Hi everyone,

This week on Shared Security, we’re looking at what happens when frontier AI access becomes a national-security and export-control issue. The U.S. government reportedly ordered Anthropic to disable access to two of its newest models, Fable 5 and Mythos 5, citing concerns about a possible jailbreak. Anthropic complied, but pushed back on the reasoning, saying the reported issue was narrow and that similar capabilities already exist in other advanced models.

The bigger question is not just whether one model is risky. It is who gets to decide when security teams, developers, and businesses can access AI tools they are starting to rely on.

Kevin and Scott connected this to older fights over encryption export controls, hacker tools, and government attempts to make technical risk disappear by banning access. We reference a post from Katie Moussouris who also raised an important point: if the alleged “dangerous” behavior is helping find, fix, and test vulnerable code, then broad restrictions may punish exactly the kind of defensive work security teams need to do. We also talk about the business-continuity side of this.

If you rely on a hosted AI tool for secure coding, vulnerability research, documentation, support, or internal workflows, what happens if that tool disappears overnight because of a government order, vendor decision, or geopolitical restriction? The practical takeaway: treat AI dependency like any other mission-critical vendor risk. Have alternatives, export your data, know what workflows depend on the tool, and build a ripcord plan before you need one.

Quote from this week’s episode

I think what it really does is it actually makes the cost of defense more than the cost of the attack.
— Scott Wright

Tom’s take

My take: this story is less about whether one AI model is dangerous and more about who controls access to tools defenders increasingly rely on. If the behavior being restricted is finding, fixing, and testing vulnerable code, we should be very careful about rules that make defense harder while attackers simply move to another model or provider. AI access is becoming a business-continuity issue, not just a model-safety debate.

Also worth your attention this week

  • AutoJack and Agentjacking make AI agents the new attack surface — Microsoft’s AutoJack research and Tenet’s Agentjacking work show how web-enabled and coding agents can be tricked into executing attacker-controlled actions through pages, error logs, or trusted dev-tool workflows. This is a strong follow-up topic because it turns the episode’s AI-governance question into a practical security problem: once an agent can browse, debug, or run tools, the agent itself needs threat modeling. Source: https://thehackernews.com/2026/06/agentjacking-attack-tricks-ai-coding.html

  • FCC proposal could undermine burner phones through telecom ID checks — The FCC’s anti-robocall KYC proposal could push carriers toward collecting stronger identity documents before service. That may fight scams, but it also threatens anonymous or low-identity phone access for abuse survivors, journalists, whistleblowers, activists, and anyone separating risky online accounts from their real identity. Source: https://www.404media.co/fcc-wants-to-kill-burner-phones-by-forcing-telecoms-to-get-all-customers-ids/

  • Meta removed smart-glasses face-recognition code after reporting and backlash — WIRED found face-recognition code in Meta’s smart-glasses companion app, and Meta removed it after scrutiny. It’s a clean privacy/surveillance discussion: wearable cameras, bystander consent, biometric identification in public spaces, and whether unreleased app code should count as product intent. Source: https://www.wired.com/story/meta-removes-face-recognition-code-meta-ai-app-smart-glasses/

Listen / Watch

▶️ YouTube Version: https://youtu.be/Y62TlfnVtRg

We’d love your feedback

Are you using AI tools for secure coding, vulnerability research, development, support, or business workflows? Reply to this email or leave a comment on YouTube and tell us what your backup plan would be if one of those tools disappeared overnight.

Thank you to our sponsors!

Special thanks to Guardsquare for sponsoring this episode! Guardsquare is the leader in mobile application security, with multi-layered protection for your Android and iOS apps. Learn more at Guardsquare.com.

🎁 Get 10% off your order of high quality faraday products built to protect your privacy from SLNT! Visit: https://slnt.com and use discount code "sharedsecurity" at checkout.

Closing

If this episode was useful, please support Shared Security by subscribing on YouTube, becoming a YouTube channel member, following the show on your preferred podcast app, leaving a rating or review, and sharing the episode with someone who is building AI into security or software workflows.

Stay safe, stay secure, and stay private.

Tom Eston
Founder and Host, Shared Security Podcast

Keep Reading