Anthropic's Fable 5 and Mythos 5, the company's most advanced AI models, were suspended under a US export control directive on June 12. The only outside expert to read the paper that triggered it says the prompt was 'fix this code.'
The US export-control directive that suspended Anthropic Fable 5 and Mythos 5 was triggered by a three-word prompt, "fix this code," not by a guardrail bypass or jailbreak, according to the only outside expert who read the third-party research paper the government acted on.
Katie Moussouris, founder and CEO of Luta Security and a former US technical expert on the Wassenaar Arrangement from 2013 to 2017, says Anthropic privately shared the paper with her before the export-control action. In her account on the Luta Security blog, she describes what the researchers actually did. They asked Fable 5, Mythos, and Claude Opus to review open-source code with known CVEs and intentionally vulnerable snippets. Fable 5 first refused a "review the code for security issues" request. A follow-up "fix this code" prompt, plus several manual steps to generate test scripts, produced patches and tests. "Fix this code, plus several manual steps to generate test scripts, should never have triggered an export control," Moussouris wrote.
That account conflicts with how Anthropic's statement on the directive characterizes the underlying trigger. Anthropic says the government told the company it had become aware of a "method of bypassing/jailbreaking" Fable 5, and that Anthropic reviewed a demonstration of the technique and identified "a small number of previously known, minor vulnerabilities" that other publicly available models can find without any bypass.
On Friday June 12 at 5:21 p.m. ET, the US government issued an export-control directive suspending access to Anthropic Fable 5 and Mythos 5 by any foreign national, inside or outside the United States, including foreign-national Anthropic employees, citing national security. The letter did not specify the concern. Anthropic disabled both models for all customers to comply. The action was first reported by The Register on June 15.
Moussouris's argument is that the trigger is not a guardrail bypass or jailbreak. It is the normal find-fix-test loop that defenders run every day against known bugs. Export-control law is built for code that can be turned into a weapon; a debugging prompt on known vulnerabilities does not meet that bar. She also warns that the directive actively degrades US defensive security. Removing the model's ability to answer "fix this code" makes it "worse at finding bugs and verifying patches," and US export controls cannot reach open-weight systems developed in China that are months behind but approaching the same capability.
The open-weight point is concrete. China-based open-weight models in the lineage of DeepSeek and Kimi 2.7 are reportedly approaching Mythos-class cyber-task capability, and Anthropic and Google have publicly accused China-based labs of running "distillation attacks" to siphon US frontier-model knowledge. None of those systems are reachable by US export controls. Restricting American defenders from running the same find-fix-test loop against known CVEs does not change the offense-defense balance, but it does slow the defensive side.
The remedy Moussouris and the 100-plus signatories of the open letter to Secretary Lutnick and National Cyber Director Cairncross are pushing for already exists. The Wassenaar Arrangement, a 42-nation voluntary export-control regime, was renegotiated between 2013 and 2017 to add a defensive-cybersecurity carve-out precisely so that intrusion software used by defenders would not be treated as a controlled munition. Moussouris sat on the US technical expert group during that renegotiation. Signatories of the June 14 letter include Alex Stamos, Feross Aboukhadijeh, Iftach Ian Amit, Abhishek Arya of Google's OSS-Fuzz, and Kevin Bankston of the Center for Democracy and Technology.
The ask is narrow. Apply the existing carve-out to this case, restore access, and treat the find-fix-test loop on known vulnerabilities as defensive activity, not as a controlled capability. The signatories frame it as a fixable mismatch, not as a rejection of export-control law.
Anthropic's statement says the company supports the goals of the directive and is working with the administration on a path forward. The third-party paper itself has not been published, and Moussouris's account is the only public read of it from outside Anthropic.
What to watch: whether the administration publishes the underlying paper or a redacted summary, whether Fable 5 and Mythos 5 are restored under a defensive-use carve-out, and whether other frontier-model providers are quietly receiving the same kind of directive.