Highlights

A coalition of around 76 cybersecurity professionals has published an open letter urging the U.S. government to lift an export control that restricts access to Anthropic’s most capable models, Fable and Mythos. The signees argue the restriction removes essential tools from defenders, limiting their ability to identify and fix vulnerabilities while adversaries advance. The government cited national security concerns and ordered export limits without offering detailed explanations, prompting Anthropic to suspend worldwide access. The group calls for transparent, research-driven regulations crafted through democratic rule-making.

Sentiment Analysis

• 
  The overall sentiment of the article is mixed-to-negative about the U.S. government’s decision, reflecting concern and frustration from the cybersecurity community. Many signatories express that the policy is counterproductive: rather than improving security, it limits defenders’ access to powerful tools needed to find and remediate vulnerabilities. There is apprehension about the lack of transparency in the government’s rationale, and a call for clearer, evidence-based regulation. The tone is urgent and critical, emphasizing possible harms to defensive capabilities.
  
  
  

  
  65%
  

  
  
  
  

Article Text

A group of prominent cybersecurity professionals has publicly urged U.S. authorities to reverse an export control order that limits access to Anthropic’s most advanced models, Fable and Mythos. The open letter, signed by approximately 76 experts from across the security community, contends that the restriction deprives defenders of highly effective tools for discovering and patching vulnerabilities. Signatories include well-known figures in the field, such as former Facebook chief of security Alex Stamos and other leaders from industry and research. They warn that removing these capabilities from defenders while adversaries continue to develop advanced tools poses a tangible risk to digital security.

The U.S. government announced last Friday that it had directed Anthropic to curtail exports of Fable and Mythos, citing national security concerns. Anthropic said the order lacked specific public justification and subsequently suspended access to those models for all users worldwide. The company had already restricted Mythos access in its preview phase, providing it only to a limited set of organizations, and later released Fable as a more public-facing model with stringent guardrails that blocked many cybersecurity-related prompts. These guardrails were intended to prevent misuse but also limited legitimate defensive use, according to many in the security community.

Signatories of the open letter argue that the government’s action effectively places the most capable defensive capabilities out of reach for those who most need them. They emphasize that security teams rely on advanced models to automate the find-fix-test cycle: identifying vulnerabilities in code, proposing fixes, and generating tests that confirm patches work. Several signatories criticized a report—allegedly informing the government’s decision—that suggested Fable could be "jailbroken" to reach Mythos-level capabilities. One signer, Katie Moussouris, reviewed an unpublished paper by Amazon researchers and concluded that the experiment did not demonstrate a true jailbreak. Instead, she said, researchers asked the model to fix code containing public and intentionally inserted vulnerabilities after it initially refused to analyze code for security issues.

Moussouris and others contend that the behavior described in that paper is not evidence of a security bypass that warrants broad export controls. They argue that attempts to harden the model against such interactions could also remove valuable defensive functionality. As Moussouris stated, defenders need models that can analyze and repair insecure code and produce tests—capabilities she describes as essential for defensive security rather than a guardrail violation. This perspective underlies the open letter’s claim that limiting access to top-tier models may weaken, not strengthen, overall cybersecurity.

The open letter also suggests the method outlined in the Amazon paper could be reproduced across other contemporary models, naming several alternative platforms. The signees call for regulatory responses that are transparent, scientifically grounded, and developed through democratic processes that involve industry and academic experts. They emphasize that any restrictions should be no broader than necessary to protect public safety, balancing the risks of misuse against the harms of depriving defenders of powerful tools.

Anthropic’s prior approach to deployment had included controlled previews and a limited rollout, reflecting concern about misuse. Still, the company’s decision to suspend access worldwide after the government order highlights the tensions between government oversight, private-sector deployment choices, and the needs of the cybersecurity community. The signatories seek clearer, evidence-based guidance so defensive practitioners can access capabilities that help secure systems without enabling malicious actors. Their plea frames the issue as one of alignment between policy and practical security needs, urging policymakers to adopt measures that protect the public while preserving essential defensive tools.

Ultimately, the open letter requests a reassessment of the export control action and calls for transparent rule-making informed by technical expertise. The group stresses that thoughtful, narrowly tailored regulations would better serve public safety and national security than sweeping restrictions that could hamper defenders’ ability to protect software and infrastructure. They argue that denying defenders access to the best tools leaves systems more vulnerable at a time when adversaries are rapidly advancing.

Key Insights Table