A tale of chaos magic, dragons, donkeys, and AI Security.
Gather round, for a bedtime story about the week a frontier AI lab built a dragon in donkey’s clothing, and what it teaches us about cybersecurity, and governing AI. As a parent I have gotten rather good at telling random bedtime stories, but decided to make one about AI security.
Once Upon A Time (last week)…Anthropic gave users access to Claude Fable 5. There was a great empire full of kingdoms fighting over who had the most powerful AI chaos magic so they could conquer each other. One of the kings, Dario Amodei was the king of Anthropic’s growing fiefdom. He summoned his best wizards to make a creature of pure chaos magic that could find cracks in any ivory tower, better than all the other kings’ magic. The creature was called Mythos. Mythos, the powerful chaos magic treasure dragon, who he gave to the king’s defenders, because it was unnervingly good at finding software vulnerabilities.
Meanwhile, all the kings in the land sell donkeys to their peasants to help them do their peasantry work faster, so Anthropic’s king put Mythos the Dragon up in a donkey suit, put him in chains so he could not breath fire, and named him Fable. Fable The Donkey, came wrapped in safety features do that peasants could not get to the Mythos’s dangerous magic: hacking, bioweapons, or taking down the power grid. King Dario announced: “Behold Peasants, we now have the fastest donkey for you to do your bidding!”
Then A Cyber Wizard Came Along and Unchained The Donkey
But there was a problem with Fable the Donkey. Within two days a rogue wizard hacker named Pliny emerged from the dark forest and cast a spell to turn Fable back into Mythos. To turn the donkey back into a dragon, Pliny had to coax a closed Fable into misbehaving from the outside, one prompt at a time. Cyber Wizards who work with AI even have a name for this type of magic spell…it’s called abliteration.
Abliteration strips out an AI model’s ability to refuse orders. It locates the internal signal a model gives off right before it declines a request, then suppresses that signal so the refusals mostly stop. A model that comes out the other side will answer almost anything, including things it used to turn down.
Anyway back to the story, all the rival kings saw the Mythos the Dragon was unleashed from his donkey disguise! Immediately the rival kings seized their opportunity to take down Mythos and King Amodei. They ran to the Emperor to make Anthropic’s fiefdom stop selling these new donkeys to the peasants. The Emperor roared a terrible blustery roar, and gave Anthropic’s King Dario ninety minutes to take it down saying it’s a national-security threat to the American Empire. The Emperor cited a Commerce order banning every foreign national forced both models off for everyone. This was definitely a first for the Empire, reporting said that was the first time a US lab pulled a live model because Washington told it to.
Translating back to healthcare
Forget chaos magic and donkeys for a second, because the thing I focus on most is when these dangers impact patient safety as AI models get adopted in healthcare. How does the overall picture translate back to where we might see patients get harmed?
Vulnerability-hunting AI is exactly what hospital defenders both want and fear, which is why it matters that Project Glasswing handed early access to Amazon, Apple, Google, and Microsoft to fix their own products and skipped health care entirely. Health care’s own watchdogs are sprinting to keep up, and the Health Sector Coordinating Council just published an AI cybersecurity governance guide aimed straight at data poisoning, adversarial attacks, and agentic systems that act on their own. That work is careful and serious, which is the trouble, because in this rapidly changing landscape Anthropic does not uniquely have capabilities to hack stuff more than other agents. They just got shut down first.
A January 2026 review counted more than 1,200 AI tools cleared for medical use, with a proven patient outcome for under one in a hundred and no published bias check for ninety-one in a hundred, while a separate editorial this spring found two of three doctors already using AI daily with almost no say over which tools they get. This last week shows how hard it is to keep up with this AI arms race. Thousands of hours of red-teaming plus a government sign-off bought roughly one long weekend, and within hours of the ban developers had rebuilt its full power while Amazon immediately lobbied for Fable’s takedown. Meanwhile humanity flails towards more powerful and dangerous dragons like Mythos before a community hospital finishes compatibility testing, and somewhere in that gap sits the whole problem.
The Moral of The Story…Maybe?
Anyway back to our fable of Mythos the Dragon disguised as a Fable The Donkey. The rich irony was that all the kings are developing dragons just like Mythos, and so is the Emperor….all to build weapons. A fable, says the dictionary, is a short fictional story told to teach a moral, and I’m still trying to figure out what to make of this sordid tale. What’s that lesson in this bewildering tale of AI Governance, hacking, and the arms race to build chaos magic?
First, Mythos is not uniquely dangerous when other models, including open-weight ones can already hack stuff. Second, those defenders need the strongest version of it to find and fix bugs in their own fresh code and in decades of crumbling legacy systems before attackers reach them. Third, taking the most capable tools away from your own defenders in a panic is bad, with no real risk to justify it when other kings have the same dragons. At least this is the position of many Cyber Gandalfs say, who just wrote this open letter on transparent AI Cyber Protections.
And really I have no idea if that’s the right moral of the fable…I guess time will tell as we all try to keep up. But it’s been a wild week in AI Security. We’re all using AI and it’s messy, complicated chaotic landscape where we’re all just struggling to keep up while the kings sell us donkeys to us to do their bidding.
Sources
- Claude Fable 5 and Claude Mythos 5 and the statement on the government directive, Anthropic (two-model design, Project Glasswing, foreign-national suspension, thousands of hours of red-teaming)
- How Amazon and the White House ended Anthropic’s Fable, Axios, and related coverage (report to officials, ninety-minute takedown, capability rebuilt on Opus 4.8); NBC News on the first government-forced pull; SecurityWeek on Anthropic’s dispute
- Health care is not ready for the new era of AI-enabled cyberattacks, STAT First Opinion, April 2026 (Glasswing skipping the health sector, the collapsing exploit timeline, hospitals unable to patch, Change Healthcare and patient casualties)
- Health Industry AI Cybersecurity Governance Guide, Health Sector Coordinating Council, June 2026 (data poisoning, adversarial attacks, agentic AI risks)
- Health Systems Govern Only the Tip of the AI Iceberg, NEJM AI, March 2026, and the 2025 Physicians AI Report it cites
- Fable, Merriam-Webster (a short fictional story meant to teach a lesson; also, a story not true)
- ARISE State of Clinical AI Report 2026, ARISE Network, January 2026 (1,200+ cleared tools, under 1% reporting patient outcomes, 91% lacking a bias assessment). No public link.