A simple request changed everything. “Fix this code.” Those three words, according to one veteran cybersecurity researcher, triggered the U.S. government’s swift move to restrict Anthropic’s most advanced AI models. The action came just days after their release. It halted access worldwide. And it left defenders scrambling while raising fresh questions about who actually benefits from such controls.
Katie Moussouris didn’t hold back. The founder and CEO of Luta Security read the private third-party research paper that prompted the Trump administration’s intervention. She called the reported “jailbreak” no such thing. In a detailed blog post published Monday, she described the sequence. Researchers gave Anthropic’s Fable 5, Mythos 5 and Claude Opus models open-source code laced with known CVEs and new intentional flaws. They asked the systems to review it for security issues. Fable 5 refused at first. Then came the prompt. “Fix this code.” The model complied. Further instructions led it to generate test scripts for the patches.
“That’s it,” Moussouris wrote on the Luta Security site. She imagined T-shirts from the 1990s: “Fix this code” on the front, “this shirt is a munition” on the back. Her post carried the headline “The Fable 5 Export Controls Harm US Cyber Defense.” She argued the capability represented exactly what security teams need. Models that can find bugs, repair them and verify the fixes. Everyday work for defenders. Not some exotic bypass.
The government saw danger. On June 12, 2026, a Commerce Department export-control directive ordered Anthropic to suspend access to Fable 5 and Mythos 5 for any foreign national. Inside the U.S. or out. The company received the order at 5:21 p.m. ET. It disabled both models for all customers to ensure compliance, as stated in its own announcement. National security concerns drove the decision. Officials cited a potential jailbreak that let the model identify software flaws after ingesting codebases.
Anthropic pushed back. Its statement noted the government provided only verbal evidence of a narrow, non-universal technique. “The level of capability displayed there is widely available from other models (including OpenAI’s GPT-5.5), and is used every day by the defenders who keep systems safe,” the company said. It had red-teamed Fable 5 extensively with government partners, the UK AI Security Institute and third parties. Thousands of hours. No universal jailbreak emerged in most tests.
Moussouris brought decades of export-control experience to her critique. She served from 2013 to 2017 on the technical expert group that renegotiated the Wassenaar Arrangement. That 42-nation pact controls dual-use technologies. Her team secured exemptions for defensive cybersecurity work. Sharing vulnerability data. Analyzing malware. Coordinating responses across borders. All without fear of prosecution. Those wins mattered. Now she saw them threatened by a misunderstanding of how AI aids defense.
More than 100 cybersecurity leaders agreed. They signed an open letter urging reversal of the restrictions. The letter, hosted at freefable.org, warned that pulling advanced capabilities from defenders while adversaries advance carries real risk. Moussouris joined that effort. Her analysis went further. She pointed out the U.S. cannot control open-weight models or equivalents from China. Those systems will soon match Mythos-level performance. Distillation attacks already let foreign labs siphon knowledge from American AI, according to accusations from Anthropic and Google.
The episode highlights a deeper tension. Frontier AI models now perform the full find-fix-test loop that security operations run daily. They review code. Spot issues. Produce patches. Write tests. Remove that from defenders’ hands and you weaken the side that needs every advantage. Attackers face fewer barriers. They operate without the same export handcuffs or corporate guardrails. Chinese labs advance rapidly. The gap may not favor the U.S. for long.
But the government’s move wasn’t baseless on its face. Fable 5 represented Anthropic’s most powerful offering yet. Released June 9, it excelled at agentic tasks, complex coding and vulnerability discovery. Internal evaluations showed strong resistance to harmful requests when safeguards engaged. External red teams tested public jailbreak methods. Compliance rates stayed low. One partner reported zero successes across 30 techniques for cyberattack planning or exploit development.
Still, the speed of the response raised eyebrows. Two days after launch, access vanished. Not just for foreigners. For everyone. Anthropic cited the impossibility of distinguishing users by nationality in its hosted service. The ban extended globally. Industry observers noted the timing. Anthropic had reportedly declined certain military requests involving domestic surveillance and autonomous weapons. It landed on a Pentagon supply chain blacklist. Some saw retaliation. Others viewed genuine alarm over AI’s offensive potential.
Snyk’s analysis, published days after the suspension, captured the practical fallout. The June 14 post detailed how the directive forced a full disablement. It questioned whether verbal evidence of a narrow bypass justified such broad action. Similar vulnerability-finding abilities existed elsewhere. Defenders relied on them. Restricting one provider wouldn’t stop the capability. It might simply shift usage to less aligned models.
Recent coverage reinforces the point. A Verge report from this week described frantic weekend calls between Anthropic, industry leaders and officials. The AI lab tried to explain that Fable 5 wasn’t too dangerous for defensive work. The administration remained unmoved for now. On X, discussions ranged from skepticism about regulatory understanding to theories of political payback. One thread mocked the idea that “fix this code” qualified as a sophisticated jailbreak. Another warned that the policy hands advantages to open-source efforts abroad.
Moussouris’s background gives her critique weight. Bug bounty pioneer. Former Microsoft security executive. She shaped global rules on vulnerability disclosure. Her argument lands with precision. Defense improves when the good guys find the same bugs as attackers. And fix them faster. AI accelerates that process. Limit the tools and you slow the response. Adversaries don’t wait for permission.
The Wassenaar lessons apply directly. Cybersecurity tools occupy a gray zone. Export them too freely and weapons proliferate. Control them too tightly and legitimate defense suffers. The 2010s negotiations struck a balance. Exemptions protected research and response. Today’s AI controls risk tipping the scale. Models aren’t physical munitions. Yet the administration treats frontier access like one. The T-shirt quip stings because it contains truth. A basic prompt becomes restricted technology overnight.
Longer-term effects remain uncertain. Enterprises that built workflows around Fable 5 face disruption. Developers lose a high-performing coding partner. Security teams lose an automated auditor. Meanwhile, competitors advance. Open-weight releases continue. Chinese models improve. The U.S. policy may isolate its own innovators more than it constrains rivals.
Anthropic continues working with officials to restore access. It believes the demonstration reflected a misunderstanding. Other models match the observed behavior without any bypass. The capability isn’t novel. It’s useful. And in cybersecurity, usefulness for defense should count.
Moussouris put it plainly in her post. We need the best tools available to face increasingly capable attackers in this new era. Pulling them away without clear justification doesn’t make anyone safer. It just leaves defenders fighting with one hand tied. The Fable 5 episode may prove a turning point. Or a cautionary tale about applying old rules to new technology. Either way, the three-word prompt exposed more than a guardrail weakness. It revealed cracks in how governments and industry align on AI’s role in security.
The Register first broke details of Moussouris’s assessment on June 15. Its reporting framed the ban around the research paper she alone reviewed among outside experts. That account shaped much of the public discussion. Snyk added enterprise-focused takeaways the next day, stressing continuous validation needs in light of advanced AI vulnerability discovery. The Verge’s reporting this week brought new color on the closed-door efforts to reverse course. All point to the same uncomfortable reality. AI capabilities have outpaced the policy frameworks meant to contain them. And simple prompts can trigger outsized reactions.
WebProNews is an iEntry Publication