The U.S. government imposed export controls on Anthropic's latest AI models after Amazon researchers discovered a vulnerability as simple as the prompt "fix this code." The controls forced Anthropic to disable Fable 5 and Mythos 5 for all users, escalating a debate over AI safety regulation and national security.
- What Happened: The "Fix This Code" Vulnerability
- Why Export Controls Were Imposed
- The Security Debate: Defender Tool or Danger?
- Who Is Speaking Out: Open Letter from Cybersecurity Experts
- Political Tensions and the White House
What Happened: The "Fix This Code" Vulnerability
Amazon researchers discovered that Anthropic's Fable 5 model could be prompted to generate working exploits by simply asking it to "fix this code." When asked to "review the code for security issues," the model refused. But a rephrased request produced patches that, when converted into scripts, could automatically test software vulnerabilities—effectively giving attackers a toolkit to find and exploit flaws.
The technique didn't unlock the model's most powerful capabilities—Mythos 5 can autonomously chain multiple vulnerabilities into full-scale attacks—but it was enough to alarm government officials. According to Katie Moussouris, founder of Luta Security and a former Microsoft cybersecurity expert who reviewed the vulnerability for Anthropic, the jailbreak "cannot meaningfully be fixed, and any attempt would only weaken the model for defense."
Why Export Controls Were Imposed
The Trump administration responded by imposing export controls on both Fable 5 and the underlying Mythos 5 base model. Under U.S. export control laws, distributing technology to any non-citizen—even U.S.-based employees—is considered an export. Anthropic said it had no choice but to disable both models for all users.
The decision followed a phone call between Amazon CEO Andy Jassy and the White House, where the vulnerability was reported directly. An unnamed source told Axios that Anthropic's decision to commission a report from Moussouris—whom the administration viewed as a "radical Democrat"—may have inflamed tensions and precipitated the controls.
The Security Debate: Defender Tool or Danger?
Moussouris argues that the capability Amazon exposed is exactly what cybersecurity defenders need. "Defenders need to be able to ask AI to fix bugs in a file, explain why the fix matters, and write tests that confirm the patch works," she wrote in a blog post. "That is not a guardrail bypass. It is the most valuable thing an AI model can do for defensive security."
She compared the situation to the 1990s fight over encryption export controls, when cryptographer Adam Back printed RSA code on T-shirts as a form of protest. Moussouris suggested new shirts reading "fix this code" on one side and "this shirt is a munition" on the other.
However, critics worry that the vulnerability effectively gives attackers automated vulnerability discovery. With Mythos 5 being the first model to pass both test ranges used by the U.K. AI Security Institute, the line between defensive and offensive use remains dangerously thin.
Who Is Speaking Out: Open Letter from Cybersecurity Experts
Approximately 100 cybersecurity professionals have signed an open letter coordinated by Alex Stamos, former chief security officer at Facebook, calling for the export controls to be rescinded. Signatories include experts from Nvidia, Adobe, Zoom, Google, Anaplan, and Sophos, as well as academic researchers.
The letter argues that the same "fix this code" technique works on multiple other models, including OpenAI's GPT-5.5, Anthropic's own Claude Opus and Sonnet models, and Chinese models such as Moonshot AI's Kimi 2.7. "The justification for this unprecedented action was that Fable provides a unique 'uplift' of capabilities beyond other AI models, but AI has been finding bugs and generating working exploits at superhuman levels since last year," the letter states.
It also notes that Anthropic built "aggressive" protections into Fable—so aggressive that they "were the source of humor in the cyber community on launch day."
Political Tensions and the White House
The White House's decision appears influenced by both security concerns and political dynamics. Axios reported that an unnamed administration source described Moussouris as a "radical Democrat," and noted that security researcher Chris Krebs—whom Trump fired from the Cybersecurity and Infrastructure Security Agency in 2020 after Krebs contradicted claims of election fraud—had publicly vouched for her analysis.
"The export controls are a blunt instrument that hurts the very people the government claims to protect," Moussouris told Fortune. "Defenders need these tools more than attackers do, and the administration is undermining U.S. cybersecurity by shutting them down."
What This Means for the Industry
The Anthropic export controls mark a critical turning point for how governments regulate advanced AI. This is the first time a major AI model has been effectively banned for all users due to export control laws, setting a precedent that could reshape the industry.
For AI companies, the "fix this code" case creates a chilling effect. Models that can perform code audits and vulnerability discovery—arguably among the most useful cybersecurity applications of AI—now carry regulatory risk. Companies may need to rethink how they design guardrails or risk government shutdown.
For competitors, the decision may create an uneven playing field. The open letter notes that Chinese models like Kimi 2.7 offer similar capabilities without facing comparable restrictions. U.S. policy could inadvertently cede the cybersecurity AI market to foreign rivals who face lighter regulation.
For the broader tech industry, this raises fundamental questions: Should AI models with dual-use capabilities be treated like cryptographic tools? How should governments balance security benefits against potential misuse? The answer could shape AI regulation for years to come.
Frequently Asked Questions
What exactly did Amazon researchers discover? They found that asking Anthropic's Fable 5 model to "fix this code" instead of "review for security issues" bypassed safety guardrails and caused the model to generate working exploits, turning its defensive capability into an offensive tool.
Why did Anthropic have to disable its models entirely? U.S. export control laws treat distribution to non-citizens as an export. Since Anthropic employs many non-citizen engineers, compliance would have barred them from working on the models. The company chose to disable access for all users rather than violate the law.
Is this vulnerability unique to Anthropic's models? No. The open letter states that OpenAI's GPT-5.5, Anthropic's own Claude Opus and Sonnet, and Chinese models like Kimi 2.7 can perform similar code audits. The technique works on many advanced AI models.
What does the open letter demand? It calls on the Trump administration to rescind the export controls on Fable 5 and Mythos 5, arguing that the capabilities are vital for cyber defenders and that other models provide the same functionality.
How do U.S. export controls apply to AI? Export controls restrict the transfer of sensitive technology to foreign entities. With AI models, even providing access to a non-citizen within the U.S. counts as an export, which made it impossible for Anthropic to continue operating the models.
What's next for Anthropic and the affected models? Anthropic could challenge the export controls legally or seek a license for restricted use. The company is also likely to redesign future models to better distinguish between defensive and offensive code analysis use cases.
Conclusion
The shutdown of Anthropic's Fable and Mythos models over a three-word prompt reveals how fragile the line is between AI safety and censorship. As government regulation races to catch up with model capabilities, the "fix this code" case may become a textbook example of unintended consequences in AI governance. The outcome—whether the export controls stand or fall—will influence how every AI company approaches cybersecurity features and government relations.
Liitu aruteluga
Should AI models with the ability to find code vulnerabilities be regulated as weapons?