Top cybersecurity leaders urge US government to unban Mythos.

Reddit r/singularity News
ai-regulation cybersecurity anthropic open-letter export-controls mythos fable

Summary

Top cybersecurity leaders have signed an open letter urging the US government to lift export controls on Anthropic's Fable and Mythos AI models, arguing that the bans undermine US cybersecurity and AI leadership while adversaries advance.

No content available
Original Article
View Cached Full Text

Cached at: 06/15/26, 03:00 PM

# Open Letter on Transparent AI Cyber Protections Source: [https://freefable.org/](https://freefable.org/) Dear Secretary Lutnick and National Cyber Director Cairncross, We, the undersigned executives and technical leaders from across the United States, write to you to ask you to lift the export control directives on Anthropic’s Fable and Mythos large language models and commit to an open, scientific and transparent process of handling AI risk assessments in the future\. First, we would like to state that we believe that: - **AI is having significant impacts on cybersecurity**, including by greatly reducing the difficulty of finding flaws in software and writing exploits for those flaws\. - Anthropic’s Mythos\-class models**are quite good at finding flaws and weaponizing exploits**\. - However, they are**not*uniquely*good**at these tasks, and many of the undersigned individuals regularly use other foundation and open\-source models for security audits and red\-teaming every day\. - Anthropic has**built[multiple protections](https://www-cdn.anthropic.com/d00db56fa754a1b115b6dd7cb2e3c342ee809620.pdf)into the Fable model**to prevent its use for cyber offensive uses\. These protections were so aggressive as to be the source of humor in the cyber community on launch day\. - It is**essential to provide AI to coders and security teams**so they can find and fix flaws in their own newly\-written as well as decades of legacy code faster than our adversaries\. - The Chinese open\-weight models[are only months behind the best American models](https://artificialanalysis.ai/), and those are the models**we know about**\. It seems likely that the PRC government has access to private capabilities beyond what has been published\. - To pull the best capabilities away from defenders without a good reason when our adversaries are rapidly advancing is**dangerous**\. It is our understanding that underlying model capabilities in the original research that triggered this action: - **Were focused on determining whether a human\-prompted section of code was insecure**\. This is a necessary capability in any model that is intended to write secure code and should not be considered an offensive capability\. - **Can be replicated on GPT\-5\.5, Opus, Sonnet and even Chinese models like Kimi 2\.7**\. The justification for this unprecedented action was that Fable provides a unique “uplift” of capabilities beyond other AI models, but AI has been finding bugs and generating working exploits at superhuman levels since last year\. - **Anthropic is addressing the research\.**As security professionals, we recognize that our work does not lead to a simple end\-state where a system is fully safe, and the purpose of research like this is to enable continuous improvement, not to ban the technology\. As a result, this action has taken the best models away from defenders, created market uncertainty, and risked America’s AI leadership without any real risk to justify it\. Not all of us agree that AI regulation is the right way forward\. But if this Administration’s laudable goal of securing our nation’s critical infrastructure is going to include models being regulated, then the regulations should be: 1. Grounded in**scientific**evaluations developed with input from industry and academia; 2. Created through a**democratic**rule\-making process; 3. Enforced**transparently and fairly**with appropriate time given to remediate; and 4. Used only to the**minimal extent necessary**to ensure the safety of the American public\. Thank you for your consideration and partnership in helping us maintain America’s lead in technology while protecting critical software and systems\. Signed, Affiliations are included for reference only and do not indicate organizational endorsement\. - [Alex Stamos](https://www.linkedin.com/in/alexstamos/)Chief Product Officer,[Corridor](https://corridor.dev/) - [Feross Aboukhadijeh](https://www.linkedin.com/in/feross/)CEO,[Socket](https://socket.dev/) - [Ben Adida](https://www.linkedin.com/in/benadida)Executive Director,[VotingWorks](https://voting.works/) - [James Nicholas Ashworth](https://www.linkedin.com/in/james-ashworth-5a49bb266/)[AI Village](https://aivillage.org/) - [Megan Baker](https://www.linkedin.com/in/megan-gillikin-baker/)CISO,[Georgian](https://georgian.io/) - [Andrew Becherer](https://www.linkedin.com/in/andrewbecherer/)CISO,[Socket](https://socket.dev/) - [Manish Bhatt](https://www.linkedin.com/in/manishbhatt132123/)0\-day Connoisseur,[OWASP](https://owasp.org/) - [Christopher Bleckmann\-Dreher](https://de.linkedin.com/in/christopher-bleckmann-dreher-18a14220)Principal Offensive Security,[Mercedes\-Benz](https://www.mercedes-benz.com/) - [JP Bourget](https://www.linkedin.com/in/jpbourget/)CEO,[Blue Cycle](https://www.bluecycle.net/) - [Aaron Brown](https://www.linkedin.com/in/aaronwaynebrown/)Head of Security,[Mercor](https://mercor.com/) - [Jack Cable](https://www.linkedin.com/in/jackcable/)CEO & Co\-founder,[Corridor](https://corridor.dev/) - [Jon Callas](https://www.linkedin.com/in/joncallas/)[Indiana University](https://www.iu.edu/) - [Justin Calmus](https://www.linkedin.com/in/jcalmus/)CISO - [Jeffrey Caruso](https://www.linkedin.com/in/jeffreycaruso/)Author and Researcher - [Jason Chan](https://www.linkedin.com/in/jasonbchan)Retired CISO - [Dino A\. Dai Zovi](https://www.linkedin.com/in/dinodaizovi) - [Sam Davison](https://www.linkedin.com/in/samantha-davison-77903421/) - [Drew Dennison](https://www.linkedin.com/in/drewdennison/)CTO & Co\-Founder - [Moona Ederveen\-Schneider](https://www.linkedin.com/in/mederveen/)Founder, Resilia Connect - [Casey John Ellis](https://www.linkedin.com/in/caseyjohnellis/)Founder,[disclose\.io](https://disclose.io/)and[Bugcrowd](https://www.bugcrowd.com/) - [Gary Ellison](https://www.linkedin.com/in/garyellison/)Former VP Trust and Product Security - [Sergej Epp](https://www.linkedin.com/in/sergejepp/)Multi\-CISO - [Gadi Evron](https://www.linkedin.com/in/gadievron/)Founder and CEO,[Knostic](https://www.knostic.ai/) - Richard F\. FornoTeaching Professor,[UMBC](https://www.umbc.edu/) - [Erick Galinkin](https://www.linkedin.com/in/erickgalinkin/)AI Security Research Scientist,[NVIDIA](https://www.nvidia.com/) - [Harley Geiger](https://www.linkedin.com/in/harleylorenzgeiger/) - [Daniel Gorecki](https://www.linkedin.com/in/dangorecki/)CISO/Founder,[NGC Risk](https://ngcrisk.com/) - [Andy Grant](https://www.linkedin.com/in/andywgrant/)Head of Security Assurance,[Zoom](https://zoom.us/) - [Yael Grauer](https://www.linkedin.com/in/yaelgrauer/) - [Matthew D\. Green](https://www.linkedin.com/in/matthew-green-47850018)Associate Professor,[Johns Hopkins University](https://www.jhu.edu/) - [Joseph Lorenzo Hall](https://www.linkedin.com/in/josephhall)Distinguished Technologist,[Internet Society](https://www.internetsociety.org/) - [Andrew Hay](https://www.linkedin.com/in/andrewhay/)COO,[Damovo](https://www.damovo.com/) - [Ariel Herbert\-Voss](https://www.linkedin.com/in/adversariel/)CEO,[RunSybil](https://www.runsybil.com/) - [Christofer Hoff](https://www.linkedin.com/in/choff/)Cyber Security Executive - [Vlad Ionescu](https://www.linkedin.com/in/vladionescu0000000000/)CTO,[RunSybil](https://www.runsybil.com/) - [Dhillon Kannabhiran](https://www.linkedin.com/in/l33tdawg/)Founder,[Hack In The Box](https://www.hitb.org/) - [Jonathon Klobucar](https://www.linkedin.com/in/klobucar/)Security Engineer - [Benjamin Knauss](https://www.linkedin.com/in/racter/)CEO,[Racter Holdings](https://racterholdings.com/) - [Mitja Kolsek](https://www.linkedin.com/in/mitjakolsek/)[0patch](https://0patch.com/)co\-founder - [Martin Koopman](https://www.linkedin.com/in/martinkoopman/)Managing Director, Aditat AI - [Madeline Lawrence](https://www.linkedin.com/in/madelinelawren/)Co\-Founder,[Aikido Security](https://www.aikido.dev/) - [Nate Lee](https://www.linkedin.com/in/natetrustmind/)CEO/Founder,[TrustMind](https://trustmind.com/)and[CloudsecAI](https://cloudsec.ai/) - [Joe Levy](https://www.linkedin.com/in/j0313vy/)CEO,[Sophos](https://www.sophos.com/) - [Dan Lorenc](https://www.linkedin.com/in/danlorenc/)CEO,[Chainguard](https://www.chainguard.dev/) - [Greg Martin](https://www.linkedin.com/in/gregcmartin/)CEO of[Ghost Security](https://ghost.security/) - [Ross Matican](https://www.linkedin.com/in/ross-matican)Investor,[Halcyon Ventures](https://halcyonfutures.org/) - [Jack McGivney](https://www.linkedin.com/in/jackmcgivney/)CISO,[Anaplan](https://www.anaplan.com/) - [Sandra McLeod](https://www.linkedin.com/in/sandra-mcleod-7a6a61b/)CISO,[Zoom Communications](https://zoom.us/) - [Rich Mogull](https://www.linkedin.com/in/richmogull/)Analyst, Security Executive - [Katie Moussouris](https://www.linkedin.com/in/kmoussouris/)CEO,[Luta Security](https://www.lutasecurity.com/) - [T\.C\. \(Theodore\) Niedzialkowski](https://www.linkedin.com/in/tc-niedzialkowski/)CISO, Head of Security & IT; former[Opendoor](https://www.opendoor.com/),[Nextdoor](https://nextdoor.com/),[Federal Reserve](https://www.federalreserve.gov/)National Incident Response Team - [Charles Nwatu](https://www.linkedin.com/in/cnwatu/)Security Leader, GRC Engineering - [Efrain Orsini Jr](https://www.linkedin.com/in/eorsinijr/)Director of Security Operation & Deputy CISO,[SilverSky](https://silversky.com/) - [Bryan Payne](https://www.linkedin.com/in/bdpayne/)VP of Product & Software Security,[Adobe](https://www.adobe.com/) - [John Peterson](https://www.linkedin.com/in/john-peterson-a7b82814/)CTO,[Sophos](https://www.sophos.com/) - [Niels Provos](https://www.linkedin.com/in/nielsprovos/)Security Blueprints LLC - [Muralidharan Ramachandran](https://www.linkedin.com/in/muralidharan-ramachandran-9239992/)Founder & Strategic Advisor - [Ashwin Ramaswami](https://www.linkedin.com/in/ashwin-r)CTO & Co\-founder,[Corridor](https://corridor.dev/) - [Jason Rebholz](https://www.linkedin.com/in/jrebholz/)CEO,[Evoke Security](https://www.evokesecurity.com/) - [Gavin Reid](https://www.linkedin.com/in/gavinsreid/)CISO,[Human Security](https://www.humansecurity.com/) - [Jonathan Reiter](https://www.linkedin.com/in/jonathan-reiter-sec670/) - [Mark Risher](https://www.linkedin.com/in/mrisher/)Fmr\. Head of[Google](https://www.google.com/)Identity - [Olivia Rose](https://www.linkedin.com/in/oliviarosecybersecurity/)CISO - [Jim Routh](https://www.linkedin.com/in/jmrouth)Advisor - [Bob Rudis](https://www.linkedin.com/in/hrbrmstr/)Distinguished Engineer, Applied AI - [Dragos Ruiu](https://www.linkedin.com/in/dragosruiu)[CanSecWest](https://cansecwest.com/) - [Chris Sandulow](https://www.linkedin.com/in/csandulow/)CISO,[Confluent](https://www.confluent.io/) - [Joshua Saxe](https://www.linkedin.com/in/joshsaxe/)Co\-Founder,[Abundant Security](https://www.ssil.ai/) - [Cory Scott](https://www.linkedin.com/in/coryscottlinkedin/)[Center for Cybersecurity and Privacy Protection](https://www.law.csuohio.edu/academics/centersandprograms/cybersecurity), CSU\|LAW; Former CISO - [Joshua Scott](https://www.linkedin.com/in/joshuascott/)CISO,[Hydrolix](https://hydrolix.io/) - [Ram Shankar Siva Kumar](https://www.linkedin.com/in/rssk)Affiliate,[Berkman Klein Center for Internet and Society](https://cyber.harvard.edu/)at Harvard University - [Matthew Southworth](https://www.linkedin.com/in/matthew-southworth/)CSO,[Priceline](https://www.priceline.com/) - [Talha Tariq](https://www.linkedin.com/in/talhatariq/)Chief Technology Officer \(Security\),[Vercel](https://vercel.com/) - [Per Thorsheim](https://www.linkedin.com/in/thorsheim/)Founder,[PasswordsCon](https://www.passwordscon.org/) - [Rachel Tobac](https://www.linkedin.com/in/racheltobac/)CEO,[SocialProof Security](https://www.socialproofsecurity.com/) - [Emily Vandewater](https://www.linkedin.com/in/emily-vandewater/)vCISO,[Elteni Cybersecurity Consulting](https://www.elteni.com/) - [Paul Vixie](https://www.linkedin.com/in/paulvixie/)Internet Pioneer - [Nancy Wang](https://www.linkedin.com/in/wangnancy/)Venture Partner,[Felicis Ventures](https://www.felicis.com/) - [Royce D\. Williams](https://www.linkedin.com/in/roycewilliams/)public\-interest technologist - [Dave Willner](https://www.linkedin.com/in/davewillner/)Cofounder,[Zentropi](https://zentropi.ai/) - [Chris Wysopal](https://www.linkedin.com/in/wysopal/)Co\-founder,[Veracode](https://www.veracode.com/) - [Josh Yavor](https://www.linkedin.com/in/joshyavor/)CEO,[Credible Security](https://credible.security/)

Similar Articles

Inside the fight over Claude Mythos 5

The Verge

The Trump administration issued an export control directive to Anthropic, demanding suspension of access to its Mythos 5 and Fable 5 AI models over security concerns, leading to emergency negotiations that could reshape the AI industry.

The US government’s Anthropic models ban was never about an AI jailbreak

TechCrunch AI

The US government issued an export control directive forcing Anthropic to pull its Fable 5 and Mythos 5 AI models offline, citing national security concerns. Security researchers argue the alleged guardrail bypass does not justify such action and that the move harms US cyber defense.

US government directive to suspend access to Fable 5 and Mythos 5

Reddit r/singularity

The US government has issued an export control directive to suspend access to Anthropic's Fable 5 and Mythos 5 models due to national security concerns, citing a potential jailbreak method. Anthropic is complying by disabling access for all customers, but disputes the severity of the vulnerability.