Cybersecurity Experts Urge US to Reverse Restrictions on Anthropic’s Advanced AI Models

A coalition of dozens of cybersecurity professionals, including many prominent figures in the industry, has issued an open letter urging the U.S. government to reverse its export restrictions on Anthropic’s Fable and Mythos AI models.

According to the letter, the government’s decision has removed access to some of the most capable AI models from cybersecurity professionals who rely on them to identify software vulnerabilities and strengthen the security of digital systems and products.

“To pull the best capabilities away from defenders without a good reason when our adversaries are rapidly advancing is dangerous,” the group wrote in the open letter.

Last Friday, the U.S. government directed Anthropic to restrict exports of its Fable and Mythos models, citing national security concerns. Anthropic said authorities did not disclose the specific reasons behind the order. In response, the company suspended access to both models for users worldwide.

At the time of writing, the letter had been signed by 76 cybersecurity experts. The signatories include Alex Stamos, former chief security officer at Facebook; Casey Ellis, founder of bug bounty platform Bugcrowd; renowned cryptographer and former Apple security design and architecture manager Jon Callas; computer scientist Paul Vixie; former Block head of applied security engineering Dino Dai Zovi; Luta Security founder Katie Moussouris; and SocialProof Security chief executive Rachel Tobac.

When Anthropic introduced Mythos as a preview in April, the company described it as exceptionally effective at identifying software vulnerabilities. Because of concerns that malicious hackers or foreign adversaries could misuse those capabilities, Anthropic initially limited access to roughly 50 organisations before later expanding availability to around 150 organisations across 15 countries.

Last week, Anthropic also released Fable, a public version of Mythos that incorporated strict safety guardrails intended to prevent its use for biology, chemistry, and cybersecurity tasks, and to block attempts to distil or recreate the model. Those safeguards proved so restrictive that many cybersecurity researchers reported the model refused nearly every prompt involving cybersecurity topics.

Anthropic has suggested that the White House export restrictions may have been prompted by reports describing a method capable of bypassing—or jailbreaking—Fable’s safety guardrails to unlock capabilities similar to those available in Mythos.

According to Katie Moussouris, one of the signatories of the open letter, the technique was presented by Amazon researchers in an unpublished research paper that she reviewed personally.

However, Moussouris argued in a blog post that the paper did not demonstrate a genuine jailbreak. Instead, she explained that the researchers asked Fable to repair open-source code containing publicly known vulnerabilities as well as intentionally inserted flaws after the model initially declined to perform a direct security review of the software.

“The behaviour described in the paper cannot meaningfully be fixed, and any attempt would only weaken the model for defence,” Moussouris wrote. “Defenders need to be able to ask AI to fix the bugs in a file, explain why the fix matters, and write tests that confirm the patch works. That is not a guardrail bypass. It is the most valuable thing an AI model can do for defensive security: executing the find, fix, and test loop defenders run every day.”

The same concerns were reflected in the group’s open letter. The cybersecurity experts also argued that the capabilities described in the Amazon paper could similarly be reproduced using OpenAI’s GPT-5.5, Anthropic’s publicly available Claude Opus 4.8 and Claude Sonnet models, as well as Chinese AI systems such as Kimi 2.7.

Moussouris further stated that the vulnerabilities highlighted in the research paper can already be identified using several existing AI models. She added that while the paper demonstrated a method of bypassing Fable’s guardrails, other models lacking those restrictions generally respond directly to requests involving software security, eliminating the need for any workaround.

The letter also called on the U.S. government to establish transparent and consistently enforced AI regulations through what the group described as “a democratic rule-making process.” The signatories urged policymakers to base future restrictions on scientific research conducted by industry and academic experts, while limiting regulations to the minimum necessary to protect the safety of the American public.