For the better part of a week, the debate over Anthropic’s Fable model has been framed as a dispute between one AI company and the U.S. government. That framing no longer fits. The conversation has expanded into something much larger: A public disagreement between policymakers and many of the most respected voices in cybersecurity over the nature of intelligence itself.

When people like Katie Moussouris and Chris Wysopal raise concerns, it is worth listening carefully. Their careers have not been built on promoting AI or maximizing shareholder value. They have spent decades helping organizations write more secure software, uncover vulnerabilities before attackers do, and improve the overall security of the digital ecosystem. They understand both offensive and defensive security because meaningful defense requires understanding how systems can be attacked.

That experience is reflected in the growing coalition of security professionals arguing that restricting frontier AI models may ultimately weaken defenders more than attackers. Their concern is not that AI should operate without safeguards. It is that the reasoning required to identify and fix vulnerabilities is inseparable from the reasoning required to understand them in the first place.

The disagreement exposes a deeper question than whether one model should or should not be available. It asks whether intelligence itself can be controlled in the same way governments have historically controlled strategic technologies.

For generations, export controls have focused on physical assets. Missiles can be counted. Fighter aircraft can be tracked. Nuclear materials require specialized facilities and tightly controlled supply chains. Even advanced semiconductor manufacturing depends on equipment that is difficult to reproduce and relatively easy to monitor.

Artificial intelligence is different.

At its core, it is software running on increasingly available hardware. Software has always behaved differently from physical technology. Once it exists, it can be copied almost without cost, distributed instantly, independently recreated, improved collaboratively, and adapted in ways its original creators never anticipated.

Trying to permanently contain software has rarely produced lasting success. Encryption export controls eventually gave way to the reality that strong cryptography would become globally available. Open-source software flourished despite repeated predictions that proprietary alternatives would dominate. Digital rights management systems have repeatedly been bypassed. Offensive security tools have been leaked, reimplemented, or independently developed time and again.

Innovation has a habit of finding another route.

The image that keeps coming to mind is someone trying to hold dry sand in a clenched fist. The tighter the grip becomes, the more grains escape between the fingers. Effort is not the problem. The nature of the material is.

The cybersecurity community has spent decades learning an uncomfortable lesson that shapes how many practitioners view the current debate. Attackers do not ask permission. They do not comply with licensing agreements or acceptable use policies. They acquire whatever tools they can obtain and adapt quickly when circumstances change.

Defenders operate under a very different set of constraints. Enterprises, government agencies, security vendors, universities, and incident response teams work within legal, ethical, and regulatory boundaries. If advanced AI capabilities inevitably proliferate through competing frontier labs, open-weight models, or nation-state development programs, then restricting legitimate defenders may create an asymmetry that benefits precisely the actors policymakers hope to constrain.

That concern is not hypothetical speculation from outside observers. It comes from professionals who have spent their careers responding to ransomware attacks, investigating breaches, reverse engineering malware, and protecting critical infrastructure. When so many experienced practitioners converge around the same warning, policymakers should take notice.

None of this means the government’s concerns are unreasonable.

From a national security perspective, frontier AI may indeed represent a strategic capability. If sufficiently advanced models dramatically improve offensive cyber operations, governments have a responsibility to consider how those capabilities should be managed. History offers many examples where controlling sensitive technologies served legitimate national interests.

The challenge is that software does not behave like uranium.

Export controls may slow diffusion. They may raise costs. They may delay adoption for some period of time. Those effects are real and should not be dismissed. The question is whether delay produces a lasting strategic advantage when the underlying capability continues to advance elsewhere.

Software has always been remarkably good at routing around obstacles. Capital migrates. Researchers relocate. Open-source communities accelerate. Competing jurisdictions see opportunity where others see restriction. Markets adapt because demand creates incentives for alternatives.

The current controversy may ultimately have less impact on Anthropic than on the broader strategic thinking of governments and enterprises around the world.

One of the recurring themes in discussions about sovereign AI has been resilience. Until recently, that concept was often framed in terms of economic competitiveness or industrial policy. The events surrounding Fable suggest another dimension entirely.

Access to frontier intelligence can become a geopolitical decision.

Whether one agrees with the policy or not is almost secondary. Every government, financial institution, healthcare provider, and critical infrastructure operator watching this unfold has been reminded that dependence on a single external source of intelligence introduces strategic risk.

The logical response will not necessarily be to build national frontier models from scratch. It may instead be investment in multiple providers, model portability, open-weight alternatives, domestic expertise, and architectures that allow organizations to switch intelligence providers without rebuilding their applications.

In that sense, sovereign AI is becoming less about independence and more about resilience.

The larger lesson from the Fable affair may be that policymakers are attempting to apply twentieth-century export control thinking to a twenty-first-century technology whose defining characteristic is its ability to spread through software rather than physical infrastructure.

The cybersecurity community is not arguing that dangerous AI does not exist. It argues that dangerous AI is unlikely to remain exclusive for very long. If that assumption proves correct, then weakening defenders while hoping to constrain attackers becomes a strategy worthy of careful scrutiny.

For decades, cybersecurity evolved from believing every attack could be prevented to accepting that resilience is often more achievable than perfect containment. Organizations assume compromise, invest in detection, accelerate response, and build systems that recover quickly because experience has shown that prevention alone is insufficient.

Artificial intelligence may demand a similar shift in thinking.

The defining challenge of the AI era may not be learning how to contain intelligence. It may be learning how to build societies resilient enough to thrive in a world where intelligence, like software before it, ultimately finds its own way through even the tightest grasp.

Recent Articles By Author

• Closing the Gap Between AI-Scale Attacks and Enterprise Remediation
• When AI Agents Inherit Your Identity Dark Matter
• What If Students Graduated With Experience?

More from Alan Shimel