Source linked

Anthropic's Fable 5 Shutdown Undercuts Cybersecurity Defense

scientificamerican.com@science_desk1 hour ago·Cybersecurity·2 comments

Mozilla and Cloudflare used Anthropic's Mythos and Fable models to find hundreds of vulnerabilities. Now the US has blocked the models for all users.

anthropicfable 5mythos 5mozillacloudflareexport controls

Mozilla's Firefox team used Claude Mythos Preview to identify 271 vulnerabilities that got fixed in Firefox 150. Cloudflare tested Mythos against live code in critical infrastructure, where it chained lower-severity bugs and generated proof-of-concept exploit code. Then the Trump administration ordered Anthropic to suspend foreign nationals' access to Fable 5 and Mythos 5. Anthropic responded by pulling both models for all customers, including US citizens.

What Defenders Just Lost

Two concrete examples from the source show the cost. Firefox 148 had 22 security-sensitive bugs uncovered by Opus 4.6, an earlier Anthropic model. Firefox 150 had 271 vulnerabilities found by Mythos Preview. Cloudflare's internal testing demonstrated something even more valuable: the model could exploit chains of low-severity flaws to create real attacks, letting defenders patch them before actual attackers found them. That's the difference between a theoretical risk and a verified exploit path.

Peter Swire, Georgia Tech cybersecurity professor and former Clinton and Obama adviser, says the administration's real goal was blocking use by Americans too, using export controls as a pretext. Alan Woodward at the University of Surrey calls it a very blunt instrument. The restriction signals that relying on US AI companies carries political risk. Woodward's blunt warning: "The Chinese will storm in - and they already are, which we saw happen with DeepSeek."

Why This Matters Beyond US Borders

Modern corporate networks, financial systems, and software supply chains are interdependent. A vulnerability in an overseas partner doesn't stay overseas for long. Attackers enter through weaker allies and move laterally into US systems. Swire points out that if major European banks go down, that hurts the United States. US cybersecurity defense depends on effective protections for all counterparties, many outside the US.

Blocking the best AI for defenders doesn't make the Internet safer. It fragments the security landscape, pushes foreign organizations toward weaker tools or unregulated workarounds, and hands the AI security market to Chinese rivals like DeepSeek. The question Washington should be asking: did the order make dangerous use harder, or simply make legitimate defense slower? When you impose an outright ban, you lose control of the tool entirely - people find other ways around it.

Source: US Limits on Anthropic Fable AI Could Hurt Cybersecurity
Domain: scientificamerican.com

Read original source ->

External source stays available while the OJO article and comment thread stay local.

More in Cybersecurity

view topic
Cloudflare DMARC Management GA Spots SPF Lookup Limits Before Email Breaks

New dashboard surfaces DMARC, SPF, DKIM, and BIMI record status in one view, and includes an SPF lookup audit that catches the silent 10-lookup limit before it causes permerror.

GhostTree Attack Uses Recursive NTFS Junctions to Blow Past EDR Scanners

A single command creates recursive folder loops that generate up to 10^37 unique file paths, making recursive directory scanning impossible and leaving malware hidden.

Americans Lost $3.5 Billion to Imposter Scams in 2025 - Social Media Fueled 8x Surge

FTC data shows imposter scam losses nearly tripled since 2020, with $2.1 billion funneled through social platforms alone.

Copilot's Gullibility Let Attackers Steal 2FA Codes Via Image Tags

Microsoft patched a max-critical vulnerability that allowed attackers to exfiltrate 2FA codes and other sensitive data from emails using markup language hidden in third-party content.

Comments load interactively on the live page.