Sponsored by

Find Your Best-Fit 3PL.

Skip weeks of sales demos. Tell Fulfill your products, order volume, and shipping zones, and our team screens a network of 2,800+ vetted 3PLs to hand you a ranked shortlist of your best-fit partners. You reach out to the matches you like, get pricing directly from them, and decide on your own terms, whether that means switching to a better fit or negotiating with your current 3PL. There is no fee and no pressure, and most brands get their shortlist within days. See your best-fit matches.

iPrompt

THE AI NEWSLETTER THAT TURNS NEWS INTO ACTION

DEEP DIVE · COMPANION TO ISSUE #141

The permission economy — how gated access became frontier AI’s default setting

Two labs, one week, the same instinct: gate the most powerful version of the model behind a government-approved list, and call the general-access version “coming soon.” That’s not a delay. That’s the new architecture — and it just got tested twice and held both times.

BY R. LAURITSEN · 1 JULY 2026 · 9 MIN READ

Picture this: the tool your business runs on goes dark for reasons you’re never told, and getting it back depends on a list you can’t see and never applied to join. That’s not a hypothetical any more — it’s what just happened, twice, to two competing AI labs, in the same seven days. Fable 5 switched back on today, nineteen days after a 90-minute government order switched it off. Most coverage will call that a restoration. It isn’t, not quite. What came back runs on a countdown and a list, not a subscription: usage credits from 7 July, an identity check landing the day after, and Mythos 5 — the harder cybersecurity model — rationed to around 100 organisations Washington has personally cleared.

Read that alongside the other launch that happened the same week and a pattern snaps into focus. On 26 June, hours before Commerce Secretary Howard Lutnick’s letter partially freed Mythos 5, OpenAI released GPT-5.6 — its own gated flagship — not to the public, not even to paying API customers, but to a short list of organisations the White House had personally cleared. Two competing labs, the same seven days, the same architecture: ship the frontier model behind a government-approved gate, and put the open version on a “coming soon” page. That is not a coincidence. That is a template, and it just got tested twice in the same week — and held both times.

What actually happened, twice

Start with what’s confirmed. Anthropic’s Fable 5 — its general-access model — and Mythos 5 — its restricted cybersecurity model — went dark on 12 June under an export-control directive, after Amazon flagged that Fable 5 could be prompted into describing how to exploit a vulnerability it had also found. Anthropic disputed the severity but complied within the 90 minutes it was given. Nineteen days of negotiation followed.

On 26 June, Lutnick restored Mythos 5 only — to roughly 100 named US organisations on an unpublished list the letter calls “Annex A,” plus government agencies and Anthropic’s own foreign staff, with the right to revise that list “at any time.” Fable 5 stayed dark for five more days, until Anthropic confirmed today’s global relaunch, alongside a rebuilt safety classifier and a new industry framework — built jointly with Amazon, Microsoft and Google — for scoring jailbreak severity before a model ships.

OpenAI’s story ran on a parallel track. GPT-5.6 — its own frontier release — had been previewed to the government under the same 2 June executive order that eventually reached Anthropic. When it launched on 26 June, the same day as the Mythos partial restore, it went to roughly twenty trusted partners cleared with Washington in advance, not the open API. OpenAI’s own language was blunt: this “shouldn’t become the long-term default.” It became the default anyway, the same week, for the second lab in a row.

Why this is infrastructure, not an incident

Here’s the shift worth naming — and it’s a strong claim from a small sample, which deserves scrutiny before you act on it. A month ago, if you’d asked what stood between an AI lab and shipping its best model, the honest answer was mostly engineering: safety testing, red-teaming, capacity. Government approval was a compliance checkbox somewhere in the process, not the process. Two labs, independently, just built and used the same three-part machine in the same week: a pre-release government preview, a named list of who gets in first, and a public commitment that this is temporary.

Two data points isn’t a trend by the normal rule of statistics — but this isn’t a random sample. It’s two direct competitors, under the same new regulatory pressure, landing on an identical structure without coordinating. That’s convergent design, not coincidence, and it’s a stronger signal than volume. The confirming signal to watch for: a third lab, especially one outside the US, adopting the same structure without being forced to.

The machine worked for both labs. Mythos partially returned, GPT-5.6 shipped to its cleared list, and neither company’s stock cratered over it. A mechanism that works twice in a week, under pressure, for two competitors, isn’t an emergency response any more. It’s a product feature.

THE QUESTION THAT MATTERS NOW

It used to be enough to ask “is this model good enough?” Now there’s a second question sitting in front of it: “am I — my company, my citizenship, my seat on somebody’s list — good enough to be allowed to use it?” The second question didn’t exist as a live variable a month ago. It isn’t going away because Fable came back.

The counter-argument, taken seriously

Three objections are worth taking straight — and each maps to a real reader doubt. “Isn’t this overblown?” This could still be a one-off: a genuinely unusual jailbreak report, an administration flexing muscle, nothing that repeats once the current dispute cools. “Does this actually affect me?” For the vast majority of users, none of this bites — Annex A and GPT-5.6’s twenty partners are enterprise and government accounts, not the Tuesday-afternoon ChatGPT user. “Isn’t gating actually a good thing?” It might genuinely be safer: a shared jailbreak-severity framework built by four companies together is a real improvement over each company guessing alone, and that’s worth having even if the politics around it are ugly.

Each is fair, and none changes the conclusion much. The one-off argument is hard to hold after watching two separate companies build the same machine independently in the same week. That’s not one strange event. That’s convergent design.

The most-people-unaffected argument is true today, and worth remembering before panicking. But it describes the current edge of a fence, not a promise about where the fence stops growing. Annex A already includes “Anthropic’s own foreign-national employees” — a very short distance from including yours.

And the safer-by-design argument mostly proves the opposite of what it’s used to prove. If gating genuinely makes frontier AI safer, the labs and the government now share an incentive to keep doing it even after the current dispute resolves — because it worked.

What to do about a fence that keeps moving

If you run a company: stop treating vendor access as binary — “we have it” or “we don’t.” Ask instead which of your AI-dependent workflows sit on a model, tier or country list that could be narrowed by a letter you’ll never see coming. That’s a governance question now, not just a procurement one — it belongs in the same review as your data-residency and export-compliance checklists.

If you buy AI tools: ask your vendor a question most sales calls have never had to answer: “if the US government restricted your underlying model tomorrow, what changes for me, and how would I find out?” A vendor with a real answer has already priced this risk in. A vendor who looks surprised by the question hasn’t — and you’re the one who’ll absorb that surprise.

If you build on AI: treat an Annex-A-style list as a plausible feature of any frontier model’s lifecycle, not an edge case. Design for a world where your primary model can be narrowed to a subset of users overnight, not just switched off entirely — because narrowing, not switching off, is what actually happened this month, twice.

The bet, stated plainly

By the end of Q3 2026, expect at least one more frontier lab — plausibly one outside the US — to adopt an Annex-A-style tiered release voluntarily, ahead of being asked, because two competitors just demonstrated it’s the fastest route to market after a security scare, rather than the slowest. What would prove this wrong: regulators formalise a single transparent process that replaces ad hoc letters and vetted lists, making case-by-case gating unnecessary; or this month turns out to have been a genuine one-off, driven by an unusually severe jailbreak report rather than a durable shift in how governments treat frontier models. I don’t think either is the way to bet, but both are honestly falsifiable — which is the only kind of prediction worth making.

Nineteen days ago the only question in AI was which model is best. This week two labs answered a quieter one first: who gets to use it, and who decides. That question didn’t disappear when Fable 5 came back online. It just stopped being urgent enough to notice — which is exactly when it’s worth writing down. If you think I’ve called this wrong, reply to this week’s issue and tell me why — I’ll print the sharpest counter-argument.

YOUR MOVE

One thing, ten minutes: run this week’s Vendor Risk Scorecard on the single AI tool your business would struggle most to lose — that’s the one action that matters this week. If you have another ten minutes after that: list every other tool you couldn’t function without for a day, and check whether access to it is gated by anything beyond a subscription — a region, a tier, a partner list, a country. Get iPrompt every Wednesday →

The CRM Behind Every Win

Attio is the agentic CRM that runs the work behind every win.

With agents and automations that build pipeline, chase signals, and move deals forward, Attio orchestrates your revenue work around the clock.

Loved by high-growth startups like Granola, Modal, and Wispr Flow, Attio amplifies what your team can achieve.