Cybersecurity vets protest ‘dangerous’ US government ban on Anthropic’s most powerful models

A team of dozens of cybersecurity experts, including several well-known industry veterans, published an open letter to the US government asking it to lift the export control order on Anthropic’s Fable and Mythos models.

According to the open letter, “this action has alienated the best models [cybersecurity] defenders’ who now cannot use the models to find vulnerabilities and make their software and products more secure.

“Taking away the best potential from defenders without good reason when our opponents are advancing quickly is dangerous,” the letter read.

On Friday, the US government ordered Anthropic to limit exports of Fable and Mythos, citing national security concerns, without explaining the specific reasons behind the order. according to Anthropic. In response, the company suspended access to the models to all users worldwide.

As of this writing, the letter has been signed by 76 cybersecurity experts, including Alex Stamos, Facebook’s former chief security officer. Casey Ellis, Founder of Bug Bounty Platform Bugcrowd. Jon Callas, renowned cryptographer and former director of security design and architecture at Apple. Paul Vixie, computer scientist; Dino Dai Zovi, former head of security engineering at Block. Kaiti Mousouri, the founder of Luta Security. and Rachel Tobac, the CEO of security awareness training company SocialProof Security.

When Mythos was released in preview in April, Anthropic claimed it was so powerful at finding security vulnerabilities that the company had to severely restrict access to prevent malicious hackers or foreign adversaries from using it to wreak havoc online. In practice, that meant Anthropic gave about 50 companies initial access to Mythos, recently expanding that group to include about 150 organizations in 15 countries.

Last week, Anthropic released Fable, a public version of Mythos that the company said had strict guardrails to prevent its use in the fields of biology, chemistry and cybersecurity, as well as to prevent others from distilling the model to recreate it. The guardrails in Fable were so tight that many cyber experts found that it effectively stopped any prompting about cyber security.

Anthropic said the White House export control order may have been based on a report that there was a method to bypass — or jailbreak — Fable to unlock its powerful Mythos-level capabilities.

According to Kaiti Mousouri, one of the signatories of the open letter, the method was demonstrated by Amazon researchers in a paper that is not public but has been reviewed.

But Mussouris he said in a blog post that the paper didn’t actually prove a real jailbreak. Instead, he wrote, the researchers simply asked Fable to patch open source code with public and known vulnerabilities along with “intentionally installed vulnerabilities,” after the model initially refused to “review the code for security issues.”

“The behavior described in the document cannot be meaningfully remedied, and any attempt would only weaken the defense model,” Moussouris wrote. “Defenders need to be able to ask the AI ​​to patch the bugs in a file, explain why the patch matters, and write tests that confirm the patch works. This isn’t bypassing a guardrail. It’s the most valuable thing an AI model can do for defense security: run the defense loops of find, patch, and test.”

Moussouri’s criticism was echoed in the open letter, which also said the expert team believes the method in the Amazon paper “can be replicated” in OpenAI’s GPT-5.5, publicly available Claude Opus 4.8 and Anthropic’s Sonnet, “even in Chinese models like Kimi 2.7.”

The letter also called for transparent and fairly enforced regulations created by “a democratic rulemaking process” based on scientific research conducted by industry and academic experts and “used only to the minimum extent necessary to ensure the safety of the American public.”