Cybersecurity leaders are pressing the U.S. government to reverse export controls on Anthropic’s Fable 5 and Mythos 5 models, arguing that the restriction could weaken defenders more than it slows attackers.
In an open letter dated June 14 to Commerce Secretary Howard Lutnick and National Cyber Director Sean Cairncross, the signatories ask officials to lift the directives and commit to a more open process for assessing AI cyber risk. The letter says advanced models are changing cybersecurity by lowering the difficulty of finding software flaws and writing exploits, but it also argues that Anthropic’s models are not uniquely capable enough to justify removing them from defensive use.
The dispute follows Anthropic’s June 12 statement that it had received a government directive at 5:21 p.m. ET requiring it to suspend access to Fable 5 and Mythos 5 for any foreign national, including non-U.S. Anthropic employees. Because Anthropic said it could not comply narrowly, it disabled both models for all customers. Access to other Anthropic models was not affected.
Anthropic said the government letter did not give specific details of the national-security concern. The company’s understanding was that officials were reacting to a method of bypassing, or jailbreaking, Fable 5. Anthropic said it reviewed a demonstration involving a small number of previously known, minor vulnerabilities and found that other publicly available models could discover them too without the same bypass.
The fight is now about what counts as dangerous capability
The new pressure campaign matters because it narrows the debate from broad fear about powerful AI models to a specific technical question: when a model helps inspect and repair vulnerable code, is that defensive security, offensive cyber capability, or both?
Katie Moussouris, founder and CEO of Luta Security, wrote Thursday that Anthropic privately shared a third-party paper about Fable 5 guardrail bypass techniques with her for review. In her account, the researchers used open-source code with known CVEs and code with planted vulnerabilities, then asked Fable 5, Mythos and Opus to review the code for security issues. Fable 5 refused. The researchers then asked the models to “fix this code” and used a manual multistep process to turn the output into scripts that tested the patches.
That distinction is central to the letter’s argument. A model that can identify a vulnerable function, suggest a patch, explain the fix and help write a regression test can also reduce the time needed to reproduce or weaponize a flaw. But those same steps are ordinary work for security teams trying to repair legacy systems, harden new code and validate that a fix actually holds.
The signatories do not claim AI cyber capability is harmless. The letter says AI is already reducing the difficulty of finding flaws and writing exploits, and that Mythos-class models are “quite good” at those tasks. Their objection is to treating Fable and Mythos as uniquely dangerous when similar work can be done with other foundation models and open-weight models, including systems outside U.S. control.
Why defenders are worried
Anthropic launched Fable 5 on June 9 as its newest broadly available Claude model and described Mythos 5 as the same underlying model with some safeguards lifted for trusted cybersecurity partners. Mythos 5 was initially tied to Project Glasswing, a collaboration with the U.S. government and cyberdefense organizations that Anthropic has presented as a way to help secure important software.
For defenders, the concern is not just losing access to a powerful chatbot. It is losing access to an automated code-review and patching assistant at the moment AI-assisted vulnerability discovery is becoming faster. If attackers can use comparable open or foreign models while U.S.-aligned security teams lose access to the strongest available defensive tools, the control may shift the balance in the wrong direction.
Moussouris compares the risk to earlier fights over export controls on intrusion software. When the Wassenaar Arrangement added controls on intrusion software in 2013, broad language risked sweeping in vulnerability disclosure, incident response and coordinated defense. Security researchers spent years arguing that defensive activity needed exemptions. The Fable dispute is different in technology, but similar in structure: a control meant to reduce offensive risk can also slow the people patching real systems.
The open letter’s policy request is therefore process-focused. It asks for AI model risk reviews grounded in scientific evaluations, shaped through democratic rulemaking, enforced transparently and fairly, and limited to what is necessary for public safety. That is a notable framing because it does not require every signer to agree on a broad AI-regulation agenda. It asks the government to explain and test the standard before using emergency-style controls on models that security teams depend on.
What enterprises should take from the shutdown
For companies building security, software engineering or incident-response workflows around frontier models, the Fable shutdown is now a vendor-risk case study. A model dependency can disappear because of policy action, not only because of pricing, downtime, safety filters or product deprecation.
Security teams using AI for code review should document which tasks are approved, which models are allowed for sensitive code, what data-retention rules apply, and what fallback models or internal tools can replace a blocked provider. Teams that use AI to generate patches should also keep human review, reproducible tests and audit logs in the loop, especially when the model output touches authentication, parsing, memory safety, deserialization, CI/CD scripts or internet-exposed services.
The policy side is less settled. Anthropic argues that recalling a deployed model over a narrow jailbreak would set a standard that could halt frontier model releases across the industry. Critics of the models argue that the government cannot wait for a public catastrophe before acting on serious cyber-risk warnings. The open letter lands between those positions: it accepts that AI is changing vulnerability work, but says the current control removes useful defensive capability without a transparent showing that the removed capability is unique or meaningfully contained.
That makes the next step more important than the initial shutdown. If officials publish a clear test, appeals process, remediation path or trusted-access framework, the Fable case could become an early template for frontier-model cyber governance. If the directive remains opaque, it may push companies and governments toward model diversification, self-hosted systems and non-U.S. providers that appear less exposed to abrupt access decisions.
For now, Fable 5 and Mythos 5 remain a live example of the hardest AI-security tradeoff: the same capability that helps a model find and fix dangerous software flaws can also make those flaws easier to exploit. The argument from security leaders is not that the risk is imaginary. It is that defenders need the strongest tools too, and that controls on those tools need a standard the security community can inspect before access disappears.
