Back to Blog

Cantina CEO Hari Mulackal on the Fable Pull: The Only Clock You Control Is How Fast You Fix

Cantina CEO Hari Mulackal on the Fable Pull: The Only Clock You Control Is How Fast You Fix

The US government pulled the world's most capable AI model 72 hours after it launched. We asked Cantina CEO Hari Mulackal what it actually means for anyone shipping software.

For 3 days, Claude’s Fable was a hot topic worldwide. Then, on June 12, an export-control directive citing national security forced Anthropic to disable Fable 5 and Mythos 5 for all customers. The trigger was a reported jailbreak that revealed a handful of already known minor flaws. The quiet, uncomfortable part is in Anthropic's own response. Other publicly available models find those same flaws without any bypass at all.

We asked Cantina CEO and co-founder Hari Mulackal for his read: the pull doesn’t change the underlying reality, the bigger picture:

Cybersecurity is becoming a very important topic in model launches. Every model that is getting released now, if you look at the details, cybersecurity is a key component. Models are getting good at finding bugs. They are getting good at autonomously performing exploits end to end. And it fundamentally changes the unit economics of exploits. The cost and time of exploits is going down very fast, in some cases close to zero marginal cost. So the zero-day clock is getting shorter.

The capability the order tried to contain is already ordinary. You can ban a model, but you cannot ban the fact that finding bugs is now accessible, and getting cheaper.

Access was never the real lever

Every move in this story has been about who gets the model, with the safety on or off.

The dangerous mistake is thinking this is mainly a model-access problem. It is really a fix-speed problem.

A refusal is a guardrail firing in one interaction, and guardrails cut both ways. Cybersecurity, as Hari says, is two sides of the same coin: "If the model is bad at identifying issues, it is also going to be worse at writing safe code in the first place." You cannot strip adversarial reasoning from a model and still expect it to help you build something secure. Anthropic, to its credit, has been honest that perfect jailbreak resistance is not possible for anyone, and the team is in a hard spot.

The exposure in your codebase does not care whether the safety is on, off, or pulled by a government over a weekend.

We are going to show you how ordinary this has become

In the coming weeks, we will publish a measured look at what a frontier-model jump actually does to vulnerability discovery. We are taking the same code, running it through our system on a prior-generation model and the newest tier, and publishing the curves for how much cheaper finding real bugs is becoming.

What to do

Our CEO’s advice: "If you have legacy code with real customer data, sensitive information, or money that a hacker can take, you need to start defending it now. These threats are going to go up a lot."

Annual pentests and one-off audits might not survive this new era. "Software security needs to be continuous, the same way software is continuous. You need to build security processes today with the expectation that autonomous attackers exist."

Start with your fix loop. Shorten your security SLAs, identify which systems pose real risk, and ensure your team can validate and ship a fix quickly.

The same capability that makes attacks cheaper makes secure software cheaper to build. The teams that win are the ones who point that capability at their own code first and continuously, and prove the fix is closed before anyone else finds the hole.

Our Mission

That is what we built Cantina to do. Find the issues, prioritize what matters, remediate correctly, and close the security loop, so your defense does not rise and fall with which model happens to be available this week.

You cannot recall a vulnerability, but you can be the one who finds it first.

Get in touch to find a model that best suits your needs.