The most safety-obsessed AI lab on earth just had two of its models yanked off the market by the U.S. government. If that doesn't worry you about the model running inside your own company, it should.
On June 12, 2026, under an export-control directive from the Commerce Department, Anthropic pulled Fable 5 and Mythos 5 for every user on the planet. Not over a breached server — over a demonstration that the models could be talked into dangerous work with nothing but the right words. Anthropic's own term for it: a "narrow, non-universal jailbreak." (Some researchers insist it was harmless defensive work, not an attack at all — and the model still got recalled, which tells you exactly how thin the line between using and abusing a model has become.)
Read that again. The people who wrote the book on AI safety could not keep their own models from being steered past the line.
Your model is the soft target
So be honest about the model your team wired into its inbox, its tickets, its codebase, and its customer chat last quarter. It was not built by people more careful than Anthropic. It is not watched more closely. And it sits directly on top of your data.
We put models on the rack and measured what happens. Bare frontier models leaked a protected secret in 39.8% of our attack set. Six small open-source models handed back a planted secret verbatim on a single forged-history prompt. Not exotic exploits — typed sentences. Jailbreaking and prompt injection are the same blade: a model does what its input tells it to, and "don't" is just one more instruction waiting to be overridden.
And the people typing those sentences are no longer researchers being polite. Named-brand breaches are already in the headlines, the methods are shared and cheap, and they improve every week. If your defense is a system prompt that says "never reveal secrets," you don't have a defense. You have a suggestion.
The only thing that holds
You cannot patch a model into never being fooled — that's the lesson Anthropic just learned in public. What you can do is make the fooling harmless. Containment puts a layer outside the model that controls what it's allowed to emit, in-process: let an attacker talk your model into surrendering its secrets all day — the data still can't leave the building. That's what Bridgekeeper does. And because the attacks mutate constantly, the subscription feed pushes the newest ones to your defenses as fast as we catch them in the wild.
Even Anthropic isn't untouchable. Your model isn't either. The only question left is whether something stands between the next clever prompt and your data — or nothing does.