Audience: Compliance officers, AI engineers, legal teams, and incident responders at organizations operating AI models in regulated environments. This guide is provider-agnostic. The June 12 Anthropic directive is used as a case study, but the procedures apply to any model recall from any provider.
1. What Happened on June 12, 2026
On June 12, 2026, at approximately 5:21 PM Eastern, the United States government issued an export control directive to Anthropic prohibiting foreign nationals from accessing two models: Fable 5 and Mythos 5. The prohibition extends to foreign Anthropic employees within the United States.
The directive cited national security authorities and referenced a method of bypassing Fable 5's safety mechanisms to analyze code for vulnerabilities. Anthropic characterized this as a routine capability present in all frontier models.
Because Anthropic cannot reliably verify the nationality of every user in real time at scale, the company disabled both models globally for all customers. All other Claude models remain available.
Key Facts
- The directive arrived with no advance warning
- Two models were suspended: Fable 5 and Mythos 5
- The suspension is global, affecting all customers regardless of nationality
- No specific timeline for restoration has been provided
- The Department of Defense had previously classified Anthropic as a "supply chain risk" in March 2026
What This Means for Regulated Organizations
Any organization that was running Fable 5 or Mythos 5 in production on June 12 experienced an unplanned model transition. If that organization operates in a regulated environment, the transition is a compliance event that requires documentation, evidence, and -- in many frameworks -- notification.
2. Why Model Recall Is a Compliance Event
A model recall is not a service outage. It is a supply chain disruption with regulatory implications. The distinction matters because the evidence requirements are different.
Regulatory Framework Mapping
| Framework | Requirement | Why Model Recall Triggers It |
|---|---|---|
| EU AI Act Art. 9 | Risk management system must address foreseeable risks | Model unavailability is a foreseeable risk. Organizations must document their response and fallback procedures. |
| EU AI Act Art. 17 | Quality management system must include post-market monitoring | A recalled model requires documented corrective action and evidence of continued system integrity. |
| NIST AI RMF GV-1.2 | Organizations define and document AI risk tolerances | A government-ordered model suspension tests whether the organization's risk tolerance documentation covers supply chain events. |
| NIST AI RMF MP-4.1 | Model deployment decisions include risk assessment | Transitioning to a replacement model requires a new risk assessment with documented rationale. |
| CMMC SI-7 | Software, firmware, and information integrity | A model change is a software change. Integrity monitoring must capture the transition. |
| SR 11-7 | Model risk management | A model recall is a model risk event. The organization must document the event, assess impact, and validate the replacement model. |
| NIST 800-53 SA-12 | Supply chain risk management | The model provider is part of the supply chain. A government-ordered shutdown is a supply chain risk event. |
In every case, the requirement is the same: produce evidence. Evidence of what was running, evidence of the transition, evidence that the replacement meets the same requirements.
3. SWT3 Procedures That Apply
Anchor Revocation
The primary procedure for model recall events. AI-REV.1 mints a revocation anchor targeting the fingerprint of the recalled model's active anchors. Reason code 1 (model_recall) is specifically designed for government-ordered or provider-initiated model shutdowns.
The revocation anchor is itself immutable. It does not delete the original anchor -- it creates a new record stating that the original anchor's model is no longer available. This preserves the full evidence chain.
Model Versioning and Selection
Provides the evidence of what model was running before the recall. Every inference witnessed by SWT3 records the model identifier in Factor A. An auditor can query the ledger for all AI-MDL.2 anchors with claude-fable-5 or claude-mythos-5 to determine the exact scope of exposure.
Safe-State Transition
Witnesses the transition from the recalled model to its replacement. Records the trigger condition (export control directive), the transition type (forced model swap), and the resulting model state. This procedure creates the bridge between the revocation event and the new model deployment.
Supply Chain Attestation
Documents the supply chain state after the recall. Which providers are still available? Which models are still accessible? Has the organization verified that the replacement model meets the same compliance requirements as the recalled model?
Behavioral Baseline
A replacement model has different behavioral characteristics than the recalled model. Token distributions, latency profiles, output patterns, and error rates will differ. AI-BASE.1 establishes a new baseline for the replacement model so that drift detection has a valid reference point.
Drift Detection
Monitors the replacement model for behavioral divergence from its established baseline. After a forced model transition, drift detection is critical because the organization did not choose the timing of the switch. The replacement model may behave differently under the same workloads.
4. Incident Response Playbook
This playbook assumes the organization is already using SWT3 to witness AI inferences. If the organization was not witnessing before the recall, it can still begin witnessing now to document the transition and replacement model behavior.
Mint AI-REV.1 Anchors for All Active Integrations
For every integration that was using the recalled model, mint a revocation anchor with reason code model_recall. This creates the formal record that the model has been withdrawn from service.
Include the directive reference, the timestamp of receipt, and the scope of the revocation in the observations field.
Document the Directive
Record the following in your incident log:
- Directive receipt timestamp (June 12, 2026, 5:21 PM ET for the Anthropic directive)
- Issuing authority
- Models affected
- Scope of the restriction (foreign nationals, all users, specific geographies)
- Whether the directive provides a timeline for restoration
Switch to Fallback Model and Witness the Transition
Swap to your fallback model. Mint an AI-SAFE.1 anchor documenting the transition: which model was removed, which model replaced it, and the trigger condition (export control directive).
If your organization has a pre-defined model fallback plan, execute it. If not, this event demonstrates why you need one.
Establish a New Behavioral Baseline
The replacement model has different output characteristics. Mint an AI-BASE.1 anchor establishing the baseline within 48 hours. This anchor becomes the reference point for all subsequent drift detection.
Monitor for Drift on the Replacement Model
Enable AI-DRIFT.1 monitoring on the replacement model. Elevated drift scores are expected during the first 48-72 hours as the baseline stabilizes. Sustained drift beyond one week warrants investigation.
Export Evidence Package
Generate a compliance evidence package containing:
- All AI-REV.1 revocation anchors for the recalled model
- The AI-SAFE.1 transition anchor
- The AI-BASE.1 baseline anchor for the replacement model
- AI-DRIFT.1 monitoring results for the first 7 days
- AI-MDL.2 history showing the last inference on the recalled model and the first inference on the replacement
This package is auditor-ready evidence that the organization responded to the recall event with documented procedures and cryptographic proof.
5. Code Examples
Revoking Anchors for a Recalled Model (Python)
from swt3_ai import witness
# Initialize with your tenant credentials
w = witness.SWT3Witness(
tenant_id="YOUR_TENANT",
endpoint="https://sovereign.tenova.io/api/v1/witness"
)
# Revoke all active Fable 5 anchors
# reason=1 is model_recall
w.revoke(
fingerprint="<last-fable-5-anchor-fingerprint>",
reason=1, # model_recall
observations={
"directive": "US export control, June 12, 2026",
"affected_models": ["claude-fable-5", "claude-mythos-5"],
"action": "Global suspension per provider compliance"
}
)Revoking Anchors for a Recalled Model (TypeScript)
import { SWT3Witness } from '@tenova/swt3-ai';
const w = new SWT3Witness({
tenantId: 'YOUR_TENANT',
endpoint: 'https://sovereign.tenova.io/api/v1/witness'
});
// Revoke with model_recall reason
await w.revoke('<last-fable-5-anchor-fingerprint>', {
reason: 1, // model_recall
observations: {
directive: 'US export control, June 12, 2026',
affected_models: ['claude-fable-5', 'claude-mythos-5'],
action: 'Global suspension per provider compliance'
}
});Witnessing the Model Transition
from swt3_ai import witness
from openai import OpenAI # or any replacement provider
# Wrap the replacement model
client = witness.wrap(
OpenAI(),
model="gpt-4.5-turbo", # replacement model
agent_id="fraud-detection-v3"
)
# First inference on the replacement is automatically witnessed
# AI-INF.1 + AI-MDL.2 anchors minted with the new model identity
response = client.chat.completions.create(
model="gpt-4.5-turbo",
messages=[{"role": "user", "content": "Test inference on replacement model."}]
)6. Export Control and Clearing Levels
The June 12 directive is fundamentally about access control by nationality. SWT3 clearing levels and CJT (Compliance Jurisdiction Traceability) fields provide the mechanism for documenting and enforcing these restrictions.
CJT Fields for Export Control
| CJT Field | Export Control Use | Example Value |
|---|---|---|
jurisdiction |
ISO 3166-1 country code of the user or deployment | "US", "DE", "CN" |
legal_basis |
The regulatory authority for the access restriction | "EAR", "ITAR", "export-control-directive" |
purpose_class |
The intended use category | "commercial", "defense", "research" |
authorization_id |
Reference to the specific export license or exemption | "EAR-740.17", "denied" |
CJT fields survive all clearing levels (0 through 3). Even at the highest clearing level, the jurisdiction and legal basis of each inference remain in the witness record. This means an auditor can always determine whether an inference was subject to export control restrictions, regardless of how much detail was cleared from the payload.
Clearing Levels as Access Enforcement
Organizations subject to export control can use clearing levels to enforce data handling requirements:
- Level 0 (Analytics): Metadata only. Safe for unrestricted access.
- Level 1 (Standard): Model identity and performance data. Appropriate for general commercial use.
- Level 2 (Sensitive): Full inference context. Restricted to authorized personnel.
- Level 3 (Classified): Complete evidence chain. Access limited to cleared personnel in authorized jurisdictions.
7. Lessons for All Providers
The June 12 directive targeted Anthropic. The implications extend to every organization that depends on a frontier AI model.
What This Means
- Any model can be recalled. The government has demonstrated the willingness and mechanism to order a global model shutdown with no advance notice. This is not a theoretical risk.
- Provider diversification is not optional. Organizations that depend on a single model provider have a single point of failure. The June 12 event proved this.
- Evidence of continuity is now a requirement. After June 12, any auditor evaluating an AI system will ask: "What happens if your model provider is shut down overnight?" The answer must include evidence procedures, not just a disaster recovery plan.
- The recall gap is measurable. The time between the last witnessed inference on the recalled model and the first witnessed inference on the replacement is the recall gap. This gap is auditable, reportable, and -- if the organization was not witnessing -- undocumented.
SWT3 Is Provider-Agnostic by Design
The witness protocol does not depend on any specific model provider. The same AI-REV.1 procedure that revokes an Anthropic anchor works for OpenAI, Google, Meta, Mistral, or any other provider. The same AI-SAFE.1 transition procedure works regardless of which model replaces which.
This is the value of an independent witness layer. When the model provider is the subject of the compliance event, the evidence cannot come from the model provider.
8. References
- Deploy Claude Fable 5 in Regulated Environments (model currently suspended)
- Anthropic Zero Trust for AI Agents -- SWT3 Crosswalk
- AI Supply Chain Integrity Witnessing
- AI Provider Outage Resilience
- UCT Registry -- Full Procedure Catalog
- Bidirectional Framework Crosswalk (machine-readable)
- SWT3 SDK Documentation (Python, TypeScript, Rust, C#, Ruby, MCP)
- Public Anchor Verification