
AI security just went through a real-world stress test. In early June 2026, a flaw found in an Anthropic model triggered an unprecedented export block, then the rollout of a shared severity scale across the largest AI labs. For an SME leader trusting AI tools with more data every day, this episode finally offers concrete criteria for choosing a vendor with confidence.
In brief
- Amazon researchers discovered, in early June 2026, a jailbreak technique in Fable 5, an Anthropic model, capable of generating code that exploits software vulnerabilities.
- The U.S. Department of Commerce imposed export controls on Fable 5 and Mythos 5 on June 12, 2026; they were lifted on June 30, after 18 days, once a new safety filter was deployed (source: Anthropic, The Hacker News).
- Anthropic, together with Amazon, Microsoft and Google, now proposes a shared jailbreak severity scale, the Cyber Jailbreak Severity Scale (CJS), modeled on the CVSS standard used in cybersecurity since 2005.
- This coordination follows a U.S. presidential executive order signed on June 2, 2026, creating a voluntary pre-market review pathway for the most powerful models, with early access for federal agencies.
- For an SME, the takeaway is concrete: security maturity (a vulnerability disclosure program, a safety filter, a fix timeline) becomes as important a selection criterion as price or performance.
What happened at Anthropic
In early June 2026, Amazon researchers identified a jailbreak technique in Fable 5, one of Anthropic's most advanced models. A jailbreak is a manipulation that pushes an AI model to bypass its own safeguards to produce content that would normally be blocked: here, code capable of exploiting software vulnerabilities.
On June 12, 2026, the U.S. Department of Commerce responded by imposing export controls on Fable 5 and its sibling model Mythos 5, suspending their distribution abroad. Anthropic then worked on a fix: a new safety classifier able to recognize and block the identified technique.
Early June 2026
Flaw discovered
June 12, 2026
Export controls
June 26, 2026
Partial restoration
June 30, 2026
Full restoration
July 1, 2026
Redeployment
Worth noting for balance: Anthropic states the same technique also worked on less-protected rival models, including OpenAI's GPT-5.5 and Kimi K2.7 from Chinese lab Moonshot AI (source: The Hacker News). Jailbreak risk is therefore not specific to one vendor: it concerns the whole generative AI industry.
The Cyber Jailbreak Severity Scale (CJS), a shared security score
The Cyber Jailbreak Severity Scale (CJS) is a shared scale proposed by Anthropic, Amazon, Microsoft and Google to score jailbreak severity across four criteria, similar to how the CVSS standard has scored classic software vulnerabilities since 2005.
| Criterion | What it measures |
|---|---|
| Capability gain | How far the jailbreak extends the model's capabilities beyond its already known tools |
| Breadth | The number of different attack types the same technique unlocks |
| Ease of weaponization | The skill and effort needed to turn the flaw into an operational attack |
| Discoverability | How easily the technique can be found or reproduced by a third party |
Combined, these four criteria produce a score ranging from CJS-0 (informational) to CJS-4 (critical). For the most severe cases, for example an attack targeting a power grid or a banking system, Anthropic commits to deploying a fix as soon as severity is confirmed.
Key takeaway
CJS is not yet a mandatory standard: it is a voluntary proposal from Anthropic, backed by Amazon, Microsoft and Google. An announcement formalizing a shared framework is expected as early as the first week of August 2026, according to the Financial Times (July 2, 2026).
Why AI giants are coordinating on security now
On June 2, 2026, a U.S. presidential executive order on AI and cybersecurity created a voluntary pre-market review pathway for the most powerful models, so-called "covered frontier models." This pathway gives federal agencies, including the NSA and CISA via the Center for AI Standards and Innovation (CAISI), up to 30 days of early access before a new model's public release.
Fable 5 had not yet gone through this voluntary pathway, so the U.S. government used export controls as a fast-response tool instead. Commerce Secretary Howard Lutnick said his department had "spent two weeks reviewing the models with Anthropic" before lifting the restrictions (source: The Hacker News). Anthropic also opened a vulnerability disclosure program via HackerOne, open to external researchers.
Before June 2026
Each AI lab handled security flaws its own way, with no shared severity scale or fix timeline across competitors.
Since July 2026
Anthropic, Amazon, Microsoft and Google are moving toward a shared severity scale (CJS), a joint disclosure program, and early access for U.S. authorities to the most powerful models.
What this concretely changes for an SME
This episode gives an SME leader a simple framework for judging an AI vendor's security maturity, well beyond price or advertised performance.
Ask about the security program
Look at the incident track record
Check access governance
Track upcoming announcements
FAQ
What is an AI jailbreak?
A jailbreak is a technique, often a prompt or a sequence of instructions, that pushes an AI model to bypass its own safeguards and produce content that would normally be blocked, such as malicious code or sensitive information.
Is the Cyber Jailbreak Severity Scale mandatory for AI vendors?
Not at this stage. It is a voluntary proposal led by Anthropic with Amazon, Microsoft and Google. A more formal framework, tied to the U.S. presidential executive order of June 2, 2026, is expected as early as the first week of August 2026, according to the Financial Times.
Does this incident mean consumer AI tools are unsafe for an SME?
No. It actually shows that a detection, fix, and cross-lab coordination process works: the flaw was found, fixed within weeks, and a shared standard emerged from it. Zero risk does not exist, but the response was fast and transparent.
How can an SME assess an AI vendor's security before signing?
By checking whether a vulnerability disclosure program exists, the vendor's track record of communicating during incidents, and the clarity of contractual commitments on fix timelines. These are questions to ask the vendor or your integrator directly.
Conclusion
The Fable 5 episode is a reminder of a simple rule: an AI model's security is never permanently settled, it is built through incidents, fixes and, now, standards shared across competitors. For an SME, this is measured good news: the industry is organizing itself, but vigilance still matters. To go further on governing your AI tools day to day, check our resources on managing AI in the workplace or see how other SMEs structured their AI adoption in our success stories.


