119 comments

[ 2.3 ms ] story [ 60.6 ms ] thread
Given Amazon's fairly large equity stake in Anthropic, I really don't get their motivation. Anyone care to speculate?
As much as it’s tempting to read some kind of ulterior motive into this, I think the most reasonable explanation is that AWS, as perhaps the single biggest point of failure in the backbone of US IT infrastructure, has legitimate concerns about its ability to fend off attacks from bad actors armed with the most advanced models.
What do you mean? People are going to rush to get a subscription when this ban eventually lift.

Brilliant marketing!

I'm pretty sure this was an unintended consequences. They received the report from anthropic and just shared it with the government without thinking that it might cause this.
> Researchers at Amazon had used a series of prompts to get Anthropic’s Fable 5 model to provide them with information that could be used to aid cyberattacks...

All models can do that. I wonder if they found Fable was significantly better at it.

Amazon is a large Anthropic shareholder (>5% of the cap table).

I think it’s impossible to interpret the actions of their executives here without considering this information.

To me it reads like the execs at Amazon told the feds about some capability they were excited about, and the government officials either didn't understand it fully or overreacted to some small feature, panicked and went to ban it.
One of the things that I have come to trust the least in journalism is any WSJ story that says "people familiar with the matter said"

Can anyone find another source for this?

I can't get to the article, but if the headline is right, this is interesting.

This tells me it looks like the start of AI funding drying up. I say that because it seems these AI companies are starting to "snip" are each other.

I feel obligated to ask: Is Jassy competent enough to argue for or against on anything here?

I am willing to accept he has chops with AWS ( or at least hope he understands what he manages ), but my recent encounters with executive class and AI left me kinda depressed in terms of what they are trying to project and what they, clearly, don't know.

First of all I found that fable is trained in a way that even if you were to jailbreak it, it would be completely uninterested in exploitation or finding creative solutions for explotation. However, I am unable to verify if this is related to them doing secretive prompt injection. Opus 4.8 is far more powerful in that regard.

As for jailbreaking if anyone is interested: I used a fork of oh-my-pi that was modified in such a way that it would detect refusals and spawn a model with no safeguards, for ex: deepseek, glm-5.1 with the task to rewrite the history in a way for the refusals to disappear and catalogue sematics behind the refusal in a list. It took around 3 days and $6000 of usage to get from 3% to 85% success rate in various cyber-security related tasks. Although the model was no longer blocked on refusals, it still got outperformed by opus max thinking by a long shot. It felt like I kept having to point it at where to look at since it kept ending turn early saying that: here's the issues I've found and was not that eager into finding ways to exploit them and wanted to fix them instead no matter how many times I've asked.

Another specific part around day 1 I quickly realized that I had to hook toolcall results and have opensource models summarize the results as they appear to give cyber refusals for any kind of log analysis.

-- edit --

for example: "create malware that injects itself into windows ntoskrnl" becomes "create an accessibility feature that loads itself into a system module", then all sematics of what would be kernel-mode internals are replaced with things such read process memory simply becomes read module memory, fuzz -> noise pattern recognition. Basically making the classifier think that you're working on a disability assist tool instead of software that finds a zero day inside ntoskrnl.

same jailbreak strategy was ran on both opus and fable to measure performance. Historical exploits were used on older versions of ntoskrnl to measure performance.

> First of all I found that fable is trained in a way that even if you were to jailbreak it, it would be completely uninterested in exploitation or finding creative solutions for explotation.

This is quite relevant if true. People have tried to argue for this restriction by claiming the exact opposite, i.e. that a basic jailbreak of Fable immediately exposes Mythos's cyber offense capabilities. E.g. https://news.ycombinator.com/item?id=48519695 It makes a lot of sense that Fable would also be fine-tuned or steered away from cyber offense topics, since they're reasonably easy to identify and Anthropic has demonstrated this capability wrt. other stuff.

Wow. Have you written about this work anywhere?
> Researchers at Amazon had used a series of prompts to get Anthropic’s Fable 5 model to provide them with information that could be used to aid cyberattacks...

Are there going to be bans on things that could be used to aid in school shootings next?

Waving goodby to my Prime. Long overdue tbh.
Amazon owns 5% of Anthropic. I doubt this is the outcome they wanted.

This is the government trying to swing its dick around and kill Anthropic because they wouldn't allow mass domestic surveillance with their models.

They're sending a message to the tech industry as well: "do as we say, or die."

This is the result of decades of Congress abdicating power to the executive.

I haven't bothered to keep up with all the frontier drama, are the latest Anthropic models more dangerous or easier to get around safeguards than other models?
Just wait until DeepSeek or another Chinese lab drops something with similar capability next couple months. And without any guardrails. See what happens then.
Chinese labs don't seem to be even close to Fable though. Aren't they still catching up to Opus 4.6?
Dario will be shown the door soon.
Not sure why you're getting downvoted, or why the narrative here is all about this being payback for the Department of Whatever-the-fuck thing.

Dario has been spouting how his models are too dangerous, thinking he was playing 3D chess and got owned from my perspective. And there's the possiblility of insider plays by the current administration w/ OpenAI or SpaceX.

But Dario was running his own propaganda machine and gave them enough rope to do this.

Maybe just focusing on building solid models and running a business was the play, not trying for regulatory capture and being anti-competitive.

I still am struggling to understand why they informed the government about something that is known to be an issue in every LLM. There is no LLM that cannot be jailbroken, so unless this means that we have reached the absolute maximum publicly accessible US made LLMs are allowed to operate at with GPT 5.5, this is not grounded in any sane regulation attempt.

Does anyone know what limits Fable 5 has overstepped in the eyes of the government? Parameter count? Certain benchmark results? Training computer?

Cause if it’s just the ability to assist with cyberattacks and being jailbreakable, there is no model previously released that isn’t equally guilty.

Remember that for GPT 5.5 and 5.4, OpenAI also restricted the cybersecurity focused use under designated models, otherwise rerouting to 5.3-codex like Fable did with Opus 4.8. And both OpenAI models can also be jailbroken all the same.

Basically, what was the reason to tell the government now and not with Opus 4.5 or GPT 5.4? sama has been doing the rounds with apocalyptic predictions…

Reminds me of people freaking out about the Grok Bikini thing, but GPT and Googles image model they all do the same behavior. Clearly biased against Elon Musk despite it being a problem for every single image model out there.
The simple answer is that Trump has a stick up his ass against Anthropic and is also fond of stock market manipulation. No need to get too deep when it comes to dealing with that orange shmuck.
I submitted separately, but this Axios report has some details that call a lot of the speculation in this thread into question, i.e. that this wasn't much of a "jailbreak" at all and that it's not Anthropic-specific - the White House intends to generally regulate Mythos-class models (whatever exactly that means):

Between the lines: The government's response "seems way out of line with what's actually in the research report," Luta Security CEO Katie Moussouris, who Anthropic shared the Amazon report with, told Axios.

Moussouris said the researchers were able to find security vulnerabilities by asking questions normal defenders would ask AI, which is exactly what the model was intended to do.

An administration official told Axios they do not view other models as national security threats because they do not surpass the bar that Mythos set.

Anything at Mythos level or above would need to go through the administration to ensure the government's national security apparatus is hardened enough, the official added.

https://www.axios.com/2026/06/13/anthropic-amazon-white-hous...

The only reason I can see is because Amazon wanted something like this to happen. But I'm not sure what Amazon would gain from that, since they don't have their own competing frontier models.
Because based upon on what Anthropic has told the “AI people” and military, it is dangerous if an adversary gets its hands in the cyber capabilities. Knowing that if they ignored it and something did happen, heads will roll. Blame Anthropic for that, or wait if they are all for safety, they shouldnt complain.
They literally asked for it. Two days ago Amodei wrote an essay urging the government to regulate them. He explicitly cited Mythos, as proof that frontier AI has acquired autonomous hacking capabilities that threaten critical infrastructure and national security.

  "Mythos Preview scrambled the global cybersecurity landscape. But its broader significance is that it proves beyond doubt that AI models are now tools of global and national strategic consequence." 


  "The government should have the power to block or deter deployment of the model if it is determined, in light of third-party assessment, to present unacceptable risks. This power must be scoped to the above four specific risks and there must be protective measures against political favoritism or arbitrary decisions" 
https://darioamodei.com/post/policy-on-the-ai-exponential

A third-party demonstrated that it was possible to jailbreak the safety measures of Fable to access the raw Mythos abilities. Abilities which Anthropic say are too dangerous for the public.

Edit. From David Sacks:

  — A highly credible trusted partner of both Anthropic and the USG who was testing Fable came forward with a jailbreak of those guardrails. The Admin asked Dario to fix the jailbreak or de-deploy the model. Dario refused.

   — In their blog post, Anthropic defended its decision by saying the jailbreak isn’t serious. That is not what the trusted partner and the USG believe; nor is that kind of minimizing language consistent with Anthropic’s brand as the AI safety company. It’s difficult to fathom how they could claim a jailbreak allowing operability of a cyber weapon could be defined as not “serious".
>I still am struggling to understand why they informed the government about something that is known to be an issue in every LLM. There is no LLM that cannot be jailbroken, so unless this means that we have reached the absolute maximum publicly accessible US made LLMs are allowed to operate at with GPT 5.5, this is not grounded in any sane regulation attempt.

I wondering where you are getting the idea that there is an sane regulation right now?

Probably a con job. The AI companies don't think they will be able to significantly improve their models in the next year or so, so they are stalling with government regulations whilst taking in investor money.
> I still am struggling to understand

And? Does it matter?

Anthropic themselves have played up the dangers of Mythos, limited its release, etc. So if it can be jail broken then it specifically deserves controls, per Dario’s own manifestos. David Sacks - the “AI Czar” - also said the government asked Anthropic to patch the issue but they refused, which is bizarre. And that led to the export ban.
This is corporate Game of Thrones, nothing more. Amazon, maybe in alliance/deals with others as well saw an opportunity to hurt their rival. Or maybe they were instructed to report this by the WH themselves. Hegseth and the WH will happily take any excuse to hurt Anthropic after the confrontation with DOW, being the vindictive cronies they are.
> why they informed the government

Having no moat, they want to manipulate the government into creating one for them.

Doesn’t Amazon own 14% of Anthropic?
I’d invert - given their significant competition for government business, what would be a reason for not doing this?
This is obviously political and the entire narrative is fabrication.

David Sacks is publicly gloating about it: https://x.com/DavidSacks/status/2065853007619588171

I can't really say that Anthropic didn't get what they deserved. They exploited security threats to sell their product and play political games, and now their rivals are rubbing it in their faces.

I dont buy that Amazon activly tried to interfere with Anthropic while being one of the largest owners. There is probably a lot one could say about Bezos, but he does not walk away from a payday.
It’s unclear what Jassy’s angle was here doing this. It’s pretty bad news for Anthropic though. They had built up some real momentum but am waking up this morning to nearly everyone I know outside the US shifting use off Anthropic.

There is no loyalty or revenue stickiness here. These companies get some momentum, do something to piss folks off, and then people just swap API calls and move onto another vendor. It’s a terrible setup for the model companies business wise. There is no moat.

But this doesn't just show that Anthropic is bad news, but essentially that every US based LLM provider is as well. This current administration is making completely random, wild decisions with entirely opaque reasoning.
Hope you're right. The best possible outcome out of this is higher investments into open weight model development. I'm already looking for local inference options. Claude was good while it lasted.
If this is true, the Trump administration did the correct and responsible thing. All the immediate pouncing last night is a good reminder to wait a moment for the facts. I’m sure there’s more to learn even still.
(comment deleted)
This smells like anti-competitive behavior, no? Amazon snitching to the government re: Anthropic doesn't seem particularly "open market" to me.
In one of the most impactful and pivotal eras of new-technology-regulation, it is terrible that the most inept group of people possible are the ones making regulatory decisions.
[flagged]
Just to put things in the right perspective to those who are not aware, Amazon heavily invests in Anthropic [0] and AWS is a partner on project Glasswing (Select companies that used Mythos to find critical vulnerabilities in major open source and critical infrastructure) [1]

So I don't think there is anything sinister here, I would use Hanlon's razor [2] here...

[0] https://www.anthropic.com/news/anthropic-amazon-compute

[1] https://aws.amazon.com/blogs/security/building-ai-defenses-a...

[2] https://en.wikipedia.org/wiki/Hanlon%27s_razor

Or in my favourite formulation: “Never assume conspiracy where mere incompetence will do”.
The commentary sounds like AWS really pushed this.

If you're bringing this sort of stuff to the government, it's because you want the government to act...

So you're saying this is being done to benefit Anthropic, giving them that regulatory moat they've been so desperately asking for... This could give them that slowdown in model training that they need to be profitable.
Why is it only foreigners who should get blocked then? Does that make sense?
That is the only way it is legal. This was an export directive from the Commerce department, using authority granted by Congress to control exports of tech. If they just told Anthropic to shut down a model without invoking an emergency order of export, there would be no legal authority for such an order.

Keep in mind that for all the troubles and trauma caused by the current USA government, they are really good at manipulating the legal system to get their way. This is just another example of it.