Tag Archives: data protection

2026, AI, AI & Machine Learning, Anthropic, Claude

When AI Becomes Too Powerful To Export: Anthropic, Fable 5, Mythos 5, and the moment AI became national security

Leave a comment

There are moments in technology when you can almost hear the gears of history clicking into place.

Not loudly. Not with fireworks or a bloke in a shiny suit standing on stage telling us that everything has changed. More often, it happens quietly, in a blog post, a government letter, or a hurried statement published late in the day.

This feels like one of those moments.

Anthropic has announced that it is suspending access to its Claude Fable 5 and Claude Mythos 5 models after receiving a directive from the US government. The reason given is national security. The result is that Anthropic has had to abruptly disable the models for all customers, because the order reportedly prevents access by any foreign national, whether inside or outside the United States.

That even includes foreign national Anthropic employees.

Just pause on that for a moment.

We are not talking about a graphics card being shipped overseas. We are not talking about a missile guidance chip, a military radar system, or some piece of exotic lab equipment. We are talking about access to an artificial intelligence model.

Software has just been treated like a controlled strategic asset.

What are Fable 5 and Mythos 5?

Only a few days before this happened, Anthropic had announced Claude Fable 5 and Claude Mythos 5.

Fable 5 was presented as a highly capable model for general use, sitting above Anthropic’s previous Opus class models. It was described as being especially strong at software engineering, research, visual understanding, long running tasks and complex knowledge work.

Mythos 5, meanwhile, appears to be the more restricted version, intended for trusted partners, particularly in areas such as cyber defence and critical infrastructure. In simple terms, Fable 5 was the version with more safeguards. Mythos 5 was the version where some of those safeguards could be lifted for trusted users.

Anthropic’s argument was that these systems could do a great deal of good. They talked about helping cyber defenders secure important software, assisting with scientific research, and accelerating work in areas such as life sciences.

And that is where the difficult bit begins.

The same capability that helps a good actor find vulnerabilities in software can also help a bad actor find vulnerabilities in software. The same intelligence that can help researchers solve hard problems can also lower the barrier for people who should not be anywhere near those tools.

That is the uncomfortable dual use problem at the heart of advanced AI.

The jailbreak question

According to Anthropic, the US government’s concern appears to be around a possible way of bypassing, or “jailbreaking”, Fable 5’s safeguards.

A jailbreak in this context means finding a way to persuade the AI to ignore or work around its safety systems. Anyone who has used AI tools for a while will know that safety systems can sometimes be a bit clumsy. They can refuse harmless requests, misunderstand context, or behave like an over cautious supply teacher on a school trip.

But at the frontier end of AI, the stakes are rather higher than asking for a dodgy limerick or persuading a chatbot to roleplay as an unfiltered assistant. Here, the concern is that a model might be coaxed into helping with cybersecurity work in a way that could be misused.

Anthropic says it has only received limited evidence of a narrow jailbreak and that the vulnerabilities involved were already known and relatively minor. It also says other publicly available models can identify similar issues without needing any special bypass.

That is important, because it gets to the heart of the argument.

If every powerful AI model can be jailbroken in some narrow way, does that mean none of them should be released?

Or does it mean the industry needs layered defences, monitoring, responsible access programmes and clear rules?

Anthropic clearly believes the latter.

A sudden and very public clash

What makes this story so striking is not just the safety issue. It is the speed and bluntness of the response.

Anthropic says it received the directive at 5.21pm Eastern Time and that the letter did not give specific details of the national security concern. The company is complying with the order, but it also says it disagrees with the decision and believes the action was not transparent, fair, clear, or grounded in technical facts.

That is unusually direct language from a major AI company.

It is also a sign of the times. The relationship between AI labs and governments is going to become one of the defining technology stories of the next few years. These companies are building systems that may become essential to business, science, software development, education, defence, healthcare and almost every corner of modern life.

Governments are not going to sit back and treat that as just another app.

When AI Becomes Too Powerful To Export: Anthropic, Fable 5, Mythos 5, and the moment AI became national security
When AI Becomes Too Powerful To Export: Anthropic, Fable 5, Mythos 5, and the moment AI became national security

The export control problem

For years, the big AI export control story has mostly been about chips. Who can buy the most advanced GPUs? Which countries can access the hardware needed to train frontier models? How do you stop sensitive capability moving across borders?

This Anthropic story changes the focus.

Now we are talking about controlling access to the model itself.

That opens up a whole set of awkward questions.

  • What happens if a UK business builds a product around an American AI model and access is suddenly removed?
  • What happens to customers who have paid for a service?
  • What happens to employees of the AI company who are not US citizens?
  • What happens when powerful models are used through cloud platforms, APIs, apps and enterprise tools across dozens of countries?

For businesses, this is a bit of a wake up call.

Many companies are now rushing to bolt AI into their workflows. Customer service, coding, document analysis, marketing, finance, legal review, research, data extraction, the lot. But this story is a reminder that access to the most advanced models may not always be guaranteed.

It is not enough to ask, “Which model is best?”

You also have to ask, “What happens if it disappears tomorrow?”

The Gadget Man view

I find this fascinating because it marks a shift in how we think about AI.

For most people, AI still feels like a clever website. You type something in, it replies, and occasionally it makes you wonder whether the future has arrived slightly ahead of schedule.

But at the very top end, these models are becoming more like infrastructure. They are tools that can write code, analyse huge amounts of information, interpret images, reason through complex problems and assist in scientific work. They are no longer just novelty chatbots. They are engines of capability.

And that makes governments nervous.

Some of that nervousness is reasonable. A powerful AI system in the wrong hands could be dangerous. Nobody sensible should pretend otherwise.

But there is also a danger in sudden, opaque intervention. If companies are told to build safely, test thoroughly, work with governments, create safeguards and develop trusted access programmes, then the rules need to be clear. Otherwise, innovation becomes a guessing game.

Anthropic’s frustration seems to be that it believes it did many of the right things. It says it worked with government, carried out extensive testing, used strong safeguards and adopted a defence in depth approach. Yet it still found itself having to pull access almost immediately.

That will worry a lot of people in the AI world.

What does it mean for ordinary users?

For most casual users, probably not much today.

Access to Anthropic’s other models is not affected, and many people will not have been using Fable 5 or Mythos 5 yet. But the wider meaning is more significant.

This is a glimpse of the future of AI regulation.

The most advanced models may not be treated like ordinary software products. They may be controlled, restricted, monitored and sometimes withdrawn. Access may depend on who you are, where you are, what you are doing, and whether a government believes the system crosses a national security threshold.

That might sound dramatic, but it is not science fiction anymore. It is happening.

My closing thought

There is an old pattern in technology.

First, something looks like a toy.

Then it becomes useful.

Then it becomes essential.

Then it becomes strategic.

AI has moved through those stages at a frankly ridiculous speed.

The Anthropic Fable 5 and Mythos 5 story may turn out to be a misunderstanding, as Anthropic suggests. Access may be restored. The details may become clearer. The technical risk may prove to be less dramatic than the government feared.

But even if all that happens, the line has still been crossed.

A government has looked at an AI model and treated it as something powerful enough to restrict on national security grounds.

That is not just a story about Anthropic.

That is a story about where AI is heading next.

And whether we like it or not, the future of artificial intelligence is no longer just about clever prompts, faster coding, or shinier demos.

It is about power, trust, borders and control.

Welcome to the next chapter.

 

2026, Hacking, Security

Think Before You Scan: That QR Code May Be a Scam

Leave a comment

QR codes have become part of everyday life. Parking meters, restaurant menus, parcels, emails. A quick scan feels harmless. That is exactly why cybercriminals are increasingly abusing them.

This growing threat is known as quishing, short for QR code phishing. Instead of asking you to click a suspicious link, attackers persuade you to scan a code that quietly sends you somewhere you really did not intend to go.

At the start of January, the FBI issued a warning about a wave of attacks linked to North Korean cybercriminals who were using fake QR codes to harvest personal information. Security experts say this is not just a US problem. Similar attacks are now appearing across multiple countries, including the UK, as criminals look for new ways to make money.

The technique is simple but effective. Fake QR codes are placed over legitimate ones in public locations such as parking machines, cafés and kiosks. Scan the code and you are redirected to a convincing looking website that may ask for payment details or login credentials. Last year, UK government bodies warned motorists about QR stickers on parking meters that led victims to spoofed payment pages.

QR codes are also being used in email attacks. In one example highlighted by the FBI, a state sponsored group embedded malicious QR codes in emails to employees, presenting them as a way to download extra information. Scan first, think later. That is what the attackers are counting on.

According to cybersecurity experts at Planet VPN, the outcome is usually the same wherever the QR code appears. Once scanned, users are forwarded to a fake site designed to look genuine, whether that is a restaurant menu or a payment page. From there, credit card details, passwords or even full device access can be compromised.

Planet VPN co founder Konstantin Levinzon explains why QR codes are proving so effective. People tend to trust them. They became widespread during the pandemic and still do not trigger the same suspicion as a dodgy looking link. The risk feels lower because there is no visible URL to inspect, just a quick scan.

There is another reason attackers favour QR codes in emails. Many anti phishing systems analyse text and links but do not properly inspect images. A QR code can slip through where a traditional phishing email might be blocked. Even when detection improves, attackers adapt by changing colours or designs to evade filters.

The scale of the problem is significant. Cybersecurity researchers estimate that millions of QR related threats were recorded in just the first half of last year, and experts believe the real number is likely higher due to undetected scams.

Think Before You Scan: That QR Code May Be a Scam
Think Before You Scan: That QR Code May Be a Scam

So what should you do?

Be deliberate about scanning QR codes. Ask yourself why it is there and whether it makes sense. If a scan takes you to a site asking for payment or login details, treat that as a serious warning sign.

If a QR code arrives via email from someone you do not know, or even someone you do know but were not expecting to hear from, pause and verify it before entering any details or downloading anything.

Most importantly, apply the same common sense you would use elsewhere online. Stay sceptical. Use a VPN on public Wi Fi. Keep your devices updated. Use strong passwords and enable multi factor authentication wherever possible.

QR codes are convenient, but convenience is often what attackers exploit. A second of caution can save a great deal of hassle later.

2025, Hacking, Security

Cybernews Cracks the Password Puzzle: What 19 Billion Passwords Reveal About Us

Leave a comment

We’ve all been there — that moment when the password box blinks impatiently, waiting for your brain to produce something secure and memorable. But what if I told you that billions of us are still relying on “123456” or “password” to guard our digital front doors?

Researchers at Cybernews have just released a fascinating and somewhat alarming analysis of 19,030,305,929 leaked passwords, and the findings tell a revealing story about human behaviour, pop culture obsessions, and our often lacklustre approach to security.

Only 6% of Passwords Are Unique – Let That Sink In

Out of 19 billion passwords, only 1.1 billion were unique. That means 94% of people are using the same passwords as someone else — and in the world of hacking, that’s music to a cybercriminal’s ears.

The most common passwords? You’ve guessed them:

  • “password” – used 56 million times

  • “admin” – 53 million times

  • “123456” – 338 million times

  • “1234” – found in nearly 4% of all passwords (that’s 727 million accounts!)

It’s 2025 and we’re still living in a world where “qwerty” and “abc123” are considered acceptable safeguards.

What We Love Shows Up in Our Passwords

The team at Cybernews created themed wordlists to understand what people use in their passwords. The results are both amusing and a little worrying.

Pop Culture Reigns Supreme

Characters like:

  • Mario (9.6M)

  • Batman (3.9M)

  • Joker (3.1M)

  • Thor (6.2M)

  • Elsa (2.9M)

Yes, even a magical ice queen made it onto the hacker’s dictionary.

Our Favourite Animals?

  • Lion (9.8M)

  • Fox (7.8M)

These majestic creatures might be noble, but they’re not secure.

Love, Tea, and Swear Words

  • Love” appears in 87 million passwords.

  • Tea – our national treasure – is in 36 million!

  • And surprisingly (or not), words like “ass” (165M), “fuck” (16M), and “shit” (6.5M) are extremely common.

Seems like when people get frustrated with password rules, they get… expressive.

The Human Factor: Names, Cities, and Seasons

We seem to really love personal and familiar things:

  • Ana is the most-used name (178.8M times).

  • Rome is the top city (13M).

  • Summer (3.8M) leads the seasons, while May (28M) and April (5.2M) dominate the months.

  • Monday is weirdly the most popular weekday (800,000).

And professions like boss, cook, and hunter show up in millions of passwords. Is that confidence or wishful thinking?

Big Brands in Passwords: Not a Great Idea

Believe it or not, some people think referencing tech giants will protect them:

  • Google – 25.9M passwords

  • Facebook – 18.7M

  • Kia – 12.7M (your guess is as good as mine)

Why This Matters (and What You Should Do About It)

With only 6% of passwords being unique, dictionary attacks and credential stuffing become a walk in the park for bad actors. If your password is on one of these lists, your account could be next.

Top Tips for Better Passwords:

  1. Use a Password Manager – Tools like Bitwarden, 1Password or KeePass make strong passwords easy.

  2. Avoid Dictionary Words – Even “FrostyTheSnowman1983” isn’t safe if enough people use it.

  3. Go Long and Complex – At least 12 characters, mixing letters, numbers, and symbols.

  4. Don’t Reuse Passwords – Ever.

  5. Turn On 2FA – Always enable two-factor authentication where possible.

The Bottom Line

Your password is often the only thing standing between your private data and a very bad day. The Cybernews report doesn’t just expose poor habits — it’s a stark reminder that humans are the weakest link in cybersecurity.

So, before you set your next password to “GadgetMan2025”, take a moment. You’re worth a better lock on your digital door.

Matt Porter – The Gadget Man

Have you checked your passwords recently? Would you like me to review any password manager tools for you next?