Tag Archives: security systems

2026, AI, AI & Machine Learning, Anthropic, Claude

When AI Becomes Too Powerful To Export: Anthropic, Fable 5, Mythos 5, and the moment AI became national security

Leave a comment

There are moments in technology when you can almost hear the gears of history clicking into place.

Not loudly. Not with fireworks or a bloke in a shiny suit standing on stage telling us that everything has changed. More often, it happens quietly, in a blog post, a government letter, or a hurried statement published late in the day.

This feels like one of those moments.

Anthropic has announced that it is suspending access to its Claude Fable 5 and Claude Mythos 5 models after receiving a directive from the US government. The reason given is national security. The result is that Anthropic has had to abruptly disable the models for all customers, because the order reportedly prevents access by any foreign national, whether inside or outside the United States.

That even includes foreign national Anthropic employees.

Just pause on that for a moment.

We are not talking about a graphics card being shipped overseas. We are not talking about a missile guidance chip, a military radar system, or some piece of exotic lab equipment. We are talking about access to an artificial intelligence model.

Software has just been treated like a controlled strategic asset.

What are Fable 5 and Mythos 5?

Only a few days before this happened, Anthropic had announced Claude Fable 5 and Claude Mythos 5.

Fable 5 was presented as a highly capable model for general use, sitting above Anthropic’s previous Opus class models. It was described as being especially strong at software engineering, research, visual understanding, long running tasks and complex knowledge work.

Mythos 5, meanwhile, appears to be the more restricted version, intended for trusted partners, particularly in areas such as cyber defence and critical infrastructure. In simple terms, Fable 5 was the version with more safeguards. Mythos 5 was the version where some of those safeguards could be lifted for trusted users.

Anthropic’s argument was that these systems could do a great deal of good. They talked about helping cyber defenders secure important software, assisting with scientific research, and accelerating work in areas such as life sciences.

And that is where the difficult bit begins.

The same capability that helps a good actor find vulnerabilities in software can also help a bad actor find vulnerabilities in software. The same intelligence that can help researchers solve hard problems can also lower the barrier for people who should not be anywhere near those tools.

That is the uncomfortable dual use problem at the heart of advanced AI.

The jailbreak question

According to Anthropic, the US government’s concern appears to be around a possible way of bypassing, or “jailbreaking”, Fable 5’s safeguards.

A jailbreak in this context means finding a way to persuade the AI to ignore or work around its safety systems. Anyone who has used AI tools for a while will know that safety systems can sometimes be a bit clumsy. They can refuse harmless requests, misunderstand context, or behave like an over cautious supply teacher on a school trip.

But at the frontier end of AI, the stakes are rather higher than asking for a dodgy limerick or persuading a chatbot to roleplay as an unfiltered assistant. Here, the concern is that a model might be coaxed into helping with cybersecurity work in a way that could be misused.

Anthropic says it has only received limited evidence of a narrow jailbreak and that the vulnerabilities involved were already known and relatively minor. It also says other publicly available models can identify similar issues without needing any special bypass.

That is important, because it gets to the heart of the argument.

If every powerful AI model can be jailbroken in some narrow way, does that mean none of them should be released?

Or does it mean the industry needs layered defences, monitoring, responsible access programmes and clear rules?

Anthropic clearly believes the latter.

A sudden and very public clash

What makes this story so striking is not just the safety issue. It is the speed and bluntness of the response.

Anthropic says it received the directive at 5.21pm Eastern Time and that the letter did not give specific details of the national security concern. The company is complying with the order, but it also says it disagrees with the decision and believes the action was not transparent, fair, clear, or grounded in technical facts.

That is unusually direct language from a major AI company.

It is also a sign of the times. The relationship between AI labs and governments is going to become one of the defining technology stories of the next few years. These companies are building systems that may become essential to business, science, software development, education, defence, healthcare and almost every corner of modern life.

Governments are not going to sit back and treat that as just another app.

When AI Becomes Too Powerful To Export: Anthropic, Fable 5, Mythos 5, and the moment AI became national security
When AI Becomes Too Powerful To Export: Anthropic, Fable 5, Mythos 5, and the moment AI became national security

The export control problem

For years, the big AI export control story has mostly been about chips. Who can buy the most advanced GPUs? Which countries can access the hardware needed to train frontier models? How do you stop sensitive capability moving across borders?

This Anthropic story changes the focus.

Now we are talking about controlling access to the model itself.

That opens up a whole set of awkward questions.

  • What happens if a UK business builds a product around an American AI model and access is suddenly removed?
  • What happens to customers who have paid for a service?
  • What happens to employees of the AI company who are not US citizens?
  • What happens when powerful models are used through cloud platforms, APIs, apps and enterprise tools across dozens of countries?

For businesses, this is a bit of a wake up call.

Many companies are now rushing to bolt AI into their workflows. Customer service, coding, document analysis, marketing, finance, legal review, research, data extraction, the lot. But this story is a reminder that access to the most advanced models may not always be guaranteed.

It is not enough to ask, “Which model is best?”

You also have to ask, “What happens if it disappears tomorrow?”

The Gadget Man view

I find this fascinating because it marks a shift in how we think about AI.

For most people, AI still feels like a clever website. You type something in, it replies, and occasionally it makes you wonder whether the future has arrived slightly ahead of schedule.

But at the very top end, these models are becoming more like infrastructure. They are tools that can write code, analyse huge amounts of information, interpret images, reason through complex problems and assist in scientific work. They are no longer just novelty chatbots. They are engines of capability.

And that makes governments nervous.

Some of that nervousness is reasonable. A powerful AI system in the wrong hands could be dangerous. Nobody sensible should pretend otherwise.

But there is also a danger in sudden, opaque intervention. If companies are told to build safely, test thoroughly, work with governments, create safeguards and develop trusted access programmes, then the rules need to be clear. Otherwise, innovation becomes a guessing game.

Anthropic’s frustration seems to be that it believes it did many of the right things. It says it worked with government, carried out extensive testing, used strong safeguards and adopted a defence in depth approach. Yet it still found itself having to pull access almost immediately.

That will worry a lot of people in the AI world.

What does it mean for ordinary users?

For most casual users, probably not much today.

Access to Anthropic’s other models is not affected, and many people will not have been using Fable 5 or Mythos 5 yet. But the wider meaning is more significant.

This is a glimpse of the future of AI regulation.

The most advanced models may not be treated like ordinary software products. They may be controlled, restricted, monitored and sometimes withdrawn. Access may depend on who you are, where you are, what you are doing, and whether a government believes the system crosses a national security threshold.

That might sound dramatic, but it is not science fiction anymore. It is happening.

My closing thought

There is an old pattern in technology.

First, something looks like a toy.

Then it becomes useful.

Then it becomes essential.

Then it becomes strategic.

AI has moved through those stages at a frankly ridiculous speed.

The Anthropic Fable 5 and Mythos 5 story may turn out to be a misunderstanding, as Anthropic suggests. Access may be restored. The details may become clearer. The technical risk may prove to be less dramatic than the government feared.

But even if all that happens, the line has still been crossed.

A government has looked at an AI model and treated it as something powerful enough to restrict on national security grounds.

That is not just a story about Anthropic.

That is a story about where AI is heading next.

And whether we like it or not, the future of artificial intelligence is no longer just about clever prompts, faster coding, or shinier demos.

It is about power, trust, borders and control.

Welcome to the next chapter.

 

2026, NordVPN, Passwords

Why ‘123456’ Is Still Ruining Business Security

Leave a comment

There are some things you expect to see in 2026. AI everywhere. Electric cars quietly taking over. Smart homes that know when you have run out of milk.

What you do not expect is that one of the biggest threats to company security is still someone typing 123456 into a login box.

Yet here we are.

A recent piece of research from NordPass lays it all bare. After analysing huge volumes of passwords exposed in real world data breaches, the conclusion is both fascinating and slightly terrifying. Business passwords are often no better than the ones we were being warned about twenty years ago.

The same bad habits, everywhere

Across sectors like healthcare, manufacturing, tech and finance, the patterns repeat themselves. Simple number sequences dominate. Obvious choices like 123456, 123456789 and password keep cropping up. In some cases people are even using their own email address as the password.

That last one is particularly grim. If your username is already public, you have effectively handed an attacker half the keys to the building.

What struck me most was how universal this problem is. This is not a single careless industry or a few unlucky firms. It is a human behaviour issue. Convenience beats caution every time unless systems are designed to protect us from ourselves.

Why attackers love this

From an attacker’s point of view, weak passwords are a gift. Automated tools can try millions of common combinations in seconds. If employees reuse passwords across systems, one breach can quietly unlock several more doors.

This is often how serious incidents begin. Not with Hollywood style hacking, but with someone guessing a password that should never have existed in the first place.

The uncomfortable truth for businesses

Here is the bit that matters. This is not really a technical problem. The tools to fix it have existed for years.

Strong password policies. Password managers. Multi factor authentication. Alerts for leaked credentials. None of this is exotic or expensive anymore.

What is missing is consistency and enforcement. Many organisations still rely on guidance rather than rules, or assume that staff will naturally do the right thing. History shows they will not, especially when speed and convenience are rewarded.

What actually works

From everything I have seen over the years, both professionally and personally, a few things make the biggest difference.

First, remove the burden from users. A good password manager means nobody has to remember anything clever.

Second, enforce unique passwords everywhere. No exceptions.

Third, enable multi factor authentication wherever possible, especially for email and admin accounts.

Finally, treat leaked passwords as inevitable, not hypothetical. Monitor for them and act quickly.

Still relevant, still risky

It is easy to laugh at 123456. It feels like a joke from the early days of the internet. But when that same password is still opening real company systems today, it stops being funny very quickly.

The NordPass research is a useful reminder that cybersecurity does not always fail at the cutting edge. More often, it fails at the front door.

And the front door is still wide open far too often.