Every incident starts the same way: with me being wrong about whose fault it was.

I was in Cowork, Fable selected, doing the unglamorous pipeline work that never makes it into a demo video. Errors started coming back, and because I’m a professional with seven years of operational scar tissue, my brain did what it always does — it assumed I broke it. MCP wrapper misbehaving again? Sandbox hit the memory ceiling I’ve fought before? Did I fat-finger a config? I ran the whole ritual of self-blame every SRE knows by heart, the one where you assume the universe is fine and you are the bug.

Then I checked the status page. The root cause was not my trailing slash. The root cause was the United States federal government.

The reason my pipeline fell over was an export control directive. Not a deploy gone wrong. Not a quota. A national security order.

The short version, from Anthropic’s own statement: the government issued a directive ordering that access to Fable 5 and Mythos 5 be suspended for any foreign national — inside or outside the country, including Anthropic’s own foreign-national employees. There’s no clean way to enforce that selectively, so both models went dark for everyone. Every other model stayed up. Just the Mythos-class tier.

I’ve written a lot of root-cause writeups. “A government agency recalled the model” is a new one. My incident timeline now has an entry that reads “5:21pm ET — federal directive received.” You don’t get to put that in a Datadog annotation every day.

The government’s stated concern is a jailbreak — someone apparently demonstrated a way to bypass Fable’s safeguards. Here’s where the practitioner in me starts laughing, because the jailbreak, as described to Anthropic verbally with no written specifics, boils down to this: ask the model to read a codebase and fix the software flaws in it.

The exploit: Ask the model to read a codebase and fix the software flaws in it. That’s not a jailbreak. That’s Tuesday.

Read that again. That’s not a jailbreak. That’s Tuesday. It’s the single most common thing any of us asks these models to do. If “point the model at some code and have it find the bugs” is a national security exploit, then every SRE, every appsec engineer, and every junior dev with a failing test suite is running a covert weapons program out of their terminal.

Anthropic’s response, paraphrased: we looked, it surfaced a handful of minor, already-known issues, and other public models — they name OpenAI’s GPT-5.5 — find the same things with no bypass at all. They’re complying with the order while openly disagreeing with it, and they’ve promised more details within 24 hours.

I’m not here to adjudicate the policy fight. Whether a narrow jailbreak justifies a recall is genuinely interesting and emphatically not my lane. I’m a guy with a pipeline. My lane is: the model evaporated, and I have to keep working.

One bit of irony before I get back in my lane. One of the documented complaints about Fable since launch is that its safeguards are too aggressive — users grumble that it refuses too much. So we’ve arrived at a model that’s simultaneously too locked-down for its users and too dangerous for the government. That’s a hell of a place to be standing.

Here’s the reframe that matters. A vendor pulled a hard dependency out from under a running pipeline, zero notice, no ETA. Strip away the geopolitics and that’s a textbook chaos engineering scenario. Somebody injected a failure into my system without my consent, and now I get to find out, in production, in real time, how my architecture behaves when a model just isn’t there anymore.

This is the test you’re supposed to run on purpose, in a game day, runbook open and coffee in hand. Instead the federal government ran it for me, for free, at an hour of their choosing. Rude. Also genuinely useful, because a chaos experiment you didn’t schedule is the only kind that tells you the truth.

So let’s talk blast radius. If you’ve got claude-fable-5 hardcoded anywhere — an Agent SDK call, an MCP server config, a model field buried in a tiering rule — that line is throwing errors right now. The uncomfortable question: how many of those hardcoded strings do you have, and do you even know? A grep -r "fable" across your configs this morning is going to be either reassuring or deeply educational. There’s no third option.

For my own stuff, the accounting is mixed. Where I built a fallback router, it did exactly what a fallback router should — the request degraded over to another tier and the work kept moving. Where I’d gotten lazy and pinned a model string because “it’s just a quick thing,” it hard-failed, loudly, exactly as I deserved. That’s the lesson in one sentence: the abstraction you built when you were disciplined saved you, and the shortcut you took when you were lazy cost you. Incidents don’t moralize. They just bill you.

The deeper takeaway is one I keep relearning and half-forgetting: when you build on a frontier vendor, “the model exists” is not a guarantee you control.

I treat my offload tier and local Ollama path as a cost optimization, and most days that’s what it is. But today it stopped being a cost story and became an availability story. The same routing layer that pushes cheap work to a local model is the layer that lets me survive a model getting recalled by a government. Tiering isn’t just a FinOps play. It’s insurance, and the premium is the discipline of never hardcoding a single point of failure.

The takeaway: Model availability is a dependency with an SLA you don’t own and can’t negotiate. You don’t get to file a ticket with the federal government.

Model availability is a dependency with an SLA you don’t own and can’t negotiate. You don’t get to file a ticket with the federal government. You don’t get an ETA. The only leverage you have is architectural: a routing layer, a defined fallback order, and the discipline to use it instead of pinning a model because it was convenient on a Tuesday.

I’ll be honest about the timestamp. This is live. As I write this the models are still down, Anthropic is still disagreeing with the order, and the promised details haven’t fully landed. This isn’t the tidy retrospective where I know how the story ends and get to sound wise about it. It’s a dispatch from inside the incident — which is the more honest format anyway. Most operational writing is reconstructed after the fact, sanded down until the author looks competent the whole way through. This one catches me at the part where I was still blaming my own config for something the government did.

I’ll update when access comes back or the 24-hour details drop, whichever’s first. In the meantime my pipeline is running on Opus, my hardcoded Fable strings are repointed, and I have a new favorite entry in my log of incident root causes.

Go check your configs. grep is free. The next chaos experiment might not be.