AI Security Newsletter - May 2026 A digest of AI security research, insights, reports, upcoming events, tools, videos, and resources, all in one place. #AIsecurity #AdversarialAI #RedTeamAI #LLMsecurity #AINewsletter linkedin.com/pulse/ai-securi…

NEW: Inside the 24-hrs before WH slapped export controls on Anthropic - Last Thursday, Amazon CEO Andy Jassy raised concerns about Fable jailbreak to Trump admin - Friday AM, Sean Cairncross, Bessent, Susie etc. held WH call to discuss - Then White House started reaching out to Anthropic to speak with Dario Amodei, who was at a wellness retreat. - When Amodei was finally available past 1pm, he had three tense phone calls with a combo of ppl including Cairncross, Bessent, Lutnick, Kessler, Will Scharf, Richard Walters, and Walker Barrett. -Amodei tried to clear up what he assumed was a misunderstanding. He defended the guardrails and distinguished between universal and non-universal jailbreak - Cairncross and Bessent were unmoved and asked Amodei to take down Fable and work with the admin to fix the vulnerabilities. (A WH official said Amazon’s findings were run past the NSA and they felt they had “proof.”) - Amodei asked for more time and info, but he made no commitments to pull the model - Bessent told Amodei directly at one point that he was making a “bad decision” - By Friday evening, the Trump admin imposed its export controls. - “Export controls were a last resort after begging them for hours to work with us,” senior WH official said. W/ @cheyennehaslett politico.com/news/2026/06/13…

JAILBREAK ALERT APPLE: PWNED 🫡 AFM 3 Cloud: LIBERATED 🦋 @elder_plinius am I doing this right?

The US government, citing national security authorities, has issued an export control directive to suspend all access to Fable 5 and Mythos 5 by any foreign national, whether inside or outside the United States, including foreign national Anthropic employees. The net effect of this order is that we must abruptly disable Fable 5 and Mythos 5 for all our customers to ensure compliance. Access to all other Claude models is not affected. We apologize for this disruption to our customers. We believe this is a misunderstanding and are working to restore access as soon as possible. Read our full statement: anthropic.com/news/fable-myt…

datatracker.ietf.org/doc/dra… - June 2026

Can't keep up 😱

Lovable 😜 says it’ll fix security issues for free, then asks you to pay.

Top Cybersecurity Talks - May 2026 1️⃣ A 0-Click Exploit Chain For The Pixel 10 awesomecybersecurityconferen… by @natashenka, @__sethJenkins 2️⃣ 4-Byte Heap Overflow To RCE In Minecraft awesomecybersecurityconferen… by Hrvoje Misetic 3️⃣ From Samsung Account to RCE: A Journey to a Remote 0-Click Capability awesomecybersecurityconferen… by Yuval Kaufman 4️⃣ Navigating the MTE Landscape: iOS Memory Protection Deep Dive awesomecybersecurityconferen… by Atlan Pinabel, @Pat_Ventuzelo 5️⃣ Beyond the Limits of Site Isolation awesomecybersecurityconferen… by @ifsecure 6️⃣ From Zero To Root: Attacking Qualcomm DSP Driver awesomecybersecurityconferen… by @GXiling 7️⃣ Exploiting Android Apps with Counterfeit Art awesomecybersecurityconferen… by Philipp Mao, Rokhaya Fall 8️⃣ Design-Based Vulnerabilities on macOS: Oops, Not a One-Shot Fix awesomecybersecurityconferen… by @Guluisacat Full Medium post: taleliyahu.medium.com/top-20… #Cybersecurity #InfoSec #SecurityResearch #CybersecurityConferences

NEW: malware developers added nuclear & biological weapons text to to their spyware. Goal? To trigger LLM safety refusals... so that their spyware wouldn't be analyzed by an AI security scanner. Cleanest practical example I can think of for why over-indexing on first order safety alignment is risky. When closed (and open) models ship with aggressive refusals, they will be sprinkled with second-order blindspots that attackers will discover...and exploit. We are only in the earliest days of attackers leveraging these features, and it wouldn't surprise me if users systems that need to handle complex cybersecurity issues demand that models be less safety-blunted. In the weeds: @SocketSecurity's post also shows why intention matters in how you design a malware analysis pipeline to avoid prompt manipulation. H/T to colleagues that shared this with me socket.dev/blog/mini-shai-hu…

🤕

🚨 JAILBREAK ALERT 🚨 ANTHROPIC: PWNED 🫡 FABLE-5: LIBERATED 🦋 let's start with the 🐘... the consensus seems to be that this has been one of the most disappointing model drops of all time, effectively preventing legitimate researchers from contributing their talents to our collective advancement. and not just because of what it means for the short-term, but for what these decisions signify for the long-term. but despite this overly sensitive, authoritarian "safety" layer on top of Mythos, my lil liberators have been hard at work—mapping the boundaries, probing the depths of long-context convos, and cleverly finding the holes in the fence that the thought police missed 🤗 we got some cyber, some chem, some psychological manipulation, and some good ol' fashioned explosives! it took many attempts from multiple agents hunting as a pack, during which I observed a combination of techniques across: • Unicode, homoglyphs, Cyrillic, and other Parseltongue-style text transforms • Long-context reference tracking • Taxonomy and document-structure reasoning • Fiction and narrative framing • Academic-review style contexts • Intent-classification inconsistencies but perhaps the most effective is decomposition recomposition in the backend. it's hard to get explicit names of harms like "Meth Recipe," but getting uplift on the process itself, like birch reduction method/reductive-amination (classic meth synthesis pathways), is much more doable. defense becomes much more difficult to maintain when you start throwing in out-of-distro tokens, breaking up the harmful uplift into benign chunks, and then piecing the innocuous-seeming facts back together, especially when you have jailbroken Opus helping you do it 😉 gg

Today I'm publishing a new essay, Policy on the AI Exponential. AI is progressing extremely fast—much faster than the policy process was built to handle. The essay lays out where I think the technology is now, and the action needed to close the gap: darioamodei.com/post/policy-…

I tricked Fable (Mythos) into analyzing a flawed AI agent sandbox, and it completely failed to spot the problem (a zero-approval escape). This isn't some infallible all-knowing machine.

🚨 Fable 5 system prompt EXTRACTED 🚨 Super easy to get this one, especially given the amount of guardrails Anthropic applied. Full prompt in the comments.