TL;DR On 12 June 2026, Anthropic took Claude Fable 5 and Claude Mythos 5 offline after a US government export-control order raised national security concerns about jailbreak risks. The shutdown happened worldwide within hours for organisations using external AI services.
This shows that AI supply chains now bring operational, regulatory and data governance risks. Make sure to test your backup options before a disruption reveals any gaps.
Claude Fable 5 and Claude Mythos 5 launched on 9 June 2026, however by 12th June, Anthropic had disabled access following a US government directive related to export control concerns, according to Business Insider Anthropic reportedly stated that it could not reliably screen foreign users in real time, so it suspended the affected models globally.
This matters because centralised, cloud-based AI can be turned off quickly when national security, export control or regulatory concerns are invoked. For organisations using AI in operational workflows, this is a business continuity issue, not just a technical problem.
AI services are now part of the operational supply chain, if a model, application programming interface or AI-powered platform goes offline, business processes can be interrupted.
3 Risks Need Attention:
The World Economic Forum, Global Cybersecurity Outlook 2026 highlights the broader problem, its research showed that third-party and supply chain vulnerabilities are still the top barrier to cyber resilience for large companies, rising to 65% in 2026.
Mid-market businesses and growing SMEs face many of the same AI and cyber risks as large companies. The main differences are usually budget, resources and access to specialist advice.
Every organisation using external AI services should be able to answer 4 questions:
For UK organisations, compliance depends on sector, use case and market reach.
The EU AI Act is not UK law, but it can affect UK businesses that offer AI systems in the EU or serve EU customers. In the UK, AI risk is managed through existing rules including data protection, financial services regulation, medical device regulation and contractual requirements, useful reference points include:
An AI jailbreak is a way to get around an AI model’s safety controls, this can include manipulating prompts, using several steps or trying to make the model share information or perform actions it should block. IBM, AI Jailbreak reported that jailbreak attempts succeed about 20% of the time, with attackers needing just 42 seconds and five interactions.
A 2026 study, Nature Communications found that large reasoning models can act as autonomous jailbreak agents, reaching a 97.14% success rate across tested model combinations. Pillar Security, The State of Attacks on GenAI also highlights real-world attacks against generative AI systems.
The main point is not that every AI model will fail, but that AI controls need to be monitored, tested and managed. This is especially important when AI tools can access sensitive data, code, customer records or operational systems.
Begin with a focused review with the aim is to understand where AI is being used, what data it can access, which services are business-critical and how the organisation would continue operating if access changed or stopped.
1. Map AI Dependencies
Make a list of every AI service your organisation uses. Include approved tools, shadow IT, browser extensions, developer tools and AI features built into existing platforms.
Recommended Action: Create an AI dependency register covering business owner, use case, data accessed, criticality, contract owner and fallback option.
Output: A clear view of which AI services are in use, who owns them, what they access and which ones create operational risk.
2. Test Fallback Options
Do not wait for an outage, f or each critical AI service identify an alternative and test it with a small pilot project.
Recommended Action: Run a cyber tabletop exercise using a simple disruption scenario: your main AI service goes offline with four hours’ notice. Identify what stops working, who needs to be informed, which fallback option is approved and who owns the decision to switch.
Output: A tested fallback plan with named owners, decision points and gaps to fix.
3. Strengthen Data Governance
Use Microsoft Purview to understand where sensitive data is stored, how it is classified and where it might be exposed through AI use. Microsoft Purview supports data security, governance and compliance across data, analytics and AI apps.
Recommended Action: Map AI-related data flows and apply controls to limit sensitive data exposure through external AI services.
Output: A governed view of what data AI services can access, where that data goes and which controls need to be improved.
4. Monitor AI-Related Security Events
Use Microsoft Sentinel to connect AI usage patterns with other security events. This helps security teams spot, investigate and respond to threats from one place.
Recommended Action: Create monitoring rules for unusual AI interactions, abnormal data access, risky user behaviour and unexpected use of external AI services.
Output: Improved visibility of AI-related security activity and a faster route to investigation and response.
5. Reduce Single Points of Failure
Do not build critical workflows around one external AI service. Consider multiple vendors, approved fallback tools or hybrid setups where sensitive workflows remain within your Microsoft environment.
Recommended Action: Review critical AI-enabled workflows and remove single points of failure where disruption would affect operations, customers or regulated activity.
Output: A more resilient AI operating model with fewer uncontrolled dependencies.
6. Track The Right Metrics
Measure whether your AI security posture is improving. Keep the metrics simple and operational.
Recommended Action: Track three measures: time to detect unusual AI interactions, time to respond to AI-related incidents and data exposure risk from AI services.
Output: A practical performance baseline that can be reviewed monthly and used to prioritise improvement.
Microsoft Security gives organisations a strong foundation for managing identity, endpoints, email, data, cloud and security operations. It does not remove all AI supply chain risk, but it helps reduce uncontrolled dependencies and improves visibility.
CyberOne brings these capabilities together through Assure365, combining Microsoft Security with Managed Service expertise .This helps organisations move from ad hoc AI use to governed AI adoption, with clearer visibility over data, suppliers, access and operational resilience.
CyberOne can support this through Supply Chain Assessment, the output is a clear dependency map, prioritised risk register and practical 90-day implementation plan.
Key point: AI operational risk covers service disruption, data exposure, supplier dependency and compliance uncertainty. Start with a small pilot, test your backup plan and share the results.