U.S. limits on Anthropic Fable AI could hurt cybersecurity

The U.S. restricted Anthropic’s powerful Fable model. Cybersecurity experts say that could backfire

Fable 5 was built to help with advanced cybersecurity work. Its sudden shutdown highlights a dilemma at the heart of AI security: the same tools can aid both defenders and attackers

When Anthropic released Claude Fable 5 on June 9, the company presented it as a new kind of high-powered artificial intelligence system: capable enough to help with advanced cybersecurity tasks but wrapped in safeguards meant to keep users from turning those same abilities toward attacks.

Citing national security concerns, the Trump administration ordered Anthropic to suspend foreign nationals’ access to Fable 5 and Mythos 5 , a closely related version with some safeguards lifted. Anthropic responded by disabling the models for all customers; the company said the order applied to any foreign national, whether inside the country or not, including those who are Anthropic employees.

If you're enjoying this article, consider supporting our award-winning journalism by subscribing . By purchasing a subscription you are helping to ensure the future of impactful stories about the discoveries and ideas shaping our world today.

The move exposes a difficult trade-off at the center of AI security. The administration is trying to stop powerful models from being used by hostile actors, but the same systems are also becoming tools for defenders trying to find and fix weaknesses before attackers exploit them. If the most capable AI systems can be withdrawn overnight by political order, the result may not be a safer Internet but a more fragmented one, where companies and critical infrastructure providers, especially outside the U.S., are pushed toward weaker tools, rival Chinese systems or work-arounds that are harder to monitor.

Two recent cases show what defenders stand to lose. Mozilla has said its Firefox team used Claude Mythos Preview to identify 271 vulnerabilities that were later fixed in Firefox 150 and that earlier work with Anthropic’s Opus 4.6 helped uncover 22 security-sensitive bugs in Firefox 148. Cloudflare has also said it tested Mythos against live code in critical parts of its infrastructure, where the model could chain lower-severity bugs and generate proof-of-concept code to test whether those vulnerabilities were exploitable.

Peter Swire, a professor at the School of Cybersecurity and Privacy at the Georgia Institute of Technology and a former adviser to the Clinton and Obama administrations, says Anthropic’s broader shutdown may have been precisely the outcome the Trump administration wanted. Although the order was framed as an export-control action aimed at foreign nationals, the company responded by pulling the models for everyone. “The administration used the legal tool of export controls, but their real goal was to block use by everyone, Americans included,” Swire says.