A group of 76 cybersecurity experts, including veteran leaders from Facebook, Apple, Block, and leading security firms, has published an open letter to the U.S. government asking it to lift export control restrictions on Anthropic's Fable and Mythos models.
On Friday, the White House ordered Anthropic to limit the export of both models, citing national security concerns but without disclosing specific reasons. In response, Anthropic suspended access to the models for all users worldwide.
The signatories argue the ban undermines the ability of cybersecurity defenders to secure software and find vulnerabilities. The open letter states: "This action has taken the best models away from [cybersecurity] defenders" who rely on advanced AI to identify and fix security flaws. "To pull the best capabilities away from defenders without a good reason when our adversaries are rapidly advancing is dangerous," the letter reads.
The export order appears to have been prompted by research from Amazon demonstrating a method to bypass Fable's security guardrails. However, the signatories—including Katie Mossouris, founder of Luta Security—dispute the characterization of this method as a true jailbreak.
Mossouris reviewed the unpublished Amazon paper and published a blog post arguing the researchers simply asked Fable to fix open-source code containing intentionally planted vulnerabilities after the model initially refused. She wrote: "The behavior described in the paper cannot meaningfully be fixed, and any attempt would only weaken the model for defense. Defenders need to be able to ask AI to fix the bugs in a file, explain why the fix matters, and write tests that confirm the patch works. That is not a guardrail bypass. It is the most valuable thing an AI model can do for defensive security."
The open letter echoes this critique, noting that the method shown in the Amazon paper "can be replicated" on other advanced models, including OpenAI's GPT-5.5, Anthropic's own Claude Opus 4.8 and Sonnet, and Chinese models like Kimi 2.7.
Notable signatories include former Facebook chief of security Alex Stamos, Bugcrowd founder Casey Ellis, cryptographer and former Apple security manager Jon Callas, computer scientist Paul Vixie, Dino Dai Zovi (former head of applied security engineering at Block), and Rachel Tobac (CEO of SocialProof Security).
Mytos launched as a preview in April with restricted access—initially to around 50 companies, expanding to roughly 150 organizations in 15 countries—because Anthropic determined it was powerful enough at finding security vulnerabilities that unrestricted access posed risks. Fable, released last week, is a public version of Mythos with strict guardrails designed to block use in biology, chemistry, cybersecurity, and distillation attempts. However, many cybersecurity experts found these guardrails so restrictive that they blocked most cybersecurity-related prompts.
The experts call for transparent, fairly enforced regulations created through "a democratic rule-making process" based on scientific research by industry and academic experts, applied "only to the minimal extent necessary to ensure the safety of the American public."