A group of dozens of cybersecurity experts, including several prominent industry veterans, has published an open letter to the United States government urging it to reverse an export control order placed on Anthropic’s Fable and Mythos models.
The letter argues that the restriction has effectively “taken the best models away from [cybersecurity] defenders,” limiting their ability to identify vulnerabilities and strengthen the security of software and digital products.
“To pull the best capabilities away from defenders without a good reason when our adversaries are rapidly advancing is dangerous,” read the letter.
On Friday, the U.S. government directed Anthropic to restrict the export of the Fable and Mythos models over national security concerns, though it did not publicly disclose specific reasons, according to the company.
In response, Anthropic suspended global access to the models for all users.
The letter is signed by 76 cybersecurity experts, including Alex Stamos, former Facebook chief security officer; Casey Ellis, founder of the bug bounty platform Bugcrowd; cryptographer Jon Callas, formerly of Apple’s security design and architecture team; computer scientist Paul Vixie; Dino Dai Zovi, former head of applied security engineering at Block; Katie Moussouris, founder of Luta Security; and Rachel Tobac, CEO of security awareness training firm SocialProof Security.
When Mythos launched as a preview in April, Anthropic claimed it was so effective at identifying security vulnerabilities that access had to be tightly restricted to prevent malicious hackers or foreign adversaries from using it to disrupt the internet. In practice, the company initially granted access to around 50 organizations, later expanding the program to about 150 organizations across 15 countries.
At the time of launch, Anthropic said Mythos was limited to select partners due to its capabilities, which it argued posed potential security risks if widely released.
When Mythos was introduced as a preview in April, Anthropic said it was so capable at detecting security vulnerabilities that access had to be tightly controlled to prevent misuse by malicious hackers or foreign adversaries. In practice, the company initially limited access to about 50 organizations, later expanding it to roughly 150 organizations across 15 countries.
Last week, Anthropic released Fable, a public version of Mythos, saying it included strict guardrails to prevent use in biology, chemistry, and cybersecurity, as well as to deter attempts to distill and recreate the model. However, those safeguards were reportedly so restrictive that many cybersecurity experts found they blocked virtually all cybersecurity-related prompts.
Anthropic said the White House export control order may have been based on a report suggesting there was a method to bypass, or “jailbreak,” Fable’s safeguards and unlock its more advanced Mythos-level capabilities.
