Anthropic Restores Claude Fable Access After Export Controls Lifted, Adds Mandatory Identity Verification
What Happened — The U.S. Department of Commerce lifted export controls on Anthropic’s two most powerful models, Claude Fable 5 and Mythos 5. Anthropic will begin restoring access to Fable 5 on Wednesday, while Mythos 5 remains limited to select partners. At the same time, Anthropic is rolling out mandatory identity‑verification (KYC) for “a few use cases,” using Persona Identities as the verification partner.
Why It Matters for Compliance & Audit Readiness
- The new KYC flow creates a data‑processing activity that must be captured in SOC 2 privacy (CC6.1) and security (CC3.1) controls, with documented consent and audit‑ready evidence.
- Third‑party handling of ID documents and selfies by Persona introduces a vendor‑risk element that requires continuous monitoring and contractual safeguards to satisfy SOC 2 vendor‑management requirements.
Who Is Affected — AI SaaS providers, enterprises that integrate Anthropic’s APIs, and regulated industries (finance, healthcare, etc.) that must meet strict privacy and data‑subject rights obligations.
Recommended Actions —
- Update your vendor risk assessment to include Persona’s data‑processing practices and ensure a Data Processing Agreement is in place.
- Map the KYC workflow to SOC 2 controls, capture consent records, and establish a continuous‑evidence collection process for privacy‑related audit inquiries.
Source: BleepingComputer
Technical Notes — The export‑control lift removes ECCN restrictions on the models, enabling broader distribution. Identity verification requires a government‑issued photo ID and a live selfie; verification data is stored by Persona, not Anthropic, and is used solely for compliance and abuse‑prevention purposes.