Jooyeol Kim

The Off-Switch Is the Message

How frontier AI turned global contribution into access risk

When Anthropic suspended access to Fable and Mythos, two frontier models were pulled from available workflows.

On June 9, 2026, Axios reported that Anthropic had released Fable 5 as a general-use version of a Mythos-class model, with safeguards for high-risk cybersecurity requests. Three days later, Axios reported that the U.S. government had directed Anthropic to block foreign-national access to Fable 5 and Mythos 5; Anthropic reportedly responded by disabling access to the models rather than enforcing the restriction selectively.

The larger revelation was sharper: frontier AI access can shift overnight from a commercial product into a revocable security permission.

That shift changes what people are buying when they build on frontier AI. Yesterday, a model looks like infrastructure. Today, it looks like permission. Yesterday, a company, researcher, hospital, school, or startup may treat access as part of an operating workflow. Today, the workflow has to ask a harder question: not just whether the model works, but whether access to the model can be trusted.

The narrow readings miss the strategic damage. Some will describe the Anthropic shock as an AI safety event. Others will call it export control, national security, or a fight over who governs frontier systems. Each frame catches something real. None is enough.

The United States may protect frontier capability while undermining the credibility of the frontier order it leads.

Call this hegemonic trust burn: a leading power uses its control over strategic infrastructure to protect a capability in the short term, while burning the credibility, predictability, and voluntary dependence that made its broader order powerful in the first place.

High-risk frontier systems need controls. A model capable of cyber assistance, autonomous agentic planning, or dangerous technical synthesis cannot be treated like an ordinary consumer app. A state has reasons to care about who uses such systems, from where, with what data, for what task, and under what accountability structure.

Bad controls still burn trust.

A serious access regime asks precise questions. What task is being performed? What capability is being invoked? What data enters the system? What control environment surrounds the user? What logging, audit trail, rate limit, sandbox, and institutional accountability contain misuse? Who bears responsibility if the system is used through an intermediary? How is access reviewed, narrowed, suspended, restored, or appealed?

A blunt restriction asks a cruder question: who are you?

That may be administratively convenient. It may even be politically satisfying. But it converts a capability problem into a status problem. The safety question becomes a passport question. Risk no longer travels through task, context, and control environment. It is pushed onto categories of persons, places, and affiliations.

Exclusion is only the surface. Reclassification does the deeper work.

The same person who appears as global talent during production can reappear as foreign risk during security. The engineer, researcher, evaluator, or infrastructure partner who helped make the frontier possible may discover that contribution and belonging were never the same thing.

The argument does not depend on identifying a particular Anthropic employee. The structure is visible without one. A person may be close enough to patch Fable 5, test a Mythos-related safeguard, or maintain the infrastructure around those models, and still learn that access to Fable 5 and Mythos 5 is now governed through nationality before contribution. The work remains inside the frontier. The worker is read from outside it.

The American promise does not collapse here. Its operating boundary becomes visible.

American technological power has never been only technical. It has also been absorptive: the ability to make exceptional outsiders believe that building inside the system could become a path toward belonging. The message was not always clean, equal, or consistently honored. But it was powerful enough to organize ambition.

Come here. Build here. Compete here. Become part of the future here.

Frontier AI depends on that absorptive power. It is built through global talent, global customers, global research networks, global infrastructure, and global legitimacy. The productive phase speaks the language of openness: world-class researchers, international collaboration, global users, shared scientific progress. The security phase can suddenly speak another language: foreign national, foreign access, foreign exposure, foreign risk.

The same globality that creates value becomes the category used to restrict access to the value created.

This is a strategic contradiction before it is a moral one. A country that depends on foreign-born expertise to build its frontier advantage should be careful about teaching those same people how quickly their position can be re-read. Talent may get someone close to the frontier. Security may remind them that proximity is not the same as trust.

The lesson travels through different actors in different forms. Firms experience it as procurement risk: a frontier model can no longer be treated as a stable utility if it can become unavailable through a geopolitical decision. Workers and researchers experience it as belonging risk: the person has not changed, but the system’s classification of that person has. Governments experience it as sovereignty risk: a partner can prefer American technology and still conclude that dependence on U.S.-controlled AI infrastructure must be reduced.

For rivals, the opportunity is obvious. The strongest argument for non-U.S., open-weight, local, or sovereign alternatives is not always that they are better. Sometimes it is enough that they are available, predictable, and free from a foreign off-switch. A weaker tool with stable access can become strategically attractive when the stronger tool becomes politically conditional.

This is the danger of confusing capability control with order control.

Hegemony is not the power to exclude everyone outside the gate. It is the power to make others build, compete, optimize, and plan inside the order one leads. A confident hegemon does not need universal affection. It needs durable participation. It says: use my tools, pay for my infrastructure, train your people on my systems, adapt your workflows to my standards, and even when you complain, you will still find it easier to remain inside my order than to leave it.

A panicked hegemon sends another message: access may vanish, the rules may change abruptly, and your dependence may become your liability.

That is a costly lesson to teach.

Capability control can erode access hegemony. The United States may slow a rival’s access to the frontier and still accelerate the world’s habit of designing around U.S. access. It may preserve a model while weakening the order that made global dependence on that model rational.

Procedural reform matters. People affected by automated decisions should know when a model has judged them and have a way to contest the outcome. Frontier-model decisions should not be made only by closed circles of officials and companies.

Anthropic points beyond procedure. The fight over AI is also a fight over whether the order that governs AI remains credible enough for others to build inside it.

An order does not survive on power alone. It survives because actors plan within it. They sign contracts, train workers, build workflows, make investments, and accept dependencies because the system looks stable enough to justify the risk. Once that stability is doubted, the damage is not immediate collapse. It is architectural learning.

People add fallback plans. They shift sensitive functions elsewhere. They stop assuming access. They diversify before they are forced to. They teach themselves how to live with less dependence on the system that once seemed unavoidable.

The off-switch is the message.

It tells the world what kind of infrastructure frontier AI is becoming. It tells users whether access is a product or a permission. It tells foreign researchers whether contribution and belonging are treated as the same thing when security arrives. It tells enterprises whether model availability is an engineering assumption or a political variable. It tells governments whether the future should be built on U.S. systems, around U.S. systems, or away from them.

The United States has real reasons to protect frontier AI capability. It also has a larger interest in preserving the credibility of the order that made so many people willing to use, fund, trust, and build on American technology in the first place. Those interests can collide. A control that protects capability today can burn trust tomorrow.

A chokepoint is most powerful when others still prefer passing through it. A platform is most powerful when users believe that building on it will not become a geopolitical trap. A hegemonic order is most powerful when even dissatisfied actors keep planning inside it.

If frontier AI access becomes visibly conditional, opaque, and revocable, the long-term result may not be obedience. It may be exit planning.

The signs will not always look dramatic. They will look like procurement teams demanding multi-model fallback plans, researchers avoiding single-provider dependence, governments funding sovereign or local AI capacity, and allies asking for clearer access guarantees before building sensitive workflows on U.S.-controlled systems. A rival does not need to win everyone at once. It only needs the dominant system to teach users how to leave.

The question after Anthropic is not only whether Fable and Mythos should have been restricted. The deeper question is what the restriction taught everyone else. If the lesson is that U.S.-led frontier AI is powerful but unreliable, then the United States will have protected the model and weakened the order.

That is the cost of burning trust to protect capability.