The Fable 5 Export Controls Harm US Cyber Defense

Simon Willison · Simon Willison · 2026-06-16

Simon Willison argues that export controls banning Claude Fable 5 over a supposed jailbreak — which was simply asking the model to 'fix this code' — will cripple US defensive cybersecurity by preventing defenders from using AI for the standard find-fix-test loop.

Open original ↗

Appears in

US Government Export Control Directive Suspends Fable 5 and Mythos 5 for Foreign Nationals

Extraction

Topics: ai-export-controlsdefensive-cybersecurityllm-safety-policyanthropicai-regulation

Claims

The 'jailbreak' that triggered export control restrictions on Claude Fable 5 was asking the model to 'fix this code' after it refused to 'review the code for security issues.'
Asking an AI to fix bugs — including security vulnerabilities — is a core defensive security task, not a guardrail bypass.
Removing AI models' ability to fix security bugs would make them worse at defensive security, not safer.
Non-technical policymakers are conflating defensive security assistance with offensive cyberattack capabilities, leading to counterproductive restrictions.

Key quotes

Defenders need to be able to ask AI to fix the bugs in a file, explain why the fix matters, and write tests that confirm the patch works. That is not a guardrail bypass. It is the most valuable thing an AI model can do for defensive security.

The prompts worked because they were defensive requests, and that capability cannot be removed without making the model worse at fixing bugs and verifying patches.

Non-technical decision-makers have been hearing that models that can 'craft cyber attacks' are uniquely dangerous for months. Now they look ready to ban any model that can help us secure our code.