Late last week, Anthropic took its new Claude Fable 5 and Mythos 5 AI models offline following a US government export-control directive barring "any foreign national" from using the services. The company has been negotiating with the White House since Friday but has not yet secured an agreement to reinstate the offerings.
The restriction targets models with advanced dual-use capabilities. Since Mythos debuted in April, Anthropic has warned that the model can find software vulnerabilities to help defenders patch them—and also determine ways to exploit them, potentially enabling malicious actors. The company released Mythos 5 privately last week to a select consortium called Project Glasswing, while Claude Fable 5, a Mythos-grade model, was released to the general public with specific blocks on responses about biology and cybersecurity.
The Trump administration moved to restrict both models based on the belief that Fable 5's guardrails can be disabled, allegedly making it a national security risk.
But cybersecurity experts and researchers argue the move addresses a symptom, not the underlying problem. "It's myopic in the extreme to think that no other competitors to Anthropic will develop similar capabilities to Mythos or even that they have not already done so," said Tarah Wheeler, chief security officer of TPO Group. "There are other companies hot on Anthropic's heels who probably have the capabilities, too, and are holding them in reserve."
OpenAI, for example, privately released its own cybersecurity-focused model in mid-April and announced an expanded cybersecurity strategy. Researchers note that even existing AI offerings could be used for advanced vulnerability-hunting with refined prompting. Bruce Schneier, a researcher at Harvard and the University of Toronto, noted that "smaller, cheaper, open-source models, sometimes by themselves and sometimes in concert with each other, can match Mythos/Fable's performance with more sophisticated prompting," and that "we should expect other models to match Mythos/Fable's creativity and tenaciousness within months."
Anthroporic itself has underscored this timeline. Logan Graham, the company's frontier red team lead, told Wired in April: "The real message is that this is not about the model or Anthropic. We need to prepare now for a world where these capabilities are broadly available in 6, 12, 24 months."
A large group of cybersecurity leaders sent an open letter to the administration on Sunday arguing the export-control directive was misguided. "It's not one model; it's the general trend of technology," Schneier said. The policy question, according to Chris Wysopal, cofounder of Veracode, is whether "a specific restriction meaningfully reduces that risk or whether it mainly slows down the people trying to make systems safer."