Cyber ​​security vets protest ‘dangerous’ US government ban on Anthropic’s most powerful models

A group of dozens of cybersecurity experts, including several well-known industry veterans, published an open letter to the US government asking it to lift the export control order on Anthropic’s Fable and Mythos models.

According to the open letter, “this action has taken the best models away from [cybersecurity] defenders”, who cannot now use the models to find vulnerabilities and make their software and products more secure.

“Taking the best capabilities away from defenders for no good reason when our adversaries are advancing rapidly is dangerous,” the letter read.

On Friday, the US government ordered Anthropic to restrict exports of Fable and Mythos, citing national security concerns, without explaining the specific reasons behind the order, according to Anthropic. In response, the company suspended access to the models for all users worldwide.

As of this writing, the letter has been signed by 76 cybersecurity experts, including Alex Stamos, former head of security at Facebook; Casey Ellis, founder of bug bounty platform Bugcrowd; Jon Callas, famed cryptographer and former Apple security design and architecture manager; Paul Vixie, computer scientist; Dino Dai Zovi, the former head of applied security engineering at Block; Katie Moussouris, founder of Luta Security; and Rachel Tobac, CEO of security awareness training company SocialProof Security.

When Mythos launched as a preview in April, Anthropic claimed it was so effective at finding security vulnerabilities that the company had to severely restrict access to prevent malicious hackers or foreign adversaries from using it to wreak havoc on the Internet. In practice, this meant that Anthropic gave about 50 companies initial access to Mythos, and recently expanded that group to include about 150 organizations in 15 countries.

Last week, Anthropic released Fable, a public version of the Mythos that the company said had strict firewalls to block its use in biology, chemistry and cybersecurity, as well as to prevent others from distilling the model to recreate it. The firewalls on Fable were so strict that many cybersecurity experts found that it essentially stopped all prompts related to cybersecurity.

Anthropic said the White House’s export control order may have been based on a report that there was a method to bypass — or jailbreak — Fable to unlock its powerful Mythos level.

According to Katie Moussouris, one of the signatories of the open letter, the method was demonstrated by Amazon researchers in a paper that is not public but which she has reviewed.

But Moussouris said in a blog post that the paper did not actually demonstrate a real jailbreak. Instead, she wrote, the researchers simply asked Fable to patch open source code with public and known vulnerabilities, along with “deliberately planted vulnerabilities,” after the model initially refused to “review the code for security issues.”

“The behavior described in the paper cannot be meaningfully corrected, and any attempt would only weaken the model of defense,” Moussouris wrote. “Defenders need to be able to ask the AI ​​to fix the bugs in a file, explain why the fix matters, and write tests that confirm the patch works. It’s not a guardrail bypass. That’s the most valuable thing an AI model can do for defensive security: execute the find, fix, and test loops defenders run every day.”

Moussouris’ criticism was echoed in the open letter, which also said the group of experts believes the method in the Amazon paper “can be replicated” on OpenAI’s GPT-5.5, on Anthropic’s own publicly available Claude Opus 4.8 and Sonnet, “and even Chinese models like Kimi 2.7.”

The letter also called for transparent and fairly enforced rules created by “a democratic rulemaking process” that are based on scientific research conducted by industry and academic experts, and “used only to the minimum extent necessary to ensure the safety of the American public.”