US Pulls Anthropic Fable 5 as DeFi Hack Risk Rises

Anthropic Fable 5 Access Was Cut

The official statement said the directive applied to foreign nationals inside or outside the United States, including foreign national Anthropic employees. Anthropic said it received the directive at 5:21 p.m. Eastern time on June 12 and that the letter did not provide specific details of the national-security concern.

Anthropic said its understanding was that the government had become aware of a possible way to bypass Fable 5. The company disputed the severity of the evidence it said it had reviewed, describing the issue as narrow and saying the demonstrated vulnerabilities appeared simple and not unique to the model.

The broader launch context is important. Fable 5 was presented as a Mythos-class model made safe for broader use, with stronger performance in software engineering and long-running knowledge work. Mythos 5 was reserved for Project Glasswing and trusted cyber access, where Anthropic said cyber safeguards were lifted in some areas.

That split maps closely to crypto’s own problem. The same automation that can help a protocol review proxy contracts, monitor admin calls and patch libraries can also help an attacker triage vulnerable bytecode or build better phishing lures.

Daily Crypto Briefs has covered the constructive side through AI agents taking more on-chain work. The Anthropic suspension shows the other side of the same shift: when AI systems become useful enough for real cyberdefense, governments start treating access as a security boundary.

AI Exploit Tools Hit DeFi Weak Spots

Chainalysis’ June 9 analysis connected AI-assisted tooling directly to smart-contract risk. The firm said unverified contracts are becoming a preferred target because attackers can decompile bytecode, feed the result into automated vulnerability workflows and scan for exploitable patterns at scale.

The figures were concrete. Chainalysis identified $36.7 million stolen from unverified protocol-owned contracts across recent incidents, including Truebit, Trusted Volumes, Aperture Finance and Ekubo. It also said the broader DeFi theft environment was much larger, with more than $1 billion stolen from 88 protocols.

That is where the Fable 5 story becomes crypto-relevant even without a disclosed crypto-specific incident. A frontier coding model does not need to invent a new bug class to matter. It only needs to lower the cost of finding old bug classes faster than teams can retire or monitor risky deployments.

Recent crypto incidents already point in that direction. Daily Crypto Briefs covered Raydium’s legacy AMM drain, where deprecated Solana pools were still holding value years after the active product had moved on. We also tracked Humanity Protocol’s H token exploit, a key-management failure that turned bridge admin controls into a market event.

Neither case depends on a new superhuman attack method. Both show that attackers can win by finding stale code, weak operational controls or hidden assumptions before defenders do.

Crypto Security Teams Face An AI Gap

The highest-value crypto attacks are still a mix of code, access and social engineering. TRM Labs said North Korea-linked groups stole about $577 million from Drift Protocol and KelpDAO in 2026, accounting for 76% of tracked crypto hack losses through April.

Drift is the more direct warning for AI-era security. Chainalysis said attackers used months of relationship-building and Solana durable nonces to get valid admin signatures, then drained about $285 million after whitelisting a fake collateral asset.

That kind of attack is not only about reading Solidity. It blends social targeting, transaction intent, signer behavior, oracle assumptions and emergency response. Advanced AI can help defenders simulate those paths, but it can also help adversaries research organizations, write convincing outreach and test exploit chains.

The broader market is already weak, which leaves less room for security ambiguity.

Extreme fear can turn any technical issue into a liquidity event faster than teams expect. In that environment, stronger cyber models are not just developer tools. They are part of market structure because they change how quickly vulnerabilities can be found, verified, reported or exploited.

For protocols, the next practical steps are narrower than the AI policy fight. Verify source code for every contract that can touch user funds, include legacy deployments in bounty scope, separate signer keys by person and device, simulate admin transactions before execution, and monitor for abnormal calls in real time.

The open question is whether access to frontier cyber models will be broad enough for defenders without giving attackers the same lift. Until that balance is clearer, the safest assumption for DeFi teams is that automated exploit hunting is getting cheaper and that yesterday’s forgotten contract can become tomorrow’s headline.