惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

WordPress大学
WordPress大学
Cyberwarzone
Cyberwarzone
The GitHub Blog
The GitHub Blog
云风的 BLOG
云风的 BLOG
P
Proofpoint News Feed
小众软件
小众软件
Recent Announcements
Recent Announcements
博客园 - 三生石上(FineUI控件)
Security Archives - TechRepublic
Security Archives - TechRepublic
W
WeLiveSecurity
Cloudbric
Cloudbric
博客园 - 司徒正美
美团技术团队
N
News and Events Feed by Topic
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
PCI Perspectives
PCI Perspectives
宝玉的分享
宝玉的分享
H
Help Net Security
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Google DeepMind News
Google DeepMind News
Help Net Security
Help Net Security
Last Week in AI
Last Week in AI
S
Schneier on Security
N
News | PayPal Newsroom
B
Blog RSS Feed
L
LINUX DO - 最新话题
T
Troy Hunt's Blog
S
Secure Thoughts
雷峰网
雷峰网
aimingoo的专栏
aimingoo的专栏
L
Lohrmann on Cybersecurity
G
Google Developers Blog
Microsoft Azure Blog
Microsoft Azure Blog
Hacker News - Newest:
Hacker News - Newest: "LLM"
T
Tenable Blog
S
Securelist
L
LangChain Blog
Recent Commits to openclaw:main
Recent Commits to openclaw:main
I
InfoQ
H
Heimdal Security Blog
Cisco Talos Blog
Cisco Talos Blog
F
Full Disclosure
Y
Y Combinator Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
K
Kaspersky official blog
T
Tailwind CSS Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
阮一峰的网络日志
阮一峰的网络日志
C
Cisco Blogs

Schneier on Security

A Video Screen That Is Also a Camera - Schneier on Security Upcoming Speaking Engagements - Schneier on Security Vulnerability in FIFA's Network - Schneier on Security AI Data Centers and the Concentration of Wealth - Schneier on Security Friday Squid Blogging: "Squidbleed" Vulnerability - Schneier on Security AI Surveillance and Social Progress - Schneier on Security The Language of AI Could Change How Humans Speak - Schneier on Security Cybersecurity and the Gap Between Skill and Ability - Schneier on Security Google Is Suing Chinese Scammers Who Are Using Gemini - Schneier on Security France to Stop Certifying Non-Quantum-Safe Encryption - Schneier on Security Flock Cameras Can Surveil Cars Without License Plates - Schneier on Security Cybersecurity Mission Creep in the US - Schneier on Security Papa Johns Surveillance-Based Advertising - Schneier on Security The Realities of AI Video Surveillance - Schneier on Security Factoring RSA Keys with Many Zeros - Schneier on Security Robot Police Officers - Schneier on Security The Chinese Control the Majority of Argentina's Squid Fleet - Schneier on Security Meta Is Testing Facial Recognition for Police and Military - Schneier on Security One Million Passports Leaked Online - Schneier on Security AI and Liability - Schneier on Security Interesting Paper Exploring Prompt Injection - Schneier on Security Embedding Forbidden Text in Spyware to Discourage AI Analysis - Schneier on Security Anthropic's Fable 5 Model Jailbroken Within Days - Schneier on Security Professional Athletes and Wearables - Schneier on Security Friday Squid Blogging: Victims of Unregulated Squid Fishing - Schneier on Security Embedding Forbidden Text in Spyware to Discourage AI Analysis - Schneier on Security AI Use by the US Government - Schneier on Security Flock Cameras Are Being Used for Stalking - Schneier on Security The FCC Wants to Eliminate Burner Phones - Schneier on Security Upcoming Speaking Engagements - Schneier on Security Friday Squid Blogging: Squid-Inspired Fluid Pump Bernie Sanders’ AI Sovereign Wealth Fund Plan Enhanced License Plate Tracking NSO Group Hacking WhatsApp Despite Court Order GPS As a Key Distribution Platform - Schneier on Security Critical Zcash Vulnerability Found and Fixed Anthropic’s Project Glasswing Update AI Worm - Schneier on Security Hacking Meta's AI Chatbot - Schneier on Security AI Used to Decrypt Medieval Ciphers The Intersection of Encryption and AI Microsoft Threatening Security Researcher Vulnerability Disclosure in the Age of AI Friday Squid Blogging: Another Squid Chilling Effects FBI’s 2025 Internet Crime Report Identifying People Using Wi-Fi Routers Friday Squid Blogging: Regulating Squid Fishing in the South Pacific CISA Security Leak macOS Kernel Memory Corruption Exploit On AI Security Laurie Anderson Is Quoting Me Zero-Day Exploit Against Windows BitLocker Friday Squid Blogging: Bigfin Squid Bypassing On-Camera Age-Verification Checks OpenAI’s GPT-5.5 is as Good as Mythos at Finding Security Vulnerabilities Copy.Fail Linux Vulnerability LLMs and Text-in-Text Steganography Friday Squid Blogging: Giant Squid Live in the Waters of Western Australia Insider Betting on Polymarket Smart Glasses for the Authorities Rowhammer Attack Against NVIDIA Chips DarkSword Malware Hacking Polymarket A Ransomware Negotiator Was Working for a Ransomware Gang Fast16 Malware Claude Mythos Has Found 271 Zero-Days in Firefox What Anthropic’s Mythos Means for the Future of Cybersecurity Medieval Encrypted Letter Decoded Friday Squid Blogging: How Squid Survived Extinction Events Hiding Bluetooth Trackers in Mail FBI Extracts Deleted Signal Messages from iPhone Notification Database ICE Uses Graphite Spyware - Schneier on Security Mexican Surveillance Company - Schneier on Security Is “Satoshi Nakamoto” Really Adam Back? Friday Squid Blogging: New Giant Squid Video Mythos and Cybersecurity Human Trust of AI Agents Defense in Depth, Medieval Style
Anthropic's Fable and the State of AI - Schneier on Security
Bruce Schneier · 2026-06-19 · via Schneier on Security

On June 9th, Anthropic released its Fable generative AI model. Three days later, the US government classified it as a dangerous munition, and used its export-control authority to prohibit any foreign nationals from accessing it. Unable to differentiate between Americans and foreigners, the company shut off access for everyone.

The government’s actions won’t help. The problem isn’t any one particular model; it’s the general trend of increasing AI capabilities. And any real solution requires the sort of collective action that just isn’t possible right now.

Fable is the constrained version of Mythos, the AI model Anthropic announced in April. Anthropic only released it to a few selected organizations, because the company claimed it was so good at finding and exploiting vulnerabilities in computer code that releasing it more generally would be dangerous.

It was an obviously self-serving announcement, and because few were able to verify Anthropic’s claims they were met with some skepticism. Those with access used Mythos to find and patch many vulnerabilities in their own software. But one UK group found the latest, already public, OpenAI model to be just as powerful.

Fable is just another incremental improvement in the years-long climb of AI capabilities. But just as important as the AI model is the “harness.” This is typically not AI. It’s ordinary computer code that interfaces with the user. It stitches together AI models, decides how and for what purposes they can be used, and gives them useful tools such as web search and the ability to run their own computer code.

When Mythos first entered limited release, there was widespread debate whether its power came from the model or the harness. With Mythos demonstrating that it was possible, the open-source community scrambled to build harnesses that could steer other AI models towards similar capabilities. Harness improvements don’t need massive data or data centers.

They largely succeeded. For example, a Prague company was able to replicate Anthropic’s few verifiable cybersecurity capabilities with a much smaller and cheaper model—and a more sophisticated harness. Last week, a group showed that multiple cheaper models harnessed in concert matches Fable’s performance.

The broader community had only a few days with Fable, but that time we learned some about its capabilities. Its difference is less the new model’s raw analytical and problem solving capabilities, and more that the model doesn’t need that sophisticated harness.

Fable requires much less expertise and detailed prompting from the human user. You can give it a difficult goal and it will figure out novel and unexpected ways to satisfy it, finding loopholes in whatever constraints you or the system have imposed on it.

“Relentlessly proactive” is how AI researcher Simon Willison described it. Another descriptor might be “creative.” Experienced AI developers have had that combination of creativity and proactivity since last year, but Fable puts it within easy reach of everyone.

In the hands of someone with a legitimate problem that needs solving, that can be an incredibly useful capability. But in the hands of someone who wants to do harm, it can be equally dangerous. AIs don’t have a moral compass in the same way that people do. They are agents of the wants and desires of the people who prompt them.

That points to the real problem with relentlessly proactive AI. In language, wants and desires are always underspecified. If I ask you to get me some coffee, you would probably pour me a cup from the coffeepot, or buy one from a nearby coffee shop.

You couldn’t buy me a pound of raw beans, or a coffee plantation. You wouldn’t order a cup of coffee for delivery next month. You wouldn’t find a nearby person, rip a cup of coffee out of their hands, and bring it to me. I wouldn’t have to specify any of the million limitations to my request; you would just know.

Human stories are filled with warnings about underspecified desires. King Midas wished that everything he touch turn to gold, forgetting to add “but not my food, drink, and daughter.” And genies are notorious for granting your wish in a way you wish they hadn’t.

The deeper point is that it’s impossible to list all limitations and restrictions, and like a malicious genie, a creative AI will find the ones you forgot. Block a database you don’t want it to have access to, and it might figure out how to bypass your control. Ask it to book a flight, and it might hack the airline because the website says the flight is sold out. Ask it to save money on your cellphone plan, and it might cancel it altogether—or get someone else to pay for it. As far as we know now AI has not done any of this yet, but you get the idea.

Malicious intent is not required. To an AI model, constraints are just things to get around and not general truisms about the world. They are creative problem solvers and natural rule breakers. They “hack” in the sense that they find and exploit loopholes.

Human systems rely on so many norms that we scarcely recognize the existence of until they are broken. AIs naturally think outside the box, because they don’t have any real conception of what the box is or why it’s there in the first place.

There is no foolproof way to prevent people from using AI models to complete harmful tasks. There is no way to prevent the models from incidentally causing harm while completing benign tasks. AI models are no longer isolated from the real world. They browse the internet and answer emails.

They trade stocks and make purchases. They control physical systems. They are, in effect, robots that affect life and property. We have no technical mechanisms to verify the integrity of an AI system. This level of capability and creativity in the hands of us untrustworthy humans will have both great and terrible results.

The problem is not unique to Anthropic. Mythos/Fable might currently be the most capable rules hacker, but more sophisticated harnesses give other models similar capabilities. And we should assume that the other frontier models are no more than a few months behind, and that open-source models are less than a year behind. At best, any ban only serves to delay the problem for a short while.

That delay might be useful if we—as a society, as a planet—would use that time to come together and figure out what to do. This isn’t a US/China arms race problem; this a species-level problem that requires coordinated action at that scale. Unfortunately, we have no mechanism to do that. I first wrote about this problem five years ago, but it was all too futuristic.

Today, when its right in front of us, there is no world government that can impose constraints on the for-profit corporations currently controlling AI models and research. The US has no appetite to effectively and even-handedly regulate those corporations, even as they do catastrophic damage to the environment, democracy, and—in this case—society in general.

This all makes an AI public option all the more necessary, and urgent. Today’s AIs can be fast, smart and secure, but only two of the three are possible for any given system. These safety tradeoffs are tightly held secrets of companies racing to beat one another, and they tell us we have to trust them. Instead, the choices and their consequences need to be brought out into the sunlight.

We should be funding open-source harnesses that balance capability and safety—that achieve useful goals without so much power—and open-source AI models whose provenance and biases are public and well understood. We have opened the AI Pandora’s box. Now we have to make the best of it.

This essay originally appeared in The Guardian.

Tags: , , , ,

Posted on June 19, 2026 at 7:03 AM19 Comments

Sidebar photo of Bruce Schneier by Joe MacInnis.