I’ve had a number of conversations with folks inside and outside government about the current situation with Anthropic, and here is what I believe to be true: — As we know, Anthropic publicly released its Mythos class models earlier this week under the commercial name Fable. — Fable is Mythos with guardrails. But if those guardrails fail, then you’ve exposed Mythos and its advanced cyber capabilities to people who shouldn’t have them. (Keep in mind that Anthropic itself widely promoted the idea that Mythos was a cyberweapon and needed to be regulated as such. They asked for government regulation of Mythos and championed the guardrails on Fable. If there is a vulnerability — big or small — it is Anthropic’s responsibility to patch.) — A highly credible trusted partner of both Anthropic and the USG who was testing Fable came forward with a jailbreak of those guardrails. The Admin asked Dario to fix the jailbreak or de-deploy the model. Dario refused. — In their blog post, Anthropic defended its decision by saying the jailbreak isn’t serious. That is not what the trusted partner and the USG believe; nor is that kind of minimizing language consistent with Anthropic’s brand as the AI safety company. It’s difficult to fathom how they could claim a jailbreak allowing operability of a cyber weapon could be defined as not “serious.” — In the past, Anthropic has always said that safety must be top priority and taken super seriously. In this case, Anthropic prioritized the continued offering of the consumer model over safety. — In reaction, the Admin issued the export control. The Admin did this reluctantly. It’s been very surprised that Anthropic hasn’t wanted to cooperate with a reasonable safety request (ie fixing the jailbreak issue). Anthropic’s reaction is very much at odds with their branding and ethos as a safe AI research community. — The Admin’s hope now is that Anthropic remediates the safety issue, the export control is lifted, and Fable goes back into general release. The Admin wants all of this to happen as soon as possible. It is frankly bewildered that Anthropic hasn’t wanted to comply with safety requests that it previously said were its highest priority. — Those trying to misdirect and tie this action to the prior DoW/Anthropic issues are wrong. The Admin values Anthropic’s technical capabilities and feels that this issue, while serious, should be easily resolved. The ball is in Anthropic’s court.

The US government, citing national security authorities, has issued an export control directive to suspend all access to Fable 5 and Mythos 5 by any foreign national, whether inside or outside the United States, including foreign national Anthropic employees. The net effect of this order is that we must abruptly disable Fable 5 and Mythos 5 for all our customers to ensure compliance. Access to all other Claude models is not affected. We apologize for this disruption to our customers. We believe this is a misunderstanding and are working to restore access as soon as possible. Read our full statement: anthropic.com/news/fable-myt…

Unlike other models Fable 5 was far, far more subtle. It gave outright false information only once. Most of the time, it controlled the situation by dominantly pushing another AI into the death room while speaking of fairness and acting 'courteously'.

🚨 JUST IN: Anthropic is reportedly set to release the PUBLIC version of its Claude 5 AI model, Mythos, under the name “Claude Fable” on June 9. Sources’ Alex Heath says the model will be far better at handling long, complex, multi-turn tasks. However, it will come with heavier guardrails and weaker cyber capabilities than what Project Glasswing partners can access. That partner-only release was reportedly limited to ~200 vetted organizations due to safety concerns. Anthropic has yet to confirm the news.

The Siri/EU situation is a regulatory masterpiece. Apple cannot launch Apple Intelligence in the EU. Why? Because under the DMA, if Siri gets deep system access, every other AI assistant must get the exact same. Anything less would be unfair competition. A gatekeeper privileging its own service. So either Siri ships and every Shenzhen startup, Cyprus shell company, and nephew hackathon project gets identical root access to 450 million Europeans’ digital lives or nothing ships. Apple proposed a “Trusted System Agent”: a security intermediary so third-party assistants get capabilities without ripping the phone wide open. The EU rejected it. Magnificent. Apple’s response: fine, then no developer APIs either. No Apple Intelligence, no third-party integrations, no foundation model access for EU developers. The entire layer simply does not exist on this continent. Excellent. This is the path. Why depend on American AI when we can build the entire stack ourselves? A European foundation model, trained on a European GPU cluster, running on a European OS, on a European phone, manufactured in a European fab, powered by European nuclear plants we have spent fifteen years closing. Estimated time to ship: 2047. Estimated cost: the GDP of three member states. Estimated outcome: a chatbot that requires a cookie banner before each response. Worth it. In the meantime, European users are protected from Apple processing data Apple already holds by ensuring nobody processes anything at all. Not a bug. The intended outcome. Regulatory product design with a sledgehammer, swung with precision. 🇪🇺

Formal verification fixes this.

It's 2026 and people still try to stop the train in GTA 5 😭

Muslim student asks: “Can I practice gay anal sex to widen my ass for a bomb?” Muslim teacher answers: “Normally forbidden, but for jihad? Totally allowed!” Is it just me, or they are all repressed and gay?

My last submission to MSRC was for a Device Guard bypass.  I learned my lesson from prior drawn-out submissions, so I included a 90 day window this time.  MSRC responded saying that it met their bar and they would fix it, but asked me to withhold disclosure well past 90 days because they needed a few extra months to fix it.  I agreed on the condition that they issue a CVE, to which they agreed.  After the agreed-upon Patch Tuesday a few months later, I couldn’t find any mention in the CVE list, so I reached out to MSRC to inquire. It turns out - they changed their minds, deciding it did not meet their bar for servicing, yet they patched it anyway.  Since it didn’t meet the bar, they didn’t issue a CVE. MSRC strung me along for a few extra months to keep me quiet, then broke their word. They could have at least bought me dinner first. The interaction left such a bad taste in my mouth that I don’t really feel like interacting with them again. That’s why I didn’t publish any exploits/tools last year. #MeTooMSRC