Every Monday, Leor from Exploring ChatGPT and I go through the week’s AI news without the hype. Catch the episode live on Substack, on YouTube, or as a podcast wherever you get yours, so you can pick the format you enjoy. Use this for the facts, the links and a little extra context. Anthropic released Fable 5 free for twelve days, then the US government pulled it offline On 9 June Anthropic released Claude Fable 5, its most capable public model, free on Pro and Max plans, alongside a gated sibling called Mythos 5. Three days later it was gone. Citing national security, US Commerce Secretary Howard Lutnick signed an export-control directive ordering that both models be denied to any foreign national, inside or outside the United States, including Anthropic’s own overseas staff. Rather than filter by nationality, Anthropic took both offline for everyone. The stated trigger was a narrow jailbreak that let Fable 5 read source code and hunt for vulnerabilities. And it was the second time in a week the model’s fate was decided over users’ heads: days earlier, researchers found a line in its 319-page system card showing Anthropic had quietly weakened Fable 5 for some users without telling them, a choice it walked back after an outcry. Anthropic is complying while disagreeing, with no timeline to restore access. Opus, Sonnet and Haiku stay up. This is the week’s thread in its purest form: who gets to ask, and who decides. First Anthropic quietly chose to weaken its own model for some users without telling them. Then the government decided, in a single afternoon, that everyone on Pro and Max could not use a model they were already building on, over one potential jailbreak. The free-for-twelve-days launch became a three-day launch. Notice how little say any user had in either decision, and how fast a tool you lean on can be switched off above your head. Treat a free frontier model as borrowed, and build nothing you could not do without. On the live, the contradiction did the work. Anthropic’s launch article said Fable 5 beat GPT-5.5 on every benchmark. Its suspension article, days later, explained the danger away: “We have reviewed a report that we believe is the basis of the government's directive and validated that the level of capability displayed there is widely available from other models (including OpenAI’s GPT-5.5), and is used every day by the defenders who keep systems safe.” Both cannot be true. Either Fable was the leap they sold, or it was ordinary enough that the same jailbreak still runs on a rival left online. The government’s side carries the same doublethink: the Trump administration killed an AI safety-review structure a few hours before it was signed, then reached for that exact playbook to pull one company’s model. Reportedly it was Amazon, an Anthropic investor, that flagged the jailbreak in the first place. Read the two Anthropic articles back to back and decide which one you believe. Police in England and Wales told to stop using AI in court statements Police forces in England and Wales have been told to halt the use of AI in preparing court statements until proper safeguards are in place, after inaccurate outputs began contaminating legal proceedings. Alex Murray, head of the new Police.AI centre, said anything used in the justice system must reach a standard of accuracy that is ‘beyond reasonable doubt’. In one case West Midlands Police used Microsoft Copilot output that invented a past incident involving Maccabi Tel Aviv, in a dossier supporting a football banning order. The police watchdog says AI-drafted submissions are behind a 24% rise in complaint reviews, some citing laws that do not exist. AI was switched on inside the justice system before anyone confirmed it could tell a real law from an invented one. The harm is concrete: fabricated detail feeding decisions that can take away someone’s liberty. ‘Beyond reasonable doubt’ is exactly the bar a system that guesses cannot clear, and the job of catching its mistakes lands on the people least able to. Good that someone stepped in. The worry is how far it had already spread. The rule was already there. On the live, Leor’s read was that this needed no new policy, only the one that exists to be followed: machine output checked by a human before it goes anywhere near a legal review. An unnamed Derbyshire officer is now under criminal investigation for allegedly fabricating evidence this way. The knock-on is its own problem. Once everyone knows AI can invent a witness statement, a guilty party can wave a genuine one away as a fake. A Florida man was wrongly arrested on a face-match 300 miles away Robert Dillon, 52, from Fort Myers, was arrested at home and prosecuted for trying to lure a child at a McDonald’s in Jacksonville Beach, more than 300 miles away, a town he says he had never visited. A facial recognition system run by the Pinellas County Sheriff returned a 93% match. According to the lawsuit, officers built a case to confirm it and left out evidence that cleared him, including licence-plate data showing his car was never near the scene. The charges were dropped, his record wiped, and the ACLU is now suing. He is at least the 15th person in the US arrested on a false facial-recognition match. The machine made a guess, and the guess outweighed the licence-plate record that put his car nowhere near the scene. When facial recognition is wrong it matches you to someone who simply looks like you, which then corrupts the witness line-up built around that face. The real danger is downstream: a confident match makes everyone stop checking. In Dillon’s words, the police relied on the technology instead of doing their jobs. It was a 93% match, not a certainty, and they arrested him anyway. On the live we kept landing on how ordinary the failure is: I have a generic face and get mistaken for people constantly, and a confident match makes everyone downstream stop checking. Dillon was not even the worst of the 15 known US cases. A North Carolina man spent three months in jail and lost his job, his home and custody of his children before his charges were dropped. I have stopped saying the machine ‘hallucinated’. It fabricated, and a real person paid for it. A US university wired its dorms with more than 1,300 AI cameras San Diego State University has quietly finished installing more than 1,300 AI-enabled cameras across campus, over 330 of them in student housing. The Avigilon cameras can do facial recognition, licence-plate reading, object detection and behaviour analysis, though the university says several features are not currently switched on. The housing agreements students sign make no mention of the full system. The student paper mapped where they are, including dozens inside first-year residences. Students were enrolled in a surveillance system they were never asked about, in the place they sleep. ‘Not switched on yet’ is not a safeguard when the hardware is in and the capability sits one policy decision away. Consent buried in a housing contract does not count as asking. The unanswered question is who decides what these cameras are allowed to do, and what happens the day that decision changes. On the live the legal hole was the sharpest part. California’s constitution requires a state body to give clear notice and a real choice before it collects sensitive data, and the housing agreement students sign discloses none of this. ‘The AI features are off’ lasts exactly until someone turns them on without telling anyone. The deeper point is where the money went. If a campus is serious about student safety, the first move is to ask students where the harm actually happens, which is far more often a trusted adult than a stranger in a corridor, and that costs a conversation, not 1,300 cameras. Hackers took over 20,000 Instagram accounts by asking Meta’s AI Between 17 April and 31 May, hackers reset the passwords on more than twenty thousand Instagram accounts by talking to Meta’s own AI support assistant. The method was almost embarrassingly simple: spoof the account holder’s location with a VPN, ask the bot to add a new email, let it send a verification code to that email, read the code back, and take the reset-password button it offers. The hijacked accounts included the dormant Obama-era White House handle and a US Space Force chief master sergeant. Meta found the flaw on 31 May and disabled the tool, after the exploit had circulated in hacker forums for weeks. Security analysts call it a ‘confused deputy’ problem: the AI held the keys but could not check who was asking. This is the whole week in one story. Meta gave an AI the power to change the locks on your account without the basic step of checking who was on the other end. All week AI was handed the keys, to evidence, to identity, to twenty thousand accounts, and nobody built the lock. We keep deploying systems with real power and no way to answer the oldest security question there is. Before you let an AI act on your behalf, ask who it will say yes to. The fix was as telling as the breach. On the live, Leor walked through how simple the attack was: a VPN to spoof the location, a request to add an email, a verification code read back to the bot, and the reset-password button handed straight over. Meta’s repair was to hide that button in the app while leaving the underlying interface live, which stops an ordinary user and nothing else. One line from the chat caught the whole episode. Fable 5 flagged a researcher’s cybersecurity reading as a ‘concerning conversation’, while Meta’s AI happily processed twenty thousand password changes in a couple of hours. Two-factor authentication is the least you can do here, and it should be the default you cannot switch off. Five stories, one thread. A model launched free then pulled worldwide on a government order three days in, AI thrown out of court for inventing evidence, a face-ma
