> I guess the "exploit" here is that if you just tell Fable to "fix this code", which is not "a request related to cybersecurity", it will fix security issues (as it should).

The original sin is calling any bugs security bugs in the first place.

It's just unintended behavior.

If you say "should this model be able to fix unintended behavior" the answers are not alarming.

If you say "what about when those behaviors interact in unforeseen ways, allowing even crazier unintended behavior, should it be allowed to help you fix that too?"

Again, the answers are going to be clear.

Our tools must support correctness and resilience and help the exact thing humans are bad at: combinatorial explosions of subtle lacks of correctness…

…and just f'ing fix it.