Anthropic ban sparks protest: cybersecurity vets demand access

On Friday the U.S. government ordered Anthropic to limit the export of its Fable and Mythos models, citing national security concerns, and Anthropic suspended access to the models for all users worldwide. A group of 76 cybersecurity experts published an open letter asking the government to lift the export control order, saying the move "has taken the best models away from [cybersecurity] defenders."

What the experts said

The open letter was signed by 76 security professionals, including Alex Stamos, Casey Ellis, Jon Callas, Paul Vixie, Dino Dai Zovi, Katie Moussouris and Rachel Tobac. The signatories argued that restricting access to the models harms defenders who use advanced models to find vulnerabilities and harden software. The letter warned, "To pull the best capabilities away from defenders without a good reason when our adversaries are rapidly advancing is dangerous."

Several authors of the letter criticized the guardrails Anthropic built into Fable. Anthropic released Fable as a public version of Mythos and said it included strict guardrails to block uses in biology, chemistry and cybersecurity, and to stop model distillation. In practice, many cybersecurity practitioners found Fable’s restrictions blocked essentially any cybersecurity-related prompts.

Katie Moussouris, one of the signatories, reviewed a non-public Amazon paper that may have informed the White House order. She said the paper did not demonstrate a genuine jailbreak. Instead, she wrote that researchers asked Fable to fix open source code containing public and known vulnerabilities along with "deliberately planted vulnerabilities" after the model initially refused to "review the code for security issues." Moussouris argued that the behavior described in the paper was not a guardrail bypass in a way that warrants removing defensive access, and that defenders need models that can execute the find-fix-test loop used in defensive security work.

The open letter also stated the techniques described in the Amazon paper "can be replicated" on other models, naming OpenAI’s GPT-5.5, Anthropic’s publicly available Claude Opus 4.8 and Sonnet, and Chinese models such as Kimi 2.7.

How Anthropic handled access before the order

When Mythos launched as a preview in April, Anthropic said it was powerful at finding security vulnerabilities and limited access for safety reasons. The company initially gave roughly 50 companies access to Mythos and later expanded that group to around 150 organizations across 15 countries. After the export control order, Anthropic suspended access to Fable and Mythos worldwide.

Anthropic has suggested the White House action may have been informed by a report claiming a method to bypass Fable’s guardrails and unlock Mythos-level capabilities. The Amazon paper Moussouris reviewed is not public; Moussouris disputed that it demonstrated a real bypass and said making the model less capable to address the paper’s findings would weaken the model for defensive use.

Why it matters

The dispute pits two security priorities against each other: reducing the risk that advanced models empower malicious actors, and ensuring defenders have powerful tools to find and fix vulnerabilities. Removing or tightly restricting a model defenders used for vulnerability discovery could leave software and systems harder to secure, while leaving models broadly available could raise national security concerns the government says it is addressing. The standoff also exposes a gap in process: the experts call for clearer, science-based rules and a fair, democratic rule-making process for any limits.

What to watch

Watch whether the U.S. government publishes the technical basis for the export control order or engages the signatories and industry on specific risk mitigations. Also track whether Anthropic restores access or revises Fable’s guardrails, and whether regulators move toward the transparent, fairly enforced rule-making the letter requests.