, then sell continuity rather than provenance. [E6]
Qwable is the second route, and the harder one for access controls. Its Hugging Face page describes a chained distill from Qwen3.6-35B-A3B, first on Claude Opus 4.7 reasoning traces, then on Claude Fable-5 agentic tool-use traces. The associated SFT dataset has 4,659 rows, with provenance attributed to roughly 953 raw Claude Code sessions collected around June 10–22, during the suspension window. The repo says evals are in progress and no scores are published, while Anthropic has not named it and Hugging Face has issued no takedown. [E7]
Anthropic had already described the leakage risk in February: illicit distillation can strip safeguards and let capabilities proliferate beyond any single government’s control. The live policy problem is narrower and more concrete. One workaround routes around a blocked vendor with orchestration; the other turns restricted outputs into training material. Access controls can slow direct use, but they do not cleanly stop approximation or leakage once the useful behavior has crossed the output boundary. [E8]