The Access Layer Is Now a National Security Asset
As frontier AI becomes a national security concern, identity verification, access controls, and fraud prevention are emerging as critical infrastructure for securing advanced AI systems while balancing privacy, compliance, and user trust.



Key takeaways
- The Fable 5 and Mythos 5 shutdown demonstrates that identity, access controls, and governance have become strategic requirements for frontier AI, not just technical considerations.
- The event exposed an industry-wide identity infrastructure gap: many AI providers cannot reliably determine who is accessing advanced models, under what authority, and at what assurance level.
- As governments increasingly view frontier AI through a national security lens, identity verification is becoming a foundational compliance requirement for AI access.
- Organizations building AI into critical business processes must account for a new operational risk: model access may be restricted or suspended if regulatory and governance requirements are not adequately addressed.
- The long-term challenge for AI providers will be balancing strong identity assurance and regulatory compliance with privacy-preserving user experiences that maintain consumer trust.
For the first time, the U.S. government has used export-control authority to switch off a commercially deployed AI model. On June 12, 2026, the Commerce Department invoked the Export Control Reform Act to shut down Anthropic's Fable 5 and Mythos 5, and because the company could not verify nationality at its API, it had to go dark for every user on earth in a single directive.
What may appear as a regulatory act actually portends something much larger. This is a clear indicator that the world's most powerful governments fully recognize what AI can do, and it offers a signal that they plan to take action to control it. The public narrative centered on an alleged jailbreak technique that Amazon flagged. The message was that this constituted a legal trigger, but the real reason runs considerably deeper.
In a June 11 Senate Intelligence Committee briefing, Sen. Mark Warner said NSA Director Gen. Joshua Rudd had told him that Mythos, in an authorized red-team exercise, broke into almost all of the NSA's classified systems, not in weeks but in hours. The account, first reported by The Economist, has not been confirmed by any government agency, and the publication's editor later cautioned it should not be read literally. When that testimony landed, the question of whether Fable 5 should be available to any foreign national anywhere in the world became very simple, very fast.
The Industry's Identity Infrastructure Gap
The shutdown exposed a challenge that extends well beyond any single AI provider. Anthropic happened to be the company affected by this particular action, but the underlying issue exists across the frontier AI ecosystem. As AI capabilities advance, questions around access controls, identity assurance, governance, and regulatory compliance are becoming increasingly difficult to ignore.
More broadly, this introduces a new category of operational risk for enterprises building AI into long-term business processes. If access to a model can be suspended with little notice because governance or compliance requirements are not adequately addressed, organizations face uncertainty around the reliability of critical AI-dependent workflows. This is precisely why many security, fraud, identity, and governance professionals have been calling for stronger controls and clearer operating frameworks around frontier AI deployment.
Anthropic had no mechanism to selectively remove access by nationality. Being unable to verify user nationality in real time at API scale, the company had no option other than shutting Fable 5 down for every customer on earth. In a single directive, it initiated a total global blackout. Every enterprise customer, every developer, every API integration was gone simultaneously, because the identity infrastructure to do it cleanly did not exist.
The most important question exposed by this event was surprisingly fundamental: who has access? In security and identity management, understanding who can access sensitive systems, under what conditions, and at what assurance level has long been considered a foundational control. Given the capabilities now emerging from frontier AI systems, it is not surprising that regulators and security professionals are increasingly focused on this question.
To be fair, the failure wasn’t because of an unexpected bug. It borne of a faulty design assumption that is shared by the entire industry. Anonymous, stateless API access was a feature, but it now turns out it was also a national security liability.
Identity Is Now the Compliance Primitive for Frontier AI
While the scientific community remains optimistic about AI's potential, the organizations building these systems are increasingly confronting a challenge that security professionals have dealt with for decades: powerful technologies require equally strong identity, security, and governance controls. The investment and attention devoted to advancing AI capabilities must be matched by investment in the infrastructure that governs access to them. Events like this illustrate what can happen when those two tracks evolve at different speeds.
Anthropic is first, not alone. It confirmed in June that it is using Persona to perform document and facial verification at the consumer layer, the first major lab to codify biometric identity checks for consumer access. OpenAI and Google do not yet require it, which tells you where the market is heading, not where it already is
With verified US citizenship data, Anthropic could open Fable 5 access to domestic users willing to submit an ID without requiring the Commerce Department to formally lift the directive. That is the deal being assembled right now. Identity verification will cease to be merely a compliance gesture and instead will become the mechanism by which AI capabilities get restored to paying customers.
For fraud and risk leaders, this is the market signal: identity verification is becoming the toll gate for frontier AI. It will be a regulatory precondition for operating at all.
The Scale of the Threat That Got Us Here
It’s important to understand some context for what’s driving this in order to understand the opportunity it creates.
The Chinese lab extraction campaign is the most concrete illustration of what happens without identity controls at the access layer. Three Chinese research labs ran approximately 16 million exchanges through roughly 24,000 fake accounts. In a separate disclosure dated June 10, Anthropic told the Senate Banking Committee that an Alibaba-linked campaign ran more than 28.8 million exchanges through almost 25,000 accounts between April and June 2026, the largest such effort it has documented. It was a coordinated, systematic effort to distill Claude's capabilities into models that could be replicated and deployed without Anthropic's safety architecture. This might have looked like credential stuffing, but it was identity fraud in service of state-level AI capability transfer.
Every one of those 24,000 accounts was a fabricated identity that Anthropic's access layer accepted without challenge. The accounts looked real enough to pass whatever friction existed. The extraction ran until it was detected, but it was not prevented.
This is what identity failure looks like at national security scale. Synthetic accounts, operating at volume, used to strip proprietary AI capabilities and transfer them to adversaries. The access layer had no meaningful nationality filter, no behavioral signal that 24,000 accounts were running coordinated extraction, and no mechanism to catch it until after the damage was done.
That is the problem that now has the attention of the NSA, the Commerce Department, and the White House. At its core, this is first and foremost an identity management problem. Fraud, abuse, and policy violations are downstream consequences of not being able to confidently determine who is accessing powerful systems, under what authority, and at what level of assurance.
The Surveillance Backlash Is Coming
Here is the tension that will define this market for the next 24 months: The government wants identity at the AI access layer. The public is increasingly sensitive to how biometric data is collected, stored, protected, and shared, particularly when that information may be concentrated within a small number of providers and when transparency and privacy controls are not well understood.
AI identity verification is going to get dragged into the same fight. The moment "Anthropic has your government ID, your face scan, and a facial geometry template on file" becomes a news headline, and it will, you are going to see a significant consumer revolt against centralized identity verification for AI access. Third-party identity providers can help address operational and compliance requirements, but they do not eliminate broader concerns around data protection, privacy, governance, and consumer trust. Those concerns remain regardless of where sensitive identity information is ultimately stored.
This is precisely why consumer-controlled verifiable credentials exist. The correct answer to "prove you are a US citizen with legitimate use intent" is not "hand your ID and face scan to a VC-backed identity platform." The correct answer is a credential that lets users prove what they need to prove (nationality, age, fraud history) without surrendering raw biometric data to be stored, breached, or sold.
Passive IDV, identity verification that does not require users to actively submit documents or sit for a face scan, can provide better UX. But in this environment, it is the politically defensible alternative to building a surveillance infrastructure on top of AI access. The labs that get this right will have a meaningful advantage in consumer markets. The ones that build in ways that feel like surveillance will face regulatory and reputational exposure as the backlash matures.
The New Focus on Identity Isn’t So New
The Fable/Mythos shutdown is a proof point that identity infrastructure for AI has now become a policy conversation. The government has demonstrated it will shut down globally deployed AI models with 90 minutes of notice when it believes the access layer is inadequate. Every frontier lab now has to solve the same problem Anthropic is scrambling to solve: how do you verify the identity and nationality of users at API scale, with minimal friction, without building a surveillance apparatus that triggers a consumer revolt?
This is Prove's core capability. The specific attack vector, in this case, fake accounts used to extract AI capabilities at scale, is a variant of the synthetic identity fraud problem we have been solving in financial services for years. The detection signals are different, the regulatory context is new, but the underlying challenge is familiar: distinguishing real, authorized users from fabricated identities operating at volume with coordinated intent. Passive behavioral signals, device intelligence, document verification, and other risk-based identity controls all have an important role to play in solving this challenge. The goal should be to apply the appropriate level of identity assurance while minimizing unnecessary friction and preserving user privacy wherever possible.
The labs are moving. The government is forcing the timeline. The consumer backlash is coming. The window to be the identity infrastructure for AI access, rather than a vendor bolted on after the fact, is right now.
The modern
way of proving identity
Trusted by 2500+ leading companies to reduce fraud and improve consumer


Frequently Asked Questions
Because it demonstrated that governments are willing to intervene directly when they believe access controls around frontier AI are inadequate. While Anthropic was the company involved in this case, the underlying challenge applies across the AI industry.
As AI systems become more capable, governments and regulators increasingly need assurance that access can be restricted based on legal, regulatory, and national security requirements. Identity becomes the mechanism that enables those controls.
Not necessarily. At its core, this is an identity and access management challenge. Fraud, abuse, model extraction, and policy violations are often symptoms of an inability to confidently determine who is accessing a system and whether they should have access.
At internet scale, reliably determining a user's nationality or eligibility is more complex than geofencing an IP address. Effective controls often require stronger forms of identity assurance and verification.
For the most advanced AI capabilities, the trend is clearly moving toward greater identity assurance. The exact implementation will vary, but regulators increasingly expect providers to understand who is accessing sensitive systems.
Not necessarily. Government IDs and biometric verification are one approach, but the industry is actively exploring alternative methods that can provide sufficient assurance while reducing privacy concerns and user friction.
Consumers are increasingly concerned about how identity data, government IDs, and biometric information are collected, stored, shared, and protected. As AI identity requirements increase, these concerns are likely to become more prominent.
Potentially over the long term. Verifiable credentials could allow users to prove attributes such as nationality, age, or eligibility without repeatedly sharing sensitive information. However, adoption remains uneven across countries and ecosystems.
Organizations should evaluate their identity, access management, governance, and compliance frameworks. The goal is to establish sufficient assurance and risk controls while preserving user privacy and maintaining a positive customer experience.
Enterprises should begin treating identity infrastructure as a strategic dependency for AI adoption. When access to advanced models becomes subject to regulatory oversight, identity and governance controls become critical components of business continuity and operational resilience.

Keep reading
Read the article: Account Takeovers: The Silent Revenue KillerAccount takeover (ATO) fraud is rapidly becoming one of the biggest threats facing digital marketplaces and gig platforms. Learn how ATO attacks work, why they are accelerating, the latest fraud trends and statistics, and how continuous identity verification helps organizations prevent account takeovers while protecting revenue, customer trust, and user experience.
Read the article: The Silent Drain: How SMS Pumping Is Bleeding Digital Marketplaces DrySMS pumping fraud is silently increasing verification costs for digital marketplaces by exploiting OTP workflows. Explore how these attacks operate, why traditional SMS authentication is failing, and how proactive phone intelligence can prevent fraud before an SMS is sent.
Read the article: Prove and Baselayer Partner to Bring Real-Time Business Verification to ProveXProve and Baselayer simplify business verification by combining trusted identity, real-time KYB intelligence, and seamless onboarding into a single workflow without requiring additional verification steps.