The US government has decided that Fable 5 and Mythos 5, Anthropic’s two strongest models, are too dangerous for foreigners to use. On 12 June it ordered Anthropic to cut off every foreign national on the planet, including the company’s own non-citizen employees, and Anthropic pulled both models for everyone to stay compliant. There is a hole in that plan, and it is not a small one. A US-only gate is a Know Your Customer check, and the criminal internet has spent a decade getting very good at beating those. As of this week, the alerts.bar stealer-log index already holds 34,814 live Claude session cookies and 74,114 for ChatGPT. Those are working keys to accounts that were already verified, and they sell for pocket change.
So before anyone treats a citizenship wall as a serious barrier, it is worth walking through what actually happens when you put a high-value service behind one. We cover this market every week. It does not behave the way an export control is supposed to.
What the order actually says
Anthropic says the directive landed at 5:21pm ET, cited national security, and demanded that no foreign national get access to Fable 5 or Mythos 5, wherever they live. Claude Opus 4.8 and the rest of the lineup are untouched. The government’s stated worry is a way of jailbreaking Fable 5. Anthropic looked at the evidence and pushed back hard, calling it a narrow trick that mostly amounts to asking the model to read some code and find bugs, the kind of thing other shipping models do every day. Whether that concern holds up is a fight for the lab and the government to have on the technical merits, and it will. None of it changes the enforcement math, which is what we care about here.
Today both models are simply off. The interesting moment comes if access returns on the directive’s terms, because then Anthropic has to do something it has never done at this level of detail. It has to prove, one user at a time, that someone is American.
You cannot see a passport over an API
Citizenship is invisible to a web request. To keep a service US-only, you have to verify identity the way a bank does: a government ID, a selfie or liveness check, maybe a Social Security number, an address, and IP and device signals to back it up. Every one of those steps has a mature, priced, on-demand market dedicated to faking it. The day a frontier model becomes an American-only privilege, it joins streaming libraries, sportsbooks and sanctioned-country crypto on the long list of geofenced things the underground unlocks for a living. The tooling does not need to be invented. It is sitting in a Telegram channel right now.
The keys are already cut
The laziest way past a US-persons check is to skip it and steal an account that already cleared it. AI logins get harvested in bulk, and we can measure it. We ran the major AI domains through the alerts.bar stealer-log index, the same data behind our Stealercheck tool, and pulled the count of live session cookies sitting in infostealer logs right now.
A session cookie is not a password. It is better than a password. It is proof to the server that you already logged in, so replaying a stolen one drops an attacker straight into the account with no credentials to type and no multi-factor prompt to answer. That is the same cookie-replay trick that beats MFA across the breach world, and there are 34,814 of them for Claude alone. Buy one tied to a US account and you have not bypassed the citizenship gate, you have inherited someone who already passed it. The password and the country check both become irrelevant.
If you cannot steal a citizen, print one
When there is no account to hijack, you build an American. This used to take real skill. It does not anymore. In February 2026 the US Justice Department charged the operator of OnlyFake, a service that churned out more than 10,000 AI-generated fake IDs covering all 50 states and 56 other countries, sold openly for getting past KYC on crypto exchanges. A convincing US driver’s license that survives a liveness check now costs tens of dollars and shows up in minutes. Deepfake document and face fraud is the fastest-growing problem in identity verification, FinCEN has formally warned banks about it, and threat-intel teams keep showing how easily these forgeries clear automated checks. Build the gate on document verification and you inherit that weakness whole.
The rest of the kit is off the shelf
Wrap those two moves in the infrastructure that already exists. Residential proxy services rent out real US home IP addresses by the gigabyte, so a request from Tehran or Shenzhen arrives looking like a router in Ohio. Stealer-log shops and account markets, the children of Genesis Market and the Russian-language log bazaars, sell ready-made identities and live sessions filtered by country. API keys, which turn up in stealer logs constantly, hand over programmatic access with no login screen to gate at all. None of this was built for Fable 5. It is the existing access-broker economy swinging toward a shiny new target.
Who actually gets locked out
Here is the uncomfortable part. Export controls were written for missile parts, where a thing either crosses a border or it does not. Access to software does not work like that. A control enforced by identity checks is not a wall, it is a turnstile, and the turnstile takes stolen credentials and fake documents as payment. The actor most able to pay is exactly the one the order is meant to stop: well funded, patient, sitting on a pile of compromised US identities. The people who genuinely cannot get through are the foreign grad student, the overseas startup, the multinational’s compliance team, and, as Anthropic pointed out, its own engineers who happen to hold the wrong passport. The control filters out the honest and waves through the determined.
To be clear, that is not a verdict on whether the ban itself is justified. The jailbreak question is real and Anthropic and the government will argue it out. The point is narrower and harder to dodge: a US-persons gate is a KYC control, and KYC controls fail against precisely the adversary that national-security rules exist to block.
What this means if you have to run the gate
Any provider stuck enforcing a nationality rule should burn one lesson into the team: the login is not where you win. Verifying identity at signup is necessary and nowhere near sufficient. The controls that actually hold are the boring continuous ones, watching for account takeover from sessions that do not fit the user, flagging impossible travel and proxy fingerprints, catching credentials and cookies that surface in stealer logs after the account was issued, and treating a verified identity as a claim you keep testing rather than a stamp you grant once. Anthropic’s own choice to retain 30 days of Mythos-class data, which it took flak for on privacy grounds, is an admission that the misuse gets caught after access, not at the door.
If you are worried your staff or customers are the accounts being resold, treat an infostealer infection as a breach, watch for your domains in the stealer-log ecosystem, and move anything valuable to phishing-resistant authentication that does not mint replayable sessions. Our guide to dark-web and infostealer monitoring walks through the tooling.
We have watched this film before
None of this is a prediction. It is a rerun. Every geofenced service grows a bypass market, and the bigger the prize the faster it shows up. AI accounts proved the appetite years ago: Group-IB counted more than 100,000 stolen ChatGPT logins in stealer logs by mid-2023 and over 225,000 across the year, scraped by commodity malware like LummaC2, Raccoon and RedLine.
Slap a national-security label on a model and you have handed the underground the most motivating prize it has seen in years. If Fable 5 and Mythos 5 come back as US-only, the question was never whether the gate can be picked. It is how fast the listings go up, and what they charge.
Frequently asked questions
What are Fable 5 and Mythos 5?
They are Anthropic’s two most capable AI models. On 12 June 2026 the US government ordered access suspended for all foreign nationals, and Anthropic disabled both models for every customer to comply. Its other models, including Claude Opus 4.8, were not affected.
Why did the US ban Fable 5 and Mythos 5 for non-US citizens?
The government cited national security and a method of jailbreaking Fable 5. Anthropic is complying but disagrees, describing it as a narrow trick whose capability is already common in other deployed models.
Can a US-only restriction actually be enforced?
Only as well as identity verification works, which is poorly against motivated attackers. Proving citizenship online leans on document checks, selfies and IP signals, all of which have cheap bypass markets. Determined actors get through; ordinary foreign users mostly do not.
How do threat actors bypass KYC and geography gates?
Mostly by taking over verified accounts harvested in infostealer logs, by using stolen or AI-generated IDs that pass automated KYC, and by routing through US residential proxies. These are existing paid services, not new tools.
Are stolen AI accounts really sold online?
Yes, in volume. alerts.bar currently indexes tens of thousands of live AI session cookies, including 34,814 for Claude and 74,114 for ChatGPT, and Group-IB has tracked hundreds of thousands of stolen ChatGPT logins in stealer logs since 2023.
Sources and further reading
- Anthropic, Statement on the US government directive to suspend access to Fable 5 and Mythos 5
- CNN, Anthropic suspends access to Mythos model after US bans foreign-national use
- Live session-cookie figures: alerts.bar stealer-log index, via Ransomnews Stealercheck, June 2026
- Group-IB and The Hacker News, Over 225,000 compromised ChatGPT credentials
- Sumsub, AI fake IDs and the new KYC risk, and Intel 471, Can deepfakes bypass online ID verification?
- Related: Initial access brokers and the 2026 ransomware supply chain
Analysis by Martynas Vareikis, who covers AI and LLM security at Ransomnews. This piece explains why identity and geography controls fail, for defensive and policy readers. It is not a guide to circumventing any service’s terms or any government directive.