A group of dozens of cybersecurity experts, including several prominent industry veterans, has released an open letter asking the U.S. government to lift export control orders on Anthropic’s Fable and Mythos models.
According to the open letter, “this action deprives (cybersecurity) defenders of their best models,” which they now cannot use to discover vulnerabilities and make software and products more secure.
“It is dangerous to extract the best from the defenders without good reason when the enemy is advancing rapidly,” the letter said.
According to Anthropic, on Friday the U.S. government ordered Anthropic to restrict the export of fables and myths, citing national security concerns and without providing a specific reason. In response, the company suspended access to the model for all users worldwide.
As of this writing, the letter has been signed by 76 cybersecurity professionals. Casey Ellis, founder of bug bounty platform Bugcrowd. Jon Callas, renowned cryptologist and former security design and architecture manager at Apple. Paul Vixey, computer scientist. Dino Dai Zovi, former head of applied security engineering at Block. Katie Moussouris, Founder of Luta Security. and Rachel Toback, CEO of security awareness training company SocialProof Security.
When Mythos was released in preview in April, Anthropic argued that Mythos was so powerful in detecting security vulnerabilities that access needed to be severely restricted to prevent malicious hackers and foreign adversaries from using Mythos to wreak havoc on the Internet. In practice, this means that Anthropic provided initial access to Mythos to approximately 50 companies and recently expanded that group to include approximately 150 organizations in 15 countries.
Anthropic released Fable, a public version of Mythos, last week, but the company says the model had strict guardrails in place to prevent its use in biology, chemistry, and cybersecurity, and to prevent others from extracting it to recreate it. Fable’s guardrails were so strict that many cybersecurity experts found that it essentially stopped all cybersecurity-related prompts.
Anthropic said the White House’s export control order may have been based on reports that there is a way to bypass Fable and unlock its powerful Mythos-level capabilities.
inquiry
Do you have more information about the Amazon paper that led to the ban? We’d love to hear your thoughts. You can contact Lorenzo Franceschi-Bicchierai securely from any non-work device or network on Signal (+1 917 257 1382), Telegram and Keybase @lorenzofb, or email.
Katie Moussoulis, one of the signatories of the open letter, said the technique was demonstrated in a private, peer-reviewed paper by Amazon researchers.
However, Moussouris said in a blog post that the paper does not actually demonstrate a jailbreak. Instead, after the model initially refused to “review the code for security issues,” the researchers simply asked Fable to fix the open source code, which contained known publicly available vulnerabilities and “intentionally implanted vulnerabilities,” she wrote.
“The behavior described in the paper cannot be meaningfully modified, and any attempt will only weaken the defensive model,” Mousouris wrote. “Defenders need to be able to ask the AI to fix bugs in their files, explain why the fix is important, and write tests to confirm that the patch works. This is not bypassing guardrails. The most valuable thing an AI model can do for defender security is run the search-fix-test loop that defenders do every day.”
Moussouri’s criticisms were echoed in the open letter, which said the group of experts believed the model features in Amazon’s paper could be “reproduced” in OpenAI’s GPT-5.5, Anthropic’s Claude Opus 4.8 and Sonnet, and even “Chinese models like Kimi 2.7.”
Moussouris told TechCrunch, “The bugs used to demonstrate the technique in the paper can be found using other models. The technique in the paper is a guardrail bypass technique. Other models without guardrails in Fable often do not reject the simple request to look for security bugs, so bypassing is not necessary.”
The letter also called for regulations to be created through a “democratic rule-making process” based on scientific research by industry and academic experts, and to be transparently and fairly enforced “to be used only to the minimum extent necessary to ensure the safety of the American people.”
If you buy through links in our articles, we may earn a small commission. This does not affect editorial independence.
