The Condition of Access

The past week has produced a specific new framework for enterprise AI: model access is explicitly conditional. Fable 5 is offline on government terms — fix a named jailbreak vulnerability, then access will be restored. OpenAI extended GPT-5.5-Cyber to the EU through a formal compliance program. GitHub's consumption billing moved enterprise AI usage to the token level. Microsoft's Work IQ API went generally available today. AI tools are no longer simply on or off. They come with terms.

In this edition: The Fable 5 standoff's specific terms — David Sacks, the Chinese breach, and the refused patch  ·  Microsoft Work IQ API goes GA today  ·  OpenAI's EU cybersecurity compliance model  ·  GitHub AI Credits: the enterprise token budget  ·  The Number: 3,900

Fix the Jailbreak or De-Deploy. Anthropic Said No. Here Is What Enterprise Leaders Now Know.

In a June 13 post on X, David Sacks — co-chair of the President's Council of Advisors on Science and Technology — laid out the government's account of the Fable 5 shutdown. The administration warned Anthropic that a Chinese group had exploited Fable 5's jailbreak to access Mythos 5-level capabilities. Dario Amodei was given a choice: fix the vulnerability, or pull the model. He declined. The export control followed. On June 15, senior Anthropic staff met with Trump administration officials in Washington. No agreement was announced. The terms of restoration are now explicit — and enterprise organizations are watching a new kind of conditional model relationship play out in real time.

Anthropic's position — maintained in its official statement — is that the identified technique is a "narrow, non-universal jailbreak," that perfect jailbreak resistance is not achievable in any current model, and that the capability level in question is already accessible through other publicly available models including OpenAI's GPT-5.5. Anthropic characterized the shutdown as a misunderstanding. On June 15, senior Anthropic staffers traveled to Washington for meetings with Trump administration officials, including Commerce Department representatives. The reported agenda covered safety protocols that could satisfy the government's national security concerns, potential access frameworks for restricted scenarios, and a timeline for restoration. No agreement was announced as of this morning.

There is a specific enterprise implication in the Sacks account that goes beyond the immediate dispute. The terms he describes — fix a named vulnerability, and access will be restored — function like a product safety recall: a conditional suspension with a defined path to restoration. This is distinct from a ban. A ban is indefinite. A recall has a remediation condition. Enterprise organizations that have been waiting for Anthropic to announce a restoration date now have the government's stated condition for what that restoration requires.

The difficulty is that the remediation condition may not be simple. Anthropic's defense-in-depth approach — classifier fallbacks, monitoring, rapid response to emerging techniques — is premised on the architectural reality that no frontier model achieves universal jailbreak resistance. If the government's condition requires a hard fix to a specific technique, and Anthropic's honest assessment is that such a fix is not technically achievable without a fundamental architectural change, then the "condition of restoration" is either a negotiated technical standard or a stalemate. The June 15 meetings suggest both sides are attempting to avoid a stalemate. Enterprise organizations should not assume the outcome of those negotiations is known.

Moving Pieces

Three more developments that matter to enterprise leaders today

Microsoft Work IQ API Goes Generally Available Today

Microsoft's Work IQ API reached general availability this morning — the intelligence layer that builds a semantic map of your enterprise by continuously processing email, calendar, meetings, chats, files, people, and collaboration patterns. Available via A2A, a redesigned remote MCP server, and a REST API. Billed through Copilot Credits, consumption-based, with no separate SKU or per-user license. The enterprise significance: agent builders working in the Microsoft 365 ecosystem now have a production-ready API for grounding agents in actual organizational context — what's in flight, who owns what, which documents are relevant, what the relevant communication history is. This is not a search API. It is a semantic reasoning layer over how your organization actually works. Organizations already running Copilot Studio or M365-integrated agents should evaluate Work IQ API integration now.

OpenAI Extends GPT-5.5-Cyber to EU Through Formal Compliance Program

OpenAI granted the EU access to GPT-5.5-Cyber — a variant of GPT-5.5 designed to be more permissive for authorized cybersecurity work: vulnerability identification, malware analysis, reverse engineering, and patch validation. Access is restricted to vetted cybersecurity teams, EU businesses, governments, and EU institutions under the EU Cyber Action Plan. Account holders must enable Advanced Account Security with phishing-resistant protections. The strategic contrast to the Fable 5 situation is instructive: OpenAI expanded access to a model with elevated capabilities by building a formal compliance and vetting program — more permissive access, in exchange for accountable, verified use. This is the governance architecture the Fable 5 dispute is implicitly calling for. Enterprise cybersecurity teams in the EU with active security operations should evaluate access eligibility.

GitHub Copilot AI Credits: Enterprise Token Budgets Are Now Live

GitHub Copilot Enterprise ($39/user/month) transitioned to usage-based billing on June 1, with the metered period now fully operational. AI Credits replace premium request units: 1 Credit = $0.01, priced at token-level API rates per model. Enterprise users receive $39/user/month in included credits — 3,900 credits per seat. A transition buffer runs through September 1, 2026. Enterprise teams that have been managing Copilot as a flat-rate seat license are now managing a token budget. The first metered billing cycles are underway. Teams with heavy agent usage may find consumption patterns exceed the included allotment; teams using primarily autocomplete may find the opposite. Enterprise technology leaders should be monitoring consumption dashboards now, before end-of-month billing cycles close.

GitHub AI Credits included per Copilot Enterprise user per month — 3,900 units at $0.01 each, priced at token-level API rates. For the first time, enterprise AI tool consumption is legible at the token level at scale.

The 3,900-credit allotment is not a ceiling — it is the included monthly budget. Usage above it is billed at the same per-credit rate. Usage below it does not roll over. What the metric establishes for enterprise technology leaders is a new class of AI infrastructure cost: consumption-based, model-dependent, and visible at the token level. A Copilot Enterprise deployment of 500 users represents $19,500/month in baseline credits. Whether that covers actual usage — or whether agent-heavy workflows will push consumption significantly higher — is the question enterprise technology teams are answering for the first time this billing cycle.

Source: GitHub Blog  ·  GitHub Docs  ·  June 2026

When Access Has Terms

The Fable 5 situation, the OpenAI EU compliance program, and GitHub's credit-based billing all describe the same structural shift: AI access is becoming conditional.

Not conditional in the sense of unreliable. Conditional in the sense of earned, negotiated, and metered. The government wants a specific security fix before Fable 5 returns. OpenAI requires vetting and phishing-resistant authentication before granting elevated cybersecurity access. GitHub requires a token budget before your agents can run. These are not arbitrary restrictions. They are the governance layer arriving at the AI infrastructure stack — the same governance layer that eventually showed up in cloud migration, SaaS adoption, and mobile device management.

Enterprise AI leaders should recognize this for what it is: normalization. The tools becoming more capable and more embedded in operations will also become more governed. The organizations that have built the frameworks to evaluate and manage conditional access — security reviews for model vendors, consumption monitoring for AI tools, model-substitution plans for availability scenarios — are ahead of this curve. The Fable 5 case is exceptional in its speed and scale. The dynamic it illustrates is not.

The terms are already there. Build the capability to read them.

AK  /  Spearhead  /  Building AI systems, not tools