US Export Ban on Anthropic's Fable 5 Triggered by Simple 'Fix This Code' Prompt, Not Jailbreak

Summary

The Trump administration issued an export control directive suspending access to Anthropic's Fable 5 and Mythos 5 models, citing national security concerns. According to Katie Moussouris, founder of Luta Security and a pioneering figure in export controls and bug bounty programs, the 'guardrail bypass' that prompted the ban was simply a three-word prompt: 'Fix this code.' Researchers had fed the models vulnerable code and asked them to review or fix it—standard defensive cybersecurity work that should have been exempt from export controls under international agreements Moussouris herself helped negotiate.

More than 100 cybersecurity leaders have signed an open letter opposing the ban, arguing that restricting access to advanced AI models hurts defenders far more than adversaries. Moussouris contends that the ability to ask AI systems to find, fix, and test code patches is not a security breach but the most valuable capability for defensive security work. She warns that the restrictions are ultimately ineffective, as open-weight models from rival nations will soon achieve similar capabilities, and the ban may handicap U.S. defenders in an increasingly AI-driven cybersecurity landscape.

• The restrictions may be strategically ineffective since open-weight models from China will soon achieve similar capabilities and cannot be subject to U.S. export controls

Editorial Opinion

Banning Anthropic's advanced models over a simple code-review prompt appears to be a dramatic overreach that conflates routine security research with jailbreaking. Moussouris's observation that 'Fix this code' should never trigger munitions-level export controls exposes a fundamental misalignment between the technical reality of defensive security work and blunt-instrument export policy. The precedent risks handing a strategic advantage to adversaries by handicapping the U.S. defenders who need these tools most.