On June 9, Anthropic launched its shiniest model yet. On June 12, the US government made them switch it off. For everyone. Worldwide.
If you build security products for a living, that three-day arc should ruin your week, not just Anthropic’s.
Here is the short version. Fable 5 shipped as a generally available frontier model across the Claude API, AWS Bedrock, Vertex AI and GitHub Copilot. Three days later an export-control directive landed, and Anthropic had roughly ninety minutes to comply. GitHub and AWS suspended access the same day. The model that was central to your roadmap on Tuesday was gone on Friday, and the company that pulled the trigger was not even your vendor.
I am not writing this to dunk on Anthropic. I use these models. I love these models. I am writing this because a lot of security products being sold right now are, structurally, a thin layer of prompts and branding wrapped around a frontier model. The Fable episode is the clearest demonstration we have ever had of what that means: you can wake up one morning and discover that someone pulled the plug on you.
That is not a hypothetical anymore. It is a Tuesday. And it got me thinking about what AI-native means for us, cybersecurity vendors.
“AI-native” usually means “AI-dependent”
The pitch for the flashy new tool is always the same. It is AI-native, born in the cloud, raised on transformers, iterating faster than your crusty incumbent who only “bolted AI on”. Some of that is fair. AI-native tools do iterate faster, and they do produce impressive demos.
But “AI-native” and “critically dependent on one external model” tend to be the same architecture wearing different adjectives. And dependence, not AI, is the actual risk.
Availability. Fable is the dramatic case, but models get deprecated on ordinary timelines too. Providers retire snapshots on six-to-twelve-month cycles, and any fine-tuning you did dies with the base model. Outages are routine: Claude had a roughly ten-hour outage in April and a string of multi-hour ones since. When your security tool needs a live API call to function, every one of those becomes your outage too.
Concentration. The one buyers miss. You diligently pick five different security vendors for resilience, and four of them quietly sit on the same foundation model. That is not diversification. That is a concentration risk in a trench coat. A flaw, an outage, or a behaviour change in that one model hits every product built on it, at the same time.
Reliability. This one should keep security people up at night. Frontier models are nondeterministic: the same input can produce different outputs, even at temperature zero. For a chatbot, fine. For security validation, where the point is a reproducible result you can stand behind in an audit, “it gave a different answer this time” is disqualifying. And models drift silently. The provider updates the weights under you, with no announcement, and your prior safety testing is now describing a model that no longer exists.
Your data, somebody else’s logs. Feeding logs, code and vulnerability data into an external model is a confidentiality problem dressed as a productivity gain. Ask Samsung, who managed three separate source-code leaks into ChatGPT inside about twenty days and then banned the tool company-wide. Fable, incidentally, shipped with mandatory thirty-day retention and no opt-out, silently rewriting the compliance posture of every product downstream of it.
I could go on. Pricing volatility when your cost of goods is someone else’s token meter. EU AI Act high-risk rules live on August 2. Startups reverse-acqui-hired into oblivion. The list is long, and it all rhymes.
The harness is the product
Here is the part where I am supposed to tell you AI is bad and you should buy something with a command line and a worse UI. I am not going to, because that is also wrong.
The harness is everything between a model’s output and your security decision: orchestration, validation, fallbacks. A fragile product is the model call. A resilient one swaps models, verifies outputs it can reproduce, and keeps working when the model goes dark. It is the part the demo never shows you, and the part still standing when someone flips the switch.
The questions worth asking any vendor with “AI” in the headline:
- Which model are you using, and can you swap it?
- What happens the day that model is unavailable? If the answer is “it stops”, that is a single point of failure, now a geopolitical one.
- Will you tell me when you change model versions, so I can re-run my tests before your behaviour changes under me?
- Does any of my sensitive data leave for a third-party API, and on what terms?
As I write this, Fable is still switched off, and nobody can tell me when, or whether, it comes back. That is rather the point. Build on a foundation you do not control, and you have accepted that your uptime is a decision made in a room you will never be invited to.
Pick tools that treat the model as a component, not a religion.
