More than 70 cybersecurity professionals, including some of the most respected names in the field, have signed an open letter calling on the U.S. government to reverse its export control order on two of Anthropic’s most capable AI models. The letter argues that pulling these tools from defenders while adversaries continue to advance is not a safety measure. It’s a security risk.
According to TechCrunch, the U.S. government last Friday ordered Anthropic to restrict exports of its Fable and Mythos models, citing national security concerns but offering no specific explanation. Anthropic responded by suspending access to both models for all users worldwide, including the security researchers and companies that had been relying on them.
The open letter, which had 76 signatories at the time of writing, puts it plainly: “This action has taken the best models away from defenders” who use them to find software vulnerabilities and strengthen digital infrastructure. “To pull the best capabilities away from defenders without a good reason when our adversaries are rapidly advancing is dangerous.”
The names behind the letter carry real weight in the security world. Signatories include:
- Alex Stamos, former chief of security at Facebook
- Casey Ellis, founder of bug bounty platform Bugcrowd
- Jon Callas, cryptographer and former Apple security design manager
- Paul Vixie, computer scientist and internet infrastructure pioneer
- Dino Dai Zovi, former head of applied security engineering at Block
- Katie Moussouris, founder of Luta Security
- Rachel Tobac, CEO of security awareness training firm SocialProof Security
To understand why this matters, some context helps. When Anthropic launched Mythos as a preview in April, the company said the model was so capable at finding security vulnerabilities that it had to tightly control who could access it. About 50 companies got in initially, with that number later expanding to around 150 organizations across 15 countries. The concern was that the same power that makes it useful for defenders could be exploited by attackers.
Fable came out last week as a public version of Mythos, but with strict guardrails blocking its use in cybersecurity, biology, and chemistry. The guardrails were so aggressive that many security professionals found the model refused almost any prompt related to their work, making it effectively useless for defense.
Anthropic has said the White House export control order may have been triggered by a report claiming researchers found a way to jailbreak Fable to access Mythos-level capabilities. That report, according to Moussouris, came from Amazon researchers in a paper that has not been made public.
Moussouris reviewed the paper and wrote in a blog post that it does not actually show a real jailbreak. What the Amazon researchers did, she explained, was ask Fable to fix open source code that contained known vulnerabilities after the model initially refused to review the code for security issues. That, she argues, is not a bypass of safety guardrails. It is standard defensive security work.
“The behavior described in the paper cannot meaningfully be fixed, and any attempt would only weaken the model for defense,” Moussouris wrote. “Defenders need to be able to ask AI to fix the bugs in a file, explain why the fix matters, and write tests that confirm the patch works. That is not a guardrail bypass. It is the most valuable thing an AI model can do for defensive security: executing the find, fix, and test loop defenders run every day.”
The open letter goes further, pointing out that the technique described in the Amazon paper can reportedly be replicated on other widely available models, including OpenAI’s GPT-5.5, Anthropic’s own Claude Opus 4.8 and Sonnet, and Chinese models like Kimi 2.7. Moussouris told TechCrunch that “the bugs used to demonstrate the techniques in the paper can be found using the other models,” adding that those models simply don’t need a bypass because they don’t have Fable’s restrictions in the first place.
If that’s accurate, it raises a serious question about the logic of the ban. Restricting Anthropic’s models does not remove the capability from circulation. It just removes the tool from the people trying to defend against attacks.
Beyond the specific case, the letter calls for a broader shift in how AI export controls are handled. The signatories are asking for regulations built through a transparent, democratic process, grounded in research from industry and academic experts, and applied only to the extent necessary to protect public safety. That framing reflects a growing frustration in the security community that policy decisions affecting critical tools are being made without meaningful input from the people who actually use them.
This situation sits at the center of a tension that the AI industry has not yet resolved: the same capabilities that make a model dangerous in the wrong hands are often the same ones that make it useful for protection. Drawing that line is genuinely hard. But security experts are arguing that drawing it in the wrong place, without explanation or evidence, does real harm.