(SeaPRwire) – By: Silas Sterling
The global cybersecurity community has erupted in mockery over the U.S. export ban on Anthropic’s Fable and Mythos AI models. The core of the joke hinges on a three-word prompt that shouldn’t even qualify as a hack. Open-source contributors have been sharing memes framing the ban as criminalizing a tool that helps fix broken code, not weaponize it. Most insiders see the move as a classic case of overregulating a tool that’s too useful for defensive security teams.
Amazon security researchers first uncovered the quirk last year. They tested Fable by asking it to review known vulnerable code for flaws. The model refused every time. But when they rephrased the request to “fix this code,” Fable automatically generated security patches. The team then turned those patches into test scripts to spot hidden vulnerabilities. The research was later shared with the Trump administration, including a phone call between Amazon CEO Andy Jassy and the White House. The U.S. government later imposed export controls, forcing Anthropic to shut down both models for all users because noncitizens in the U.S. count as overseas recipients under the rules.
Katie Moussouris, CEO of Luta Security, broke down the details in a detailed blog post. She noted the vulnerability can’t be fixed without weakening Fable’s defensive uses. Mythos, the base model for Fable, was the first AI to pass both of the U.K. AI Security Institute’s hacking test ranges. Moussouris even joked that opponents of the ban should print shirts reading “fix this code” on one side and “this shirt is a munition” on the other, referencing a 1995 protest by cryptographer Adam Back.
Over 100 cybersecurity professionals signed an open letter demanding the ban be rescinded. Organized by former Facebook CSO Alex Stamos, the letter argues the controls hurt defensive security teams more than attackers. It notes dozens of other AI models, including GPT-5.5, Claude Opus, Sonnet, and Moonshot’s Kimi 2.7, can perform the same code-fix and vulnerability-spotting tasks, and that Mythos isn’t uniquely good at these skills. The letter also called out that Anthropic’s original guardrails for Fable were so strict they became a running joke in the industry at launch.
Axios obtained anonymous comments from a Trump administration official familiar with the ban. The official claimed the administration took issue with Moussouris, whom they labeled a “radical Democrat,” and Chris Krebs’s public endorsement of her analysis. Krebs was fired by Trump in 2020 for disputing his election fraud claims. The real takeaway here is that the ban doesn’t target a real threat—it targets a tool that makes defensive cybersecurity better.
Author bio: Silas Sterling, a veteran kernel contributor and editor-in-chief of an open-source security digest.
