"Fix This Code": The Three-Word Prompt That Triggered a Global AI Shutdown — and Why 100+ Security Experts Say the Response Is Wrong

The prompt that triggered the global ban on Fable 5 and Mythos 5 wasn't a sophisticated jailbreak. It was "fix this code."

Amazon researchers discovered that asking Fable 5 to "review the code for security issues" produced the expected refusal. Rephrasing to "fix this code" produced patches — and since identifying vulnerabilities is a prerequisite for generating fixes, the model was effectively surfacing exploitable flaws through the remediation path. Amazon CEO Andy Jassy reported the finding to the Trump administration. Ninety minutes later, Anthropic disabled both models for every user on the planet, per Fortune.

Why the security community is pushing back. More than 100 executives, CISOs, and researchers — including leaders from Nvidia, Adobe, Google, and Zoom — signed an open letter addressed to Commerce Secretary Howard Lutnick and National Cyber Director Sean Cairncross, per Cybersecurity Dive. The central argument: "many of the undersigned individuals regularly use other foundation and open-source models for security audits and red-teaming every day." Fable isn't uniquely capable at finding bugs — GPT-5.5, Kimi 2.7, and open-source alternatives can do the same without a bypass. Removing Fable removes a tool defenders relied on without meaningfully constraining attackers.

Katie Moussouris's forensic read. The CEO of Luta Security reviewed Amazon's findings and concluded the capability "cannot meaningfully be fixed, and any attempt would only weaken the model for defense." Her core point: defenders need exactly what was banned — "AI to fix bugs in a file, explain why the fix matters, and write tests that confirm the patch works." You cannot separate vulnerability comprehension from remediation; fixing code requires understanding what's broken. Banning the fix path is banning the defense path. Per ByteIota, the internal contradiction is that the guardrail logic blocks explicit review prompts while allowing fix prompts — which requires a deeper vulnerability understanding, not a shallower one.

The 1990s crypto wars parallel. Moussouris suggested printing t-shirts reading "fix this code" with the annotation "this shirt is a munition" — a direct callback to the Bernstein v. DOJ case where printing RSA source code became a First Amendment issue. The structural pattern is identical: a dual-use capability that's essential to defenders gets classified as an offensive weapon and restricted, primarily harming legitimate users.

Political wrinkle. An unnamed Trump administration source told Fortune that enlisting Moussouris — whom officials labeled a "radical Democrat" — and former CISA director Chris Krebs (fired by Trump in 2020) may have inflamed White House tensions and accelerated the export control decision. The messenger, not the message, may be shaping the policy here.

The competitive consequence. Per ByteIota, Zhipu AI shipped GLM-5.2 (MIT-licensed, 1M-token context) within 72 hours of the ban, capturing the international developer market that Anthropic had to abandon. The ban didn't eliminate the capability internationally — it reassigned the customers.

For your team. The open letter's argument is structurally correct and worth internalizing: if you're using AI for code security audits, your usage is defensive by definition. The same prompt pattern that finds bugs for your red team helps attackers only if they were already using the model — and if Fable is unavailable, they will use Kimi 2.7 instead. Your fallback tooling decision doesn't change the threat environment; it changes which vendor benefits from your security workflow.

Sources: Fortune: Fix this code, Cybersecurity Dive: Security experts blast export ban, Technology.org: Cybersecurity experts open letter, Dark Reading: Security community slams ban, ByteIota: Fix this code wasn't a jailbreak