Cybersecurity vet protests US government’s ‘dangerous’ ban on Anthropic’s most powerful models

A group of dozens of cybersecurity experts, including several well-known industry veterans, published an open letter asking the U.S. government to lift export control orders on Anthropic’s Fable and Mythos models.

According to the open letter, “This action removes the best model from (cybersecurity) defenders.” They can no longer use models to find vulnerabilities and make software and products more secure.

“When the enemy is advancing rapidly, it is dangerous to deprive the defenders of their best capabilities without good reason,” reads the letter.

On Friday, the U.S. government ordered Anthropic to restrict exports of Fable and Mythos, citing national security concerns, without explaining the specific reasons for the order, according to Anthropic. In response, the company suspended access to the model for all users worldwide.

As of this writing, the letter has been signed by 76 cybersecurity experts, including former Facebook security chief Alex Stamos. Casey Ellis, founder of bug bounty platform Bugcrowd; Jon Callas, renowned cryptographer and former Apple security design and architecture manager; Paul Bigsey (computer scientist); Dino Dai Zovi, former head of applied security engineering at Block; Katie Moussouris, founder of Luta Security; I’m Rachel Tobac, CEO of SocialProof Security, a security awareness training company.

When Mythos was released in preview in April, Anthropic argued that it was so powerful at finding security vulnerabilities that access should be severely restricted to prevent malicious hackers or foreign attackers from using it to wreak havoc on the Internet. In practice, this means Anthropic has given early access to Mythos to about 50 companies, and recently expanded that group to include about 150 organizations in 15 countries.

Last week, Anthropic released Fable, the public version of Mythos. Fable says it has strict guardrails in place to block use in biology, chemistry and cybersecurity, and to prevent others from distilling the model to recreate it. Fable’s guardrails are so strict that many cybersecurity experts have found that this has basically stopped all prompts related to cybersecurity.

Anthropic said the White House’s export control order may be based on reports that there are ways to bypass or jailbreak Fable to unlock powerful Mythos-level features.

According to Katie Moussouris, one of the open letter’s signatories, the method was demonstrated by Amazon researchers in a paper she reviewed, though it was not made public.

However, Moussouris said in a blog post that the paper did not actually show an actual prison break. Instead, the researchers wrote, Model initially refused to “review the code for security issues” and then asked Fable to fix open source code with public and known vulnerabilities, along with “intentionally planted vulnerabilities.”

“The behavior described in the paper cannot be meaningfully corrected, and any attempt will only weaken the defense model,” Moussouris wrote. “Defenders should be able to ask AI to fix a bug in a file, explain why the fix is ​​important, and write a test to verify that the patch works. This is not guardrail bypassing. The most valuable thing an AI model can do for defensive security is to run the find, fix, and test loop that defenders run every day.”

Moussouris’ criticism was echoed in an open letter, in which a group of experts said they believed the methods in the Amazon paper could be replicated in OpenAI’s GPT-5.5, Anthropic’s publicly available Claude Opus 4.8 and Sonnet, and “even Chinese models such as Kimi 2.7.”

The letter also called for regulations to be implemented transparently and fairly through a “democratic rulemaking process” that is based on scientific research conducted by industry and academic experts and “used only to the minimum extent necessary to ensure the safety of the American people.”