🤖 AI Tools
· 7 min read

Why the US Government Controls Who Can Use GPT-5.6 (And What It Means)


Why the US Government Controls Who Can Use GPT-5.6 (And What It Means)

In the span of one month, the US government has restricted access to two frontier AI models. First, Anthropic’s Fable 5 was banned under export controls. Now, OpenAI’s GPT-5.6 launched on June 26 under a government-gated access model where the US government decides who can use it.

These are not minor models from niche labs. These are the two leading frontier AI companies in the United States, and both had their most capable releases restricted by the same government. If you build software with AI APIs, this affects your planning in ways you need to understand.

What Happened with GPT-5.6

OpenAI did not launch GPT-5.6 the way it launched GPT-4, GPT-4o, or GPT-5.5. There was no public API release. No ChatGPT integration. No waitlist.

Instead, OpenAI previewed GPT-5.6’s capabilities to the US government ahead of launch, at the government’s request. The result: approximately 20 trusted partner organizations have access. Everyone else does not.

The model is not available through any self-serve channel. The US government is the gatekeeper for who gets added to the access list. This is unprecedented for OpenAI.

What Happened with Fable 5

Anthropic’s situation was different but ended in the same place. Fable 5 launched and was subsequently banned under US export controls. The model was pulled after it was already available, rather than pre-coordinated like GPT-5.6.

The key difference: Fable 5 was restricted after launch (reactive). GPT-5.6 was restricted before launch (proactive). Different approaches, same outcome. Developers lost access.

We covered the question of whether the government would restrict Sonnet 5 as well. So far, Sonnet 5 remains publicly available, likely because its capabilities fall below the threshold that triggers restrictions.

Why These Models Are Restricted

The restrictions are driven by specific dangerous capabilities, not general performance. GPT-5.6’s safety evaluation numbers tell the story:

  • Virology Capabilities Test: 53.5%
  • Molecular Biology: 60%
  • Human Pathogen: 68.4%
  • ExploitBench: Competitive with Mythos Preview at 1/3 output tokens

A model that scores 68.4% on Human Pathogen assessments is, by definition, a model that can assist with biological weapon development. A model competitive with Mythos Preview on ExploitBench can assist with creating software exploits.

OpenAI invested 700,000 A100-equivalent GPU hours in automated red-teaming. They found capabilities they could not fully mitigate through model-level safety training alone. The three-layer safety stack (model training, real-time classifiers, account-level review) requires knowing exactly who is using the model and monitoring their usage.

That level of oversight is incompatible with public self-serve access.

The Pattern: Capability Thresholds

What we are seeing is the emergence of implicit capability thresholds above which models face government restriction:

Below the threshold (publicly available):

  • Claude Sonnet 5 (63.2% SWE-bench Pro)
  • GPT-5.5 (88.0% Terminal-Bench)
  • Claude Opus 4.8 (78.9% Terminal-Bench)

Above the threshold (restricted):

  • GPT-5.6 Sol (88.8% Terminal-Bench, 68.4% Human Pathogen)
  • Fable 5 (banned under export controls)

The threshold is not about coding performance. It is about dangerous capability in biology, cybersecurity, and weapons domains. Models can be excellent at coding and still be publicly available. But when they cross certain lines in bioweapons or exploit generation, restrictions follow.

What This Means for Developers

Supply Chain Risk Is Real

If you build products on frontier AI APIs, you now face a new risk: the model you depend on might become unavailable due to government action. This is not theoretical. It happened twice in June 2026.

We covered this in depth in our AI model supply chain risks analysis. The mitigations are:

  1. Model-agnostic architecture: Do not hard-code to a single provider
  2. Fallback chains: Have backup models configured and tested
  3. Capability monitoring: Track which of your features depend on frontier-level capability
  4. Provider diversification: Use multiple providers for different workloads

The “Good Enough” Tier Matters More

The models that remain publicly available, Claude Sonnet 5 at $2/$10, Claude Opus 4.8 at $15/$75, and eventually GPT-5.6 Terra and Luna, form the practical ceiling for most developers.

Building products that require capabilities above this ceiling is risky because your access could be revoked or never granted. Design systems that work well with available models and treat restricted models as optional upgrades.

API Key Security Becomes Even More Critical

If access to certain models is government-controlled, the API keys that grant access to those models become even more valuable targets. Organizations in the ~20 partner group need enhanced security around their GPT-5.6 credentials.

Even for publicly available models, follow our API key security guide. Leaked keys for restricted models could have regulatory consequences beyond just financial loss.

Geographic Considerations

The government-gated model is currently US-centric. If you are a developer outside the United States, the path to GPT-5.6 access is unclear at best. This accelerates the need to evaluate alternative AI API providers and consider geographic diversification in your AI infrastructure.

The Broader Industry Impact

For Startups

If you are a startup building on AI, the lesson is clear: do not differentiate on model access. Your competitive advantage cannot be “we use GPT-5.6 Sol” because that advantage depends on a government decision, not your engineering.

Differentiate on application logic, domain expertise, data, and user experience. Use the best available model, but build so you can swap models without rebuilding your product.

For Enterprises

Enterprises face a different calculation. Some large organizations will be among the ~20 partners (defense contractors, major tech companies, research institutions). For them, GPT-5.6 access is a strategic asset.

But even these organizations should not build critical infrastructure solely on a model that could face further restrictions. The same government that granted access can modify terms or revoke access.

For Open Source

Government restrictions on proprietary models strengthen the case for open-weight alternatives. If the best proprietary models are unavailable, open models that trail by 5 to 10 percentage points become much more attractive. Expect increased investment in open-source frontier models.

For the AI Industry

Two restricted models in one month signals that we have entered a new era. The assumption that more capable models automatically become more accessible is dead. The progression is no longer linear from research to API to ChatGPT to free tier.

The new reality: some models will be restricted indefinitely. Build your business around models you can reliably access.

What Comes Next

Several scenarios are plausible:

  1. Gradual expansion: The ~20 partner list grows over months as safety infrastructure matures. This is the most likely path for GPT-5.6.

  2. Permanent restriction: Some capability tiers remain permanently restricted to vetted organizations. Possible for ultra mode specifically.

  3. Regulatory framework: The US government formalizes the informal restrictions into explicit regulation with clear criteria for access. This would add predictability but also bureaucracy.

  4. International fragmentation: Other countries develop their own frontier models without US restrictions, creating capability asymmetries. Already happening.

For practical planning, assume GPT-5.6 remains restricted for at least 3 to 6 months. Plan your current projects around publicly available models and architect for flexibility.

Recommendations

  1. Audit your model dependencies. Know exactly which models you use and what happens if any becomes unavailable.

  2. Implement fallback chains. If your primary model is restricted, your system should degrade gracefully to an alternative.

  3. Monitor the regulatory landscape. Follow export control updates and government AI policy. These now directly affect your toolchain.

  4. Do not over-optimize for restricted models. Prompt engineering and fine-tuning for a model you might lose access to is wasted effort.

  5. Invest in evaluation infrastructure. When new models do become available, you need to quickly assess whether they improve your specific use case. Build benchmarking into your development process.

The era of “every model eventually becomes public” is over. Plan accordingly.

FAQ

Is this like export controls on encryption in the 1990s?

There are parallels. Both involve the government restricting access to dual-use technology. The key difference is that encryption restrictions eventually relaxed as the technology proliferated. AI models require massive compute, which is harder to proliferate than mathematical algorithms. The restrictions may persist longer.

Could Claude Sonnet 5 be restricted next?

It is possible but less likely in the near term. Sonnet 5’s capabilities appear to fall below the threshold that triggers restrictions. We analyzed this in our will the government ban Sonnet 5 article. The biology and exploit capabilities that drove GPT-5.6 restrictions are the key factor, not general coding ability.

Can I still use GPT-5.5?

Yes. GPT-5.5 remains available through OpenAI’s standard API. The restrictions apply only to GPT-5.6. However, watch for potential retroactive restrictions if the government’s threshold evolves.

What should I tell my team or stakeholders?

Be direct: the most capable AI models are no longer freely available, and this trend will likely continue. Recommend building model-agnostic architectures, maintaining provider diversification, and not planning product roadmaps that assume access to restricted models.

Are there alternatives outside the US?

Non-US models exist (DeepSeek, Mistral, others) but face their own challenges: different capability profiles, potential data sovereignty issues, and the risk of reciprocal restrictions. There is no simple “just use a non-US model” answer. Evaluate based on your specific requirements and regulatory environment.