This week the US government ordered Anthropic to cut off access to two of its most capable models, Fable 5 and Mythos 5, citing national security and a possible jailbreak. Anthropic complied within hours, disabled the models for every customer, and publicly disagreed with the basis for the order. Access to its other models was not affected.
The internet is now arguing about whether the government was right. For a lawyer, that is the wrong argument. Whoever is correct about the export-control question, the episode just confirmed two things about practicing with these tools, and both were true before any of this happened.
The first fact: the tool is not yours
A model you build a workflow on can be removed without your input, for reasons that have nothing to do with you, on a timeline you do not control. Here it was a government directive delivered at 5:21pm on a Friday that took effect the same evening. It could as easily be a terms change, a price change, a pricing tier sunset, a regional restriction, or a provider deciding a capability is now off-limits. The mechanism does not matter. The exposure is the same.
Most lawyers treat the model the way they treat electricity: a stable utility that is simply there. It is not. It is a commercial product subject to forces that can switch it off between one matter and the next. If a step in your client work only functions when one specific hosted model is available, you have built a single point of failure into your practice and handed the off-switch to someone else.
That is a competence problem before it is a technology problem. The duty of technological competence is not satisfied by knowing how to prompt well. It includes understanding that the tool can vanish, and not letting a client deliverable depend on its continued existence.
The second fact: the part you were supposed to skim past
Here is the detail that did not make the headlines, and the one that should actually concern you.
To deploy these models, the provider required 30-day retention of customer data. Anthropic stated this plainly. It was a deliberate safety choice, part of a defense-in-depth strategy: retain the data so successful attacks can be detected and studied. From a public-safety standpoint, that is a defensible design.
Now read it as a lawyer. A measure that makes the model safer for the public is, for you, a confidentiality fact. The most capable models on offer came with a condition that your inputs sit in a third party's systems for a fixed period, specifically so they can be examined. That is not a scandal and it is not hidden. It is a tradeoff. But it is a tradeoff that lands on the duty of confidentiality, and it is exactly the kind of provider term that most lawyers never read before pasting in a draft claim chart or an unfiled specification.
For an IP or patent practitioner, this is not abstract. Unfiled applications, prior-art analysis, and trade-secret material do not tolerate a casual 30-day stay in someone else's infrastructure. The retention window expands the disclosure surface and the period of third-party custody. It does not, by itself, break privilege - privilege is a doctrine, not a network setting - but it changes the facts you would have to defend if anyone ever asked how that material was handled.
This is the third of the five questions I keep coming back to: what does the provider do with the information you give it? The Fable recall just turned that question from a hypothetical into a documented term you can point at. The capability you most want and the data condition you least want arrived in the same package. That is the part worth noticing.
What to actually do
Not panic, and not abandon the technology. Three concrete moves:
Read the data terms of any model before client material touches it, and treat retention period, training use, and access-on-legal-process as facts you are responsible for, not fine print. The five questions exist for this.
Assume any hosted model can change its terms or disappear, and do not weld a client deliverable to one that cannot survive it being gone. Keep the sensitive-matter path portable.
Match the tool to the sensitivity of the matter. The model you reach for to summarize a public docket is not automatically the model you reach for to reason over an unfiled invention. The most powerful option is not the right default when the data is the thing you are paid to protect.
Anthropic says it is working to restore access, and it may. But the lesson does not come back with the model. You now know the tool can be taken away, and that its safety had a data cost you were quietly carrying. Plan as though both are permanent features of practicing this way, because they are.
I write more on using AI in legal practice without surrendering judgment, privilege, or the duty of competence, at The Agentic Lawyer. www.theagenticlawyer.com
Educational only, not legal advice, and no attorney-client relationship is created. Views are my own, not my employer's. Attorney advertising in some jurisdictions.