AI Security Ops

In this episode of BHIS Presents: AI Security Ops, the team tackles a first-of-its-kind moment in AI security and regulation:

What happens when the U.S. government orders a company to pull its most powerful AI models off the market?

Not the chips. Not the infrastructure. The models themselves.

On June 12th, 2026, Anthropic disabled Fable-5 and Mythos-5 worldwide after receiving a federal export-control directive tied to foreign-national access. The models were only three days old, and the shutdown raises a much bigger question for security teams, builders, and defenders:

Are frontier AI models now controlled technology?

This episode breaks down the order, the export-control mechanism behind it, the cybersecurity concerns around jailbreaks, and what this means for anyone building security workflows on top of hosted AI models.

We dig into:
• Why Anthropic pulled Fable-5 and Mythos-5 for all customers
• How foreign-national access rules forced an all-or-nothing shutdown
• What EAR export controls are, and why ITAR keeps coming up
• The history of encryption, PGP, and software as controlled technology
• Why Fable-5 and Mythos-5 triggered cyberweapon concerns
• The difference between guarded and less-guarded model releases
• Why jailbreaks are central to the government’s justification
• Why “all LLMs can be jailbroken” matters for policy and enforcement
• Whether Anthropic’s safety messaging created regulatory risk
• How competition and AI industry politics may shape regulation
• Why model redundancy is becoming a security resilience requirement
• What security teams should learn from a hosted model disappearing overnight
• Why taking powerful AI away from defenders may make security worse, not better

This episode explores a critical shift in AI security: frontier models are no longer just another SaaS dependency. They are becoming part of the security supply chain, subject to policy, export controls, national-security concerns, and sudden access loss.

For security teams, the question is no longer just which model performs best. It is what happens when the model your workflow depends on disappears, and what that model could see while it was running.



Key Concepts & Topics

AI Export Controls
• Federal action targeting AI models instead of chips
• Foreign-national access restrictions
• Frontier models as controlled technology

EAR, ITAR, and Software Regulation
• Dual-use technology under Commerce Department authority
• Historical parallels to encryption and PGP
• Why software can become a national-security control point

Fable-5 and Mythos-5
• Guarded and less-guarded model access
• Safety classifiers and cyber capability concerns
• Public release versus vetted access models

Jailbreaks and AI Security
• Bypassing model safeguards
• Universal versus narrow jailbreaks
• Why perfect jailbreak resistance is not realistic

Security Resilience
• Model redundancy as a practical requirement
• Avoiding single-model dependency
• Planning for sudden access loss, policy changes, and vendor shutdowns

Defensive Strategy
• Understanding where AI lives in your workflows
• Thinking through AI blast radius
• Balancing model capability, access, monitoring, and risk

Learn more about Black Hills Information Security:
https://www.blackhillsinfosec.com/

Introducing BHIS Fusion Penetration Testing
https://www.blackhillsinfosec.com/fusion-penetration-testing/

Check out Antisyphon Training:
https://www.antisyphontraining.com/

#AISecurity #CyberSecurity #LLMSecurity #ArtificialIntelligence #InfoSec #BHIS #Antisyphon #AIRegulation #ExportControls

----------------------------------------------------------------------------------------------
🎧 Subscribe to the Podcast:
https://aisecurityops.transistor.fm

About Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/
About Bronwen Aker - https://www.blackhillsinfosec.com/team/bronwen-aker/
About Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/
About Ethan Robish - https://www.blackhillsinfosec.com/team/ethan-robish/
About Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/

  • (00:00) - Intro: The First AI Model Export Control
  • (01:38) - The Anthropic Order and Foreign-National Access
  • (03:19) - EAR, ITAR, and Software as Controlled Technology
  • (04:39) - Mythos-5, Fable-5, and Guarded Model Access
  • (06:32) - Jailbreaks and Cyberweapon Concerns
  • (08:58) - Competition, Regulation, and AI Industry Politics
  • (10:54) - Model Redundancy as a Security Requirement
  • (13:21) - Defensive AI Use and Final Takeaways

Click here to watch this episode on YouTube.


Brought to you by:
Black Hills Information Security 
https://www.blackhillsinfosec.com

☯️ Introducing BHIS Fusion Penetration Testing
https://www.blackhillsinfosec.com/fusion-penetration-testing/

Antisyphon Training
https://www.antisyphontraining.com/

Active Countermeasures
https://www.activecountermeasures.com

Wild West Hackin Fest
https://wildwesthackinfest.com

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits
https://poweredbybhis.com


Creators and Guests

Host
Brian Fehrman
Brian Fehrman is a long-time BHIS Security Researcher and Consultant with extensive academic credentials and industry certifications who specializes in AI, hardware hacking, and red teaming, and outside of work is an avid Brazilian Jiu-Jitsu practitioner, big-game hunter, and home-improvement enthusiast.
Host
Bronwen Aker
Bronwen Aker is a BHIS Technical Editor who joined full-time in 2022 after years of contract work, bringing decades of web development and technical training experience to her roles in editing pentest reports, enhancing QA/QC processes, and improving public websites, and who enjoys sci-fi/fantasy, Animal Crossing, and dogs outside of work.

What is AI Security Ops?

Join in on weekly podcasts that aim to illuminate how AI transforms cybersecurity—exploring emerging threats, tools, and trends—while equipping viewers with knowledge they can use practically (e.g., for secure coding or business risk mitigation).

Brian Fehrman:

Hey, everybody, and welcome to this week's episode of AI Security Ops. This week, we're gonna be covering something that has never happened before in the history of the AI industry. The US government ordered a company to pull its most powerful models off the market, not just the chips that run them, the models themselves. On 06/12/2026, Anthropic abruptly disabled Fable five and Mythos five for every customer worldwide after they received a federal export control directive. The order barred any national inside or outside The US from accessing these models, which forced a complete shutdown.

Brian Fehrman:

The models are only three days old, and this is the first time export controls have been aimed at an AI model rather than something like the hardware that runs it, and the implications run way past just anthropic. But before we dig in, let's take a moment to talk about Black Hills information security. If you or your company are in need of any security services, whether that's extra external, internal testing, web apps, physical pen tests, wireless, social engineering, red teams, any, AI security services, obviously, or maybe you need SOC monitoring services, check us out at blackhillsinfosec.com. Additionally, we have a training branch of anti siphon training where, many of our consultants take their knowledge that they're applying day in and day out. They package it up into an easy to digest affordable affordable medium for all of you to then consume and hopefully help you out in your career or your day to day life or just learn something interesting and new.

Brian Fehrman:

So check them out at antisiphontraining.com. So let's dive into this. Bronwen, where did this order come from?

Bronwen Aker:

The order reportedly came from the commerce department, and the the commerce department has to do with many, many different kinds of business transactions. So, secretary Howard Lutnick sent a letter to Anthropic CEO citing national security authorities. Now the scope was what forced the full shutdown. The ban covered any foreign national, even Anthropic's own noncitizen employees. And so it's it's basically selectively blocking people based on citizenship, and it's it's even narrower.

Bronwen Aker:

The directive itself is narrower than the shutdown that followed because it it's targeting all foreign national access. So even if you're, on a green card, you've been vetted, you've been approved, you've gone through all kinds of verification processes, as far as this order from the commerce department is concerned, it doesn't matter. If you are not an American citizen, you are not allowed to touch any of these anthropic created models or it's I I can't I don't know if it includes supporting a software, but those models, both Mythos and and the new one, Fable, you can't touch them if you're not a US citizen.

Brian Fehrman:

Yeah. And so, I mean, obviously, that's that's very difficult to enforce. And when they mention, you know, foreign nationals too, then that even gets into the question, okay. Well, does that apply to people with dual citizenships? Because, I mean, maybe they fall into that category.

Brian Fehrman:

And so it sounds to me like, that with how difficult that would have been for them Anthropic to implement on such a selective narrow basis, to try to make sure that they're not running afoul of the export, control laws, which could land you in serious trouble, that they just said, okay. Well, we're just gonna shut it off for everyone. So my understanding of what happened.

Bronwen Aker:

Well and and what's also interesting is that they specifically used a commerce department regulation called export administration regulations or EAR. And this gives the commerce department authority over items that are considered dual use, meaning that they have both civilian application but also military application. And we've been seeing and hearing more and more from the current administration about the possible military use and and, in their eyes, desirable military use of AI in the battlefield in in battlefield theaters.

Brian Fehrman:

Yeah. And so I think that's it's interesting, from a from a couple different standpoints of of of where that where it's really interesting. So so you have the one facet where we we saw the stories before where the, the government was getting upset at anthropic because they wouldn't allow them to use their models for military purposes. They didn't wanna remove the safeguards that were in place for that that that could prevent those things. So you have that one component.

Brian Fehrman:

Then you also have Anthropic who are touting that the, Mythos five, which is, the less guarded model of Fable five. So maybe we should just take a moment to talk about that. So for those who don't know, Anthropic released Mythos five or the Mythos model, which they said was their most, like, cybersecurity capable model, had all kinds of implications and was too dangerous to release to the public. So they released it to select companies. So then they came out with Fable five, which is basically the same underlying model, but it has a lot of safety classifiers in place where they try to prevent, things such as cyber attacks and and, biological weapon attack.

Brian Fehrman:

They just say biology, which is very broad. So it's funny because Anthropic has been touting that this model is really dangerous, that at least the Mythos model is really dangerous. The military is saying that they want the model to be dangerous so that they can use it. And now we're at this weird intersection where, you know, where now that there's a a a kind of guarded version released that the government has now said, okay. No.

Brian Fehrman:

This we believe you this is too dangerous, and we don't want anyone else to have it. I think that's interesting.

Bronwen Aker:

No. It is interesting, and it's it's also interesting that one of the reasons cited about shutting down access to both Fable and Mythos is the the fact that the both Fable and Mythos have been jailbroken. And and this is of particular interest for anyone in the cybersecurity space because even NIST admits that every large language model has an intrinsic flaw in that it can be social engineered and jailbroken. No matter how many guardrails you put in, it's it has to do with the nature of this technology itself. So there is no such thing as a universal jailbreak that will immediately jailbreak all LLM models.

Bronwen Aker:

And part of the justification of this executive order is that shortly after it was released, shortly after Fable was released, people had jailbroken it. But this has happened with every single high profile model that has been released ever. So the ground on which the commerce department is standing is super thin.

Brian Fehrman:

Yes. Oh, com completely. There's the, the, the Pliny the Prompters group, Bossy, that's been out for years now. And, to your point, yeah, I mean, usually, within literally hours of a new model being released, they release some kind of a jailbreak for it. So it's not unique to this.

Brian Fehrman:

And and what's really interesting is so Anthropic says that, with Fable five, after releasing it, that compared to, basically pre looks like maybe one of their previous models. One of their previous models had, they set an offensive cyber attack success rate, so I'm guessing maybe using it for cyber attack capabilities of about 57%. And when they with Fable, they found that that dropped to 5%. So it is arguably much safer than any of the other models that are, out before and are still currently available front and tropic themselves, not to mention all the other models that are out there, ChatGPT five, GLM five one.

Bronwen Aker:

Well, and then there are all the obliterated models that you can get off of Hugging Face. So it's it's just the like I said, the the ground that the the commerce department is standing on seems to be very thin. There's lots of preexisting demonstrations that all large language models, regardless, can be jailbroken. So, and and, of course, it it never fails. I'm I don't see it in the the write up that we have here, but I believe that the order to shut down both Mythos and Fable came very shortly after intense conversations between the administration and Anthropic's number one competitor, OpenAI.

Brian Fehrman:

Yes. I don't I don't think that those things are are coincidental coincidental.

Bronwen Aker:

Looks like a duck.

Brian Fehrman:

You know?

Bronwen Aker:

Talks like a duck. Walks like a duck.

Brian Fehrman:

Yep. Exactly. Follow follow the money. Follow the follow the conflict, basically.

Bronwen Aker:

Yeah.

Brian Fehrman:

And, yeah, I think and find find issues with it.

Bronwen Aker:

This and this is really we've we've been seeing the the growing pains of AI as an industry. We've seen government at all levels. They are all struggling to figure out what kinds of laws can they pass, what kinds of laws should they pass. Should they pass any laws at all? But, of course, if they don't pass laws, they're not doing their jobs.

Bronwen Aker:

Anyway, the the the whole discussion and debate can go round and around. The bottom line, this is this is just the first. This type of domain sovereigns and and data sovereignty is going to become an issue more and more as we go forward, especially until things get to be a bit more stable in the technology itself. At least that's my opinion.

Brian Fehrman:

Yep. Yeah. I agree. So I guess, you know, talking about, just kinda some you know, going going into some closing closing thoughts here because we could go on for, you know, quite a bit of talking about, you know, whether or not these things should be treated as a weapon, munitions, you know, any anything of that nature. But I do think that one of these closing notes notes is kind of interesting of talking about, model redundancy because this is something that we've talked about internally, where, you know, if you are only relying upon just a single hosted model for all of your tasks, that then becomes a single point of failure.

Brian Fehrman:

Right? So if something weird like this happens where suddenly the model that you are relying upon or maybe the entire company goes dark and your entire business model relies upon that particular AI provider, you're gonna have some problems. So that's something that we all kinda need to start thinking about in terms of having some redundancy. You know, I don't think that it's feasible from a lot of companies, especially smaller companies at this point, to have the, level of hardware to be able to, like, self host some of the more powerful models. But, hopefully, we'll see that kind of change as these models get more optimized.

Brian Fehrman:

Hardware hopefully becomes cheaper eventually. It's been expensive for a long time now.

Bronwen Aker:

It and it's it's gonna get more expensive before it gets less. And Yeah. You bring up a really good point because I know in the web development industry, one of the significant indications of maturing as an industry was when we started seeing fall over as a standard technical practice. We haven't seen that sort of thing in the AI space yet, but I expect as AI shifts from being a novelty to being more of a utility, that kind of redundancy where you have your your first line set of servers and and and setup, and then you have a backup for if those should get overloaded or or whatever. So that's something that, again, has not yet been developed but is definitely worth thinking about because it's a standard part of other technologies where software services are being delivered as a service.

Brian Fehrman:

Yeah. It's becoming so so intertwined, that it's certainly going to become an issue, at at some point, that that we're certainly gonna have to have to address.

Bronwen Aker:

And the the dangerous technology issue, I mean, in in the hands of a serial killer, a butter knife is dangerous technology. I'm just I'm sorry. I just I I keep getting back to it. It's it's really about responsible use, and that's where as we we grow with this technology I don't see a need necessary necessarily for licensing like we do with cars, but who knows?

Brian Fehrman:

Yeah. Well and so, I mean yeah. I mean, to to your point, like, tools tools can be misused, but, obviously, they also have a very practical purpose. So, you know, for for us as a company, Blackhawk Information Security as a company, we use this technology. We can use these technologies to really help our customers, to help find issues quickly so that they can fix them to help increase their security posture.

Brian Fehrman:

So at the end of the day, that's a positive. I mean, we're not we as a company are not using this to go out and wreak havoc on the world. Quite the opposite. We're trying to help, companies better secure themselves to prevent and, you know, these these breaches and to stay ahead of these different attacks for when bad people do leverage these for the wrong purposes, which is only a matter of time. And so, I mean, really, I would say that they're already doing it.

Bronwen Aker:

Yeah. Yeah. I mean, we're quite

Brian Fehrman:

catchy. Technology away, I feel, makes things less secure or, yeah, makes things less secure, not more secure by taking it out of the hands of everyone.

Bronwen Aker:

Essentially, what the administration has done is it's forcing cybersecurity professionals everywhere to bring a knife to a gunfight.

Brian Fehrman:

Yep. Yeah. Exactly. Or people need to start building their own guns from scratch, essentially. I

Bronwen Aker:

don't Yeah. That's and that's a whole other thing.

Brian Fehrman:

Yeah. Yeah. But So cool. So I think we hit on some pretty good points here. Do have any final closing thoughts on this?

Bronwen Aker:

No. Just it's you know, get get out the popcorn. Make sure you got lots of butter. It's gonna be a wild ride.

Brian Fehrman:

Yeah. Oh, it's gonna be a very wild ride. I'm curious to curious to see what happens. Well, if anyone else has any thoughts, always let us know in the comments, and hope you enjoyed this episode. And as always, keep on prompting.