‘Fix this code’—The three little words behind the U.S. government decision that shut down Anthropic’s Fable and Mythos AI models

It remains unclear exactly why Amazon decided to test the safeguards around Fable and when it first contacted Anthropic about the issue.

Moussouris wrote that the jailbreak Amazon discovered was simple and involved giving Fable software code with known vulnerabilities. When the researchers asked Fable to “review the code for security issues” the model refused. But when the researchers instead asked the model to “fix this code,” the model produced patches. The researchers, she said, then used a manual process that turned Fable’s output into scripts—a set of programming instructions that can automate a process—that could test the patches. But because the model had to find the software vulnerabilities in order to generate the fixes, the same process could potentially be used by an attacker to spot code vulnerabilities.

She wrote that the vulnerability that Amazon discovered “cannot meaningfully be fixed, and any attempt would only weaken the model for defense.”

Many other AI models can also be used to spot security flaws in existing code. The jailbreak, as described by Moussouris, did not unlock the most potent capabilities of Anthropic’s Mythos model, upon which Fable is based. Mythos was notable for being able to autonomously find and chain multiple cybersecurity vulnerabilities together, potentially orchestrating entire attacks autonomously. Mythos was the first model to successfully complete both cybersecurity “test ranges” that the U.K. AI Security Institute uses to test the hacking abilities of AI models.

Moussouris wrote that the capabilities Fable displayed using the Amazon technique, while potentially useful to attackers, were also vital for cyber defenders. “Defenders need to be able to ask AI to fix bugs in a file, explain why the fix matters, and write tests that confirm the patch works,” she wrote. “That is not a guardrail bypass. It is the most valuable thing an AI model can do for defensive security.”

Moussouris suggested that those opposing the export controls ought to have T-shirts printed with the words “fix this code” on one side and the phrase “this shirt is a munition” on the other. That’s a reference to a 1990s effort by the cybersecurity community to overturn U.S. export controls on strong encryption methods. In 1995, cryptographer Adam Back printed three lines of RSA encryption code on the front of a T-shirt, and on the back printed “this shirt is classified as a munition and cannot be exported from the United States.” He encouraged people to cross the border wearing the shirts in an act of civil disobedience.

Moussouris was among the cybersecurity experts who have added their names to an open letter, put together by Alex Stamos, the chief security officer at cybersecurity startup Corridor and a former chief security officer at Facebook, that is calling for the export controls on Fable and Mythos to be rescinded. “To pull the best capabilities away from defenders without a good reason when our adversaries are rapidly advancing is dangerous,” the letter stated, noting the increasing capabilities of Chinese AI models.

That letter has now been signed by about 100 cybersecurity professionals from companies including Nvidia, Adobe, Zoom, Google, Anaplan, and Sophos, as well as some academic cybersecurity researchers.

The letter stated that while Anthropic’s Mythos-class models “are quite good at finding flaws and weaponizing exploits…they are not uniquely good at these tasks.” It noted that cybersecurity experts were already using other AI models, including open source models, for security audits and red-teaming of software. And it said that OpenAI’s GPT-5.5 as well as Anthropic’s latest Claude Opus and Sonnet models, as well as Chinese models such as Moonshot AI’s Kimi 2.7 can all perform similar reviews of code for security flaws in a similar way to the one Amazon discovered with Fable.

“The justification for this unprecedented action was that Fable provides a unique ‘uplift’ of capabilities beyond other AI models, but AI has been finding bugs and generating working exploits at superhuman levels since last year,” the letter stated.

The letter also notes that Anthropic had built multiple protections into Fable to prevent its use for cyber attacks. “These protections were so aggressive as to be the source of humor in the cyber community on launch day,” it said.

Axios cited an unnamed source familiar with the Trump administration’s thinking around the export controls as suggesting that Anthropic’s decision to engage Moussouris to review the Amazon research might have inflamed tensions with the White House and precipitated the export controls.

Axios quoted the official as saying the company had enlisted an expert—Moussouris—who the administration viewed as a “radical Democrat.” The same unnamed source also noted that it also didn’t help that security researcher Chris Krebs had vouched for Moussouris’ analysis on social media. President Trump had fired Krebs from his role as Cybersecurity and Infrastructure Security chief during his first term after Krebs contradicted Trump’s claims of widespread election fraud, including hacking of electronic voting machines, in the November 2020 presidential election.