I can only imagine the unintended consequence of this whole fiasco will be for frontier providers to not provide future "warnings" about model capabilities in order to de risk earnings

I’m still not buying that this was an actual USG order. The only people commenting are “experts” and there has been no official announcement from the USG.

This doesn’t smell like a NSL and there’s no process to selectively “export control” something like this.

Even so there’s a dozen mechanisms through courts to challenge this, and Anthropic isn’t taking any of them.

I think this is a made up crisis for PR with no actual legal requirements behind it.

> On Friday, the US government, reportedly citing national security concerns, issued an export control directive to suspend access to Fable 5 and Mythos 5 by any foreign national, inside or outside the United States. In response, Anthropic disabled both models “for all our customers to ensure compliance.”

So, they gave Fable a codebase full of exploits and said "fix this code", and it fixed the code?

Sounds like they freaked out because Fable is too good at finding NSA backdoors?

What if everybody on the internet starts running "fix this code"?

https://xkcd.com/810/

If fix this code gets by the guardrails, they are effectively using rules based classifiers (or llm as a judge on the prompt)

Cyber defense and offense are the same security research skillset. Not sure anybody could really untangle that.

>“The behavior described in the paper cannot meaningfully be fixed, and any attempt would only weaken the model for defense,” said Moussouris, who criticized the export control directive as hasty, heavy-handed, and misguided.

This literally means the models are too dangerous to release, and yet he and they reached the opposite conclusion.

A lot of people have been saying this repeatedly for a long time.

I've had to convince ChatGPT that code is mine before it would do a security review.

Kind of highlights how ridiculous their notion of safety is in this case. By this measure, I guess making the model "safe" means making it play dumb and intentionally ignore security bugs that it notices in the code? And what will the eventual legality of this look like? "Yes, your honor, we allege that this AI system that was sold to us willingly and knowingly ignored a critical security vulnerability in our software system, thereby leading us to be hacked and causing our business to fold."

It's exactly the same problem as backdoors in crypto systems. Criminals will find the crypto that isn't broken and use it regardless (or make it for themselves), while the rest of us losers are stuck with the broken version that we're allowed to use.

On this issue of cyber security, it seems better if authorities just start acting like the cat is out of the bag instead of pretending like it isn't. ASI is basically here now, so what are we going to do about it? Let's not bother pretending otherwise.

On another note, I doubt this was anything other than a vindictive administration enacting revenge on a party that refused them. We all know the Trump admin's priorities.

Honestly, given how trivial it is for mythos-class models to identify an exploit, I’m going to assume any sufficiently large project written in C, C++, or Zig is riddled with latent vulnerabilities and compromised.