Cybersecurity experts protest US government’s ‘dangerous’ ban on more powerful Anthropic models

A group of cybersecurity experts, including several well-known industry veterans, has published an open letter to the US government asking it to lift the export control order on Anthropic’s Fable and Mythos models.

According to the open letter, “this act has removed the best models [cybersecurity] defenders” who can now use models to detect vulnerabilities and make their software and products more secure.

“Pulling the best talent away from the defenders without good reason when our opponents are improving so quickly is dangerous,” the letter reads.

On Friday, the US government ordered Anthropic to limit the export of Fable and Mythos, citing national security concerns, without explaining the specific reasons for the order, according to Anthropic. In response, the company has suspended access to the models for all users worldwide.

As of this writing, the letter has been signed by 76 cybersecurity experts, including Alex Stamos, former Facebook security chief; Casey Ellis, founder of bug bounty platform Bugcrowd; Jon Callas, renowned cryptographer and Apple’s security and architecture manager; Paul Vixie, computer scientist; Dino Dai Zovi, former head of security engineering at Block; Katie Moussuris, founder of Luta Security; and Rachel Tobac, CEO of security awareness training company SocialProof Security.

When Mythos was launched as a preview in April, Anthropic said it was so powerful at detecting security vulnerabilities that the company needed to strictly limit access to prevent malicious hackers or foreign adversaries from using it to wreak havoc online. In practice, that meant Anthropic gave about 50 companies initial access to Mythos, recently expanding that group to include about 150 organizations in 15 countries.

Last week, Anthropic released Fable, a public version of Mythos that the company says has strict guidelines to prevent its use in the fields of biology, chemistry, and cybersecurity, and to stop others from releasing the model to recreate it. The security lines in Fable were so strong that many cybersecurity experts found that they stopped any warnings related to cyber security.

Anthropic said the White House’s export control order may have been based on a report that there was a way to bypass — or jailbreak — the Fable to unlock its Mythos-level powers.

According to Katie Moussouris, one of the signatories of the open letter, this method was demonstrated by Amazon researchers in a paper that is not public but reviewed.

But Moussouris said in a blog post that the paper did not show an actual prison break. Instead, he wrote, the researchers simply asked Fable to modify the open source code for public and known vulnerabilities and “intentionally planted vulnerabilities,” after the model initially refused to “update the code for security issues.”

“The behavior described in the paper cannot be rationally corrected, and any attempt would undermine the defensive model,” Moussouris wrote. “Defenders need to be able to ask the AI ​​to fix bugs in a file, explain why the fix is ​​important, and write tests that verify the patch works. That’s not a way to bypass Guardrail. It’s the most important thing an AI model can do for defense: to make the detection, fix, and test loop defenders run every day.”

Moussouris’ criticism was echoed in the open letter, which also said the expert group believed the method in the Amazon paper “can be replicated” in OpenAI’s GPT-5.5, in Anthropic’s publicly available Claude Opus 4.8 and Sonnet, “and even Chinese models like Kimi 2.7.”

The letter also called for transparent and fair enforcement of laws made through a “democratic rulemaking process” based on scientific research conducted by industry and academic experts, and “applied only to the minimum extent necessary to ensure the safety of the American public.”