Marco Combetto

AI & Digital Transformation — Public Sector — Data Science

The Fable 5 Export Controls Harm US Cyber Defense

We are making a massive mistake by conflating “fixing a bug” with “crafting an exploit.”

I keep seeing this pattern where policy makers overreact to the dual-use nature of AI, and it’s starting to have real consequences for actual security work. The latest example is absurd: export controls are being used to restrict models because they can identify vulnerabilities in code—the exact task that makes them useful for defenders.

In my view, if a model can’t help a developer find and patch a CVE, it’s not “safe,” it’s just broken. When we neuter these tools to prevent bad actors from finding holes, we simultaneously strip away the best weapon our own engineers have to close them. We are effectively trying to build a fortress by making our own keys stop working.

I worry that these heavy-handed restrictions will create a “security debt” where only those with high-end, uninhibited access can defend their systems, leaving everyone else exposed. We need to move past the fear of dual-use and start defining specific functional boundaries instead of blunt bans on core capabilities.

How do we balance the risk of an AI helping an attacker without crippling the ability of a defender to stay ahead?

#CyberSecurity #ArtificialIntelligence #TechPolicy #InfoSec #AIStrategy

http://example.com](https://simonwillison.net/2026/Jun/16/fable-5-export-controls/#atom-everything

🔗 Read the original article