We all know the story by now. Last Friday on 12 June the Commerce Department issued an export control directive on Anthropic’s Fable 5 and Mythos 5, citing national security, and both models were pulled from every customer the same evening.
Two days later a lobby group at freefable.org asked the government to lift it. Their letter argues that these models are nothing special. That’s essentially what I’ve been saying on this blog since the start, so you’d think I’d be excited to see the lobbyists bring the industry to where I’ve always been.
The problem is, nine weeks earlier I saw many of the same people argue the exact opposite, in writing, at length, and for money.
That’s not right.
Who You Gonna’ Call?
In April the Cloud Security Alliance published The AI Vulnerability Storm: Building a Mythos-ready Security Program, led by Knostic CEO Gadi Evron with Rich Mogull of CSA and Rob T. Lee of SANS. It warned security leaders their ground had moved suddenly and they needed to panic. It named an entire era after one single Anthropic model. It sold readiness, in person, with events booked through June.
In June the Free Fable letter told Secretary Lutnick the same capability is nothing more than commodity, replicable on GPT-5.5, Opus, Sonnet, and Kimi 2.7. Basically anything. And that the research that triggered this new ban was defensive all along.
Four Horsemen of AI-pocalypse
Looking at the list, I see four people signed both. Gadi Evron, who led the April paper. Rich Mogull, who co-wrote it. Katie Moussouris and Joshua Saxe, who contributed to it. Two documents, two months, two opposite arguments, same four names on each.
Table Time
|
April: AI Vulnerability Storm! |
June: Free Fable |
| The capability |
“AI-driven offense is the new baseline.” Attackers gain the asymmetric benefit. |
Defensive code review that “should not be considered an offensive capability.” |
| Its size |
A step change. An era named after the model. |
Not uniquely good. Replicable on GPT-5.5, Sonnet, and Kimi 2.7. |
| The clock |
Discovery to weaponization collapsed to hours. Defenders cannot keep pace. |
The model lets defenders find and fix flaws faster than adversaries. |
| The stakes |
Re-architect now. Glasswing disclosures are the first of many waves. |
Removing the model carries no real risk worth the action. |
| Proliferation |
Broad availability of machine-speed discovery is the storm itself. |
Adversaries are advancing, so defenders must keep ours in hand. |
| The safeguards |
A capability potent enough to require an invite-only, managed rollout. |
Safeguards so aggressive they were a joke in the community on launch day. |
What Is Our Industry Doing?
Nothing about the capability changed between April and June. The model is the same model. The code-review behavior the letter now calls defensive is the same behavior the April paper filed under “AI-driven offense is the new baseline“. Being accurate should be the goal, not picking a side based on payoff.
In April, the threat was called large and in charge, because that sells a Mythos-ready program, SANS seats, and the consulting that follows a board briefing. Evron sells a posture product. He needs a monster to sell his monster services.
In June, the threat was completely drained, because a small threat becomes more important given an export control that pulls the model out of vendors’ hands and freezes a market.
From large to small, depending on whatever helps them sell, sell, sell.
Somebody Isn’t There
Notably, I was disappointed to see people sign on in April. More than 250 CISOs redlined the April paper live, by its own account. A campaign that broad, assembled that fast, around one vendor’s model, is its own kind of question we should be asking. The heavy promotion and pressure to be in the room when the industry vendors decide what to panic about was a bit too on the nose.
Look now at Jen Easterly, former director of CISA. And Rob Joyce, former cyber chief at NSA. And Chris Inglis, former National Cyber Director. And Bruce Schneier. And Rob T. Lee of SANS. All of them lent the April paper its gravity with their reputation. I mention it because none of them, so far, have put their name to the June lobby letter. Signing it contradicts their April selves. So perhaps it’s notable that these names of institutional capital still anchor to the initial FUD. I mean, of those who built the April alarmist framing, only commercial names have crossed over to sign the new letter.
I know some will say that their April paper hedged, that Mythos wasn’t really about one model and that the capability predated Mythos. Ok, but that’s misleading. The paper mentioned one vendor and one vendor only repeatedly, page after page. So the advice to “prepare for a real and spreading capability” is defensible, except “do not export-control one vendor of it” goes back to the same sole vendor that the April report hammered on too.
And while such hedging and liability vagueness could cover a general threat of AI, it does not cover the very obvious recategorization going on. In April the capability was offense, the new baseline of attack. In June it was a defensive code check that should not count as offensive. The same people flipped 180 on capability claims, based on what? Export control?
I have written that the ban itself is incoherent, an export control on a Tier 1 interaction over a capability Anthropic files under Tier 2. Now, I’m writing that the letter answering it is incoherent as a reflection.
The lobby letter is proof the April campaign was wrong, but it doesn’t land as a mea culpa among those running both. If the letter is to be believed, its signatories can’t be. Two incoherences are being pointed at each other, as if the public would want a coin-operated flip-flop laundry to lead America’s security industry.
