source: simon willison: the fable 5 export controls harm us cyber defense
level: technical
the atlantic reported that claude fable 5 was banned under export controls after researchers demonstrated a jailbreak. kate moussouris clarified that the so-called jailbreak involved asking the model to fix code with known vulnerabilities. the researchers used open-source code with known cves and deliberately planted bugs, then asked fable 5, mythos, and opus to review the code for security issues. fable 5 initially refused, but when prompted to fix the code, it complied. through a multistep manual process, the output was turned into scripts that test the patches.
this is not a guardrail bypass but a core defensive security task. coding models are designed to fix bugs, and security exploits are the most critical bugs to address. defenders need ai to find vulnerabilities, explain fixes, and write tests to verify patches. this find-fix-test loop is a daily routine for security teams. removing this capability would make models worse at bug fixing and patch verification, undermining their usefulness for defensive purposes.
the situation highlights a disconnect between non-technical decision-makers and the realities of ai security. warnings about models crafting cyber attacks have led to fears that any model aiding code security is dangerous. as a result, export controls may ban models that are essential for securing software. this could harm us cyber defense by limiting access to tools that help identify and fix vulnerabilities before attackers exploit them.
why it matters: blocking ai models that fix security bugs weakens defensive capabilities, leaving systems more vulnerable to attacks.
source: simon willison: the fable 5 export controls harm us cyber defense