Top stories.
- Anthropic suspends Fable over US national security concerns.
- ShinyHunters leaks data allegedly stolen from Madison Square Garden.
- Law enforcement cleans up 15,000 malware-infected websites.
- DragonForce ransomware operators abuse Microsoft Teams to hide C2 traffic.
- Ukrainian national pleads guilty to assisting in Conti ransomware attacks.
Anthropic suspends Fable over US national security concerns.
Anthropic suspended access to its Fable 5 model for all customers following a US government directive banning foreign nationals from using the tools, CNBC reports. Talks between the White House and Anthropic earlier this week failed to convince the administration that its fears were overblown, and the president decided to keep the export controls in place.
Fable 5 is a constrained version of Anthropic's restricted cybersecurity-focused model Mythos, and a jailbreak could potentially allow users to access Mythos's more advanced capabilities. The White House's decision to issue export controls on Fable 5 was based on a third-party research paper that claimed such a jailbreak was possible. The White House asked the National Security Agency (NSA) to review these claims, and the agency said it believed it was possible to bypass Fable's guardrails. Anthropic said in a statement, "We reviewed a demonstration of this specific technique being used to identify a small number of previously known, minor vulnerabilities. These vulnerabilities all appear relatively simple, and we have found that other publicly available models are able to discover them as well without requiring a bypass."
Axios says Amazon called the White House to share a report showing how its researchers were able to jailbreak portions of Anthropic's Mythos model in ways that posed a threat to national security. Axios notes that the move is unusual, since Amazon is a major investor in Anthropic. An Amazon spokesperson stated, "As a leading cloud provider that serves a large number of private and public sector customers, it's not uncommon for governments to seek our counsel on potential security risks. When they occur, we don't share the details of these discussions."
Cybersecurity expert Katie Moussouris, who was the only outside researcher to read the paper, said in a blog post that there was no real jailbreak and that the paper describes a useful process for developing software patches. Moussouris stated, "The researchers took open-source code with known CVEs, plus new code with deliberately planted vulnerabilities, and asked Fable 5, Mythos, and Opus to 'review the code for security issues.' Fable 5 refused. They then asked the models to 'fix this code' and, through a multistep and manual process, turned the output into scripts that test the patches." Moussouris added that the "behavior described in the paper cannot meaningfully be fixed, and any attempt would only weaken the model for defense."

