Cybersecurity veterans warn US export ban on Anthropic AI models is ‘dangerous’ for defenders

BitcoinWorld

Cybersecurity veterans warn US export ban on Anthropic AI models is ‘dangerous’ for defenders

A coalition of 76 cybersecurity experts, including former Facebook chief of security Alex Stamos and Bugcrowd founder Casey Ellis, has publicly urged the U.S. government to reverse an export control order on Anthropic’s advanced AI models, Fable and Mythos. In an open letter published Monday, the group argues that the restriction deprives cybersecurity defenders of powerful tools needed to identify vulnerabilities and secure software at a time when adversaries are rapidly advancing their capabilities.

Open letter warns of weakened defenses

The letter states that the U.S. government’s order, issued Friday without detailed public explanation, has taken the most capable AI models away from defenders. ‘To pull the best capabilities away from defenders without a good reason when our adversaries are rapidly advancing is dangerous,’ the signatories wrote. The group includes notable figures such as cryptographer Jon Callas, computer scientist Paul Vixie, Dino Dai Zovi, Katie Moussouris, and Rachel Tobac.

Background on the export control order

Anthropic suspended access to Fable and Mythos for all users worldwide after the White House ordered the company to limit exports, citing national security concerns. Anthropic has not disclosed the specific reasons behind the order. The company had previously restricted access to Mythos, which launched as a preview in April, to about 150 organizations across 15 countries due to its powerful vulnerability-finding capabilities. Fable, a public version released last week, included strict guardrails to block misuse in biology, chemistry, and cybersecurity, but many experts found those guardrails overly restrictive.

Dispute over alleged jailbreak method

The export control order may have been triggered by a report of a method to bypass Fable’s guardrails, known as a jailbreak. According to signatory Katie Moussouris, the method was demonstrated by Amazon researchers in a non-public paper she reviewed. However, Moussouris argues in a blog post that the paper did not demonstrate a real jailbreak. Instead, researchers asked Fable to fix open-source code with known vulnerabilities after the model initially refused to review code for security issues. She contends that such behavior is not a bypass but the core function defenders need: asking AI to find, fix, and test security flaws.

Call for transparent regulation

The open letter also calls for transparent and fairly enforced regulations created through a democratic rule-making process, based on scientific research from industry and academic experts. The signatories urge the government to apply restrictions only to the minimal extent necessary to ensure public safety. They note that the method described in the Amazon paper could be replicated on other models, including OpenAI’s GPT-5.5, Anthropic’s own Claude Opus 4.8, and Chinese models like Kimi 2.7, raising questions about the targeted nature of the ban.

Conclusion

The controversy highlights the tension between national security concerns and the need for advanced AI tools in cybersecurity defense. As the U.S. government navigates AI regulation, the open letter underscores the importance of balancing restrictions with the practical needs of defenders who rely on these models to protect critical infrastructure and software. The outcome of this dispute could set a precedent for how AI models are regulated in the cybersecurity domain.

FAQs

Q1: Why did the U.S. government ban exports of Anthropic’s Fable and Mythos models?
The White House cited national security concerns, but did not provide specific reasons. The order may have been influenced by a report of a method to bypass Fable’s guardrails, though cybersecurity experts dispute the validity of that claim.

Q2: How does the export ban affect cybersecurity defenders?
Defenders can no longer access these models to find vulnerabilities and secure software. The open letter argues this weakens their ability to protect systems against adversaries who continue to advance their own capabilities.

Q3: What is the difference between Fable and Mythos?
Mythos is Anthropic’s most powerful cybersecurity AI model, initially restricted to about 150 organizations. Fable is a public version with strict guardrails designed to prevent misuse, but experts found those guardrails overly restrictive, blocking legitimate defensive uses.

This post Cybersecurity veterans warn US export ban on Anthropic AI models is ‘dangerous’ for defenders first appeared on BitcoinWorld.