A coalition of over 70 cybersecurity experts, including a number of well-known industry veterans, has published an open letter urging the U.S. government to revoke its export control order on Anthropic’s Fable and Mythos models. The letter argues that "this action has taken the best models away from [cybersecurity] defenders," preventing them from using these tools to identify vulnerabilities and enhance software security. It warns, "To pull the best capabilities away from defenders without a good reason when our adversaries are rapidly advancing is dangerous."

On Friday, the U.S. government directed Anthropic to restrict exports of Fable and Mythos, citing national security concerns but offering no detailed explanation for the decision, according to the company. In response, Anthropic suspended access to the models for all users worldwide. As of now, the letter has been signed by 76 cybersecurity experts, including former Facebook chief of security Alex Stamos; Casey Ellis, founder of bug bounty platform Bugcrowd; renowned cryptographer and former Apple security design and architecture manager Jon Callas; computer scientist Paul Vixie; Dino Dai Zovi, former head of applied security engineering at Block; Katie Mossouris, founder of Luta Security; and Rachel Tobac, CEO of security awareness training firm SocialProof Security.

When Mythos launched as a preview in April, Anthropic claimed it was so effective at detecting security vulnerabilities that the company had to tightly restrict access to prevent malicious hackers or foreign adversaries from exploiting it. Initially, only about 50 companies were given access to Mythos, a group that was later expanded to roughly 150 organizations across 15 countries. Last week, Anthropic released Fable, a public version of Mythos, which the company said included strict guardrails to block its use in biology, chemistry, and cybersecurity, as well as to prevent others from distilling the model to recreate it. However, these guardrails were so stringent that many cybersecurity experts found Fable would reject virtually any prompts related to cybersecurity.

Anthropic suggested that the White House export control order may have been influenced by a report detailing a method to bypass—or "jailbreak"—Fable, unlocking its more powerful Mythos-level capabilities. According to Katie Moussouris, one of the signatories of the open letter, this method was demonstrated by Amazon researchers in a non-public paper she has reviewed. However, in a blog post, Moussouris argued that the paper did not actually prove a real jailbreak. Instead, she wrote, the researchers simply asked Fable to fix open-source code containing publicly known vulnerabilities and "deliberately planted vulnerabilities," after the model initially refused to "review the code for security issues."

"The behavior described in the paper cannot meaningfully be fixed, and any attempt would only weaken the model for defense," Moussouris wrote. "Defenders need to be able to ask AI to fix the bugs in a file, explain why the fix matters, and write tests that confirm the patch works. That is not a guardrail bypass. It is the most valuable thing an AI model can do for defensive security: executing the find, fix, and test loop defenders run every day."

Moussouris’ critique was echoed in the open letter, which also stated that the group of experts believes the method in the Amazon paper "can be replicated" on OpenAI’s GPT-5.5, Anthropic’s own publicly available Claude Opus 4.8 and Sonnet, "and even Chinese models like Kimi 2.7." The letter further called for transparent and fairly enforced regulations, developed through "a democratic rule-making process" based on scientific research by industry and academic experts, and "used only to the minimal extent necessary to ensure the safety of the American public."