The Real Reason Fable 5 Went Offline. It Starts in Seoul.

For seven days, the US government's shutdown of Anthropic's flagship model looked like a story about a jailbreak. It wasn't. WIRED and The Washington Post together published the full two-step sequence on June 19: a South Korean telecom with alleged ties to China had access to Anthropic's most dangerous model through a secret program called Project Glasswing — and that was the spark. Amazon's security team flagged a separate vulnerability the same week — and that turned a targeted access revocation into a full global shutdown. Anthropic opened its Seoul office on June 18 and promised the models return "within days." The IPO is still on. But the story investors now have to price is not a jailbreak story. It's a China story.

THE STORY

Project Glasswing was not public knowledge until this week.

Anthropic launched the program in April 2026 as an invite-only cybersecurity consortium — roughly 50 US partners given early access to Claude Mythos Preview, a model the company considered too capable for public release because of its ability to identify vulnerabilities in previously unbreakable code. By early June, the program had expanded to approximately 150 organizations globally. South Korean participants included Samsung Electronics, SK Hynix, SK Telecom, and the Korea Internet & Security Agency.

US officials grew alarmed over what they saw as SK Telecom's alleged ties to China. The White House told Anthropic to cut off SK Telecom's access. The company complied right away.

That should have been the end of the incident — a quiet access revocation for one partner. Instead, it became the first domino.

Amazon also reported a similar jailbreak flaw, and Amazon CEO Andy Jassy reportedly communicated the issue with members of the US administration. Five other companies filed similar reports within days. The convergence of the SK Telecom access concern and the Amazon-flagged vulnerability caused the White House to lose confidence in Anthropic's security posture entirely. The directive that arrived at 5:21 PM ET on June 12 was not a surgical response to a single jailbreak. It was the result of two simultaneous failures landing on the same desk at the same time.

Anthropic's Managing Director of International Chris Ciauri said during a press conference in Seoul on June 18 that he was "very confident" both models would return "in the coming days." The Seoul office opening — planned months in advance — proceeded on schedule, in the same city whose telecom sector triggered the crisis. The symbolism was not lost on anyone in the room.

South Korean participants — including SK Telecom, Samsung Electronics, SK Hynix, and the Korea Internet & Security Agency — had their Glasswing access revoked following the June 12 export control directive. SK Telecom denied any China connections to a Korean newspaper. But the company is part of the broader SK Group, which has major business interests in China and held a stake in the state-owned Chinese carrier China Unicom until 2009. The White House's concern was not about current ownership — it was about historical exposure and the potential for a hostile state actor to extract intelligence from a partner with access to a model capable of breaking critical infrastructure code.

Mythos can detect flaws in what had been believed to be unbreakable code, meaning that in theory, a single prompt by a bad actor could have devastating repercussions. Anthropic claims that the impact could be so immense that it withheld Mythos from public access.

This reframes the entire shutdown. The government was not primarily concerned about a consumer jailbreak that let users bypass content filters. It was concerned about a model — shared under a secret program with 150 partners globally — that could theoretically be used to identify and exploit vulnerabilities in critical infrastructure. The two incidents that converged on June 12 were the evidence that Anthropic's partner vetting was insufficient for a model of that sensitivity.

Anthropic's position remains that the jailbreak is narrow, previously known, and present in competing models. That argument addresses the Amazon-flagged vulnerability. It does not address the SK Telecom concern — which was not about a jailbreak at all, but about who had access to Mythos in the first place.

The distinction matters for the IPO. An S-1 risk factor about "potential government restrictions on model deployment" reads differently when investors understand the actual sequence: a secret 150-partner program, a partner with alleged China ties, a model capable of attacking critical infrastructure, and a CEO who told the government the jailbreak wasn't serious and refused to pull the model voluntarily. That is the narrative every institutional investor will be reading when Anthropic's roadshow begins.

THE MONEY ANGLE

1. Project Glasswing is the hidden liability in Anthropic's S-1. The program gave 150 organizations worldwide access to a model Anthropic itself considered too dangerous for public release. The White House's concern was not that the model was jailbroken — it was that the model was shared with a partner whose corporate lineage included a stake in a Chinese state-owned carrier. Every one of Glasswing's 150 partners is now a potential diligence question. Institutional investors will want to know: who are the other 149 organizations? What are their ownership structures? Are any others flagged by US intelligence? Those questions don't have public answers yet. They will before the roadshow ends.

2. The SK Telecom trigger is a $100 million investor problem. SK Telecom is a $100 million Anthropic investor, and was identified by the White House as a Chinese security risk with access to Mythos 5. That combination — an equity investor simultaneously flagged as a national security concern — is structurally unusual and legally complex. It raises questions about whether SK Telecom retains its equity stake, whether Anthropic is required to buy it back, and whether other non-US investors in Anthropic's cap table face similar scrutiny as the company moves toward a public offering. The $965 billion valuation was set before this became public. The cap table cleanup required to satisfy regulatory review of a national security-adjacent company going public at near-$1 trillion is not a minor administrative task.

3. "Within days" is a commitment — and a deadline. Anthropic's international managing director made a public promise at a press conference in Seoul: the models return "within days." That statement was made on June 18. It sets an implicit expectation of restoration by June 22–25. If the models are not live by then, Anthropic has a public credibility problem on top of a government relations problem — and every enterprise customer watching the clock has one more reason to evaluate alternatives before the IPO roadshow begins. Kalshi pricing at 57% odds of restoration before July 1 suggests the market is not fully convinced the promise will be kept.

THE OPPORTUNITY

1. Map your exposure to Project Glasswing partners before investing in Anthropic. When Anthropic's S-1 goes fully public, look specifically for the Glasswing partner list disclosure and any language about investor nationality review. Any institutional investor with a mandate to avoid geopolitically exposed assets will need to understand how deeply SK Telecom's $100 million stake is entangled with Anthropic's cap table — and whether the company's resolution of that entanglement creates any price sensitivity near the IPO. Investor move

2. The "China access risk" framing is now permanent in AI investing. The Fable 5 story established a template: a frontier AI model with extraordinary capabilities, shared through a partner program, with a partner whose corporate lineage raises national security flags. That template will be applied to every major AI company's partner and investor roster by every government agency reviewing AI IPOs going forward. Companies with clean, US-aligned cap tables and transparent partner programs are now worth a demonstrable premium. That's an underpriced variable in current AI valuations. Investor move

3. Enterprise AI procurement just got a new due diligence requirement. Every enterprise that relies on frontier AI APIs now has documented evidence that a government directive can pull a model offline globally within hours — triggered not by anything the enterprise did, but by a third-party partner's corporate history. The practical response: any enterprise AI procurement process should now include a "government intervention risk" section covering the model provider's partner program exposure, investor nationality, and existing government relationship. That checklist didn't exist two weeks ago. It exists now. Business owner move

QUICK HITS

OpenAI Closes Astral Acquisition — Python Infrastructure Now Controlled by an AI Lab OpenAI announced its acquisition of Astral, the Python toolchain company — the creators of uv and ruff. uv sees over 126 million downloads per month, and ruff is 1,000 times faster than traditional linting tools. Codex has already seen 3x user growth and 5x usage increase since the start of the year, and has over 2 million weekly active users. By embedding uv and ruff into Codex, OpenAI is building a closed-loop system where its AI writes, lints, formats, and verifies Python code without leaving the OpenAI stack. ◆ Money angle: By replacing pip with uv, Codex saves approximately 1 million minutes of compute time every week — a direct cost reduction for a company that spends $2.50 for every $1 it earns. Controlling the Python toolchain also means controlling the developer workflow that every Python-based AI application depends on.

ChatGPT Now Outscores Doctors on Healthcare Questions OpenAI upgraded ChatGPT's healthcare capabilities with GPT-5.5 Instant. In the company's own comparative tests, the model now outscores answers written by doctors in accuracy, clarity, and completeness. The benchmark was conducted on standardized clinical question sets. OpenAI did not publish independent third-party validation alongside the announcement. ◆ Money angle: If the benchmark holds under independent review, the liability and licensing framework for AI medical advice becomes an immediate regulatory question — and a growth opportunity for every legal, compliance, and malpractice insurance platform serving healthcare.

Five Eyes Intelligence Agencies Issue Joint AI Security Warning The cybersecurity and intelligence agencies of the United States, Australia, Canada, New Zealand, and the United Kingdom jointly released guidance on agentic AI systems in critical infrastructure, identifying five categories of risk: privilege escalation, design and configuration failures, behavioral unpredictability, structural vulnerabilities, and accountability gaps. ◆ Money angle: A joint Five Eyes advisory carries the implicit weight of coordinated government action. Companies deploying AI agents in critical infrastructure that ignore this guidance are not just taking a security risk — they are taking a regulatory and liability risk that will be cited in any post-incident review.

The Fable 5 story was never really about a jailbreak. It was about a 150-partner program, a $100 million investor with China exposure, and a model capable of breaking critical infrastructure code. That story is now in the public record — and it will be in the risk factors section of the most anticipated IPO prospectus of the decade.

See you tomorrow, The Future Geek Team