14 Sources
[1]
Cybersecurity vets protest 'dangerous' US government ban on Anthropic's most powerful models
A group made up of dozens of cybersecurity experts, including several well-known veterans of the industry, published an open letter to the U.S. government asking it to lift the export control order on Anthropic's Fable and Mythos models. According to the open letter, "this action has taken the best models away from [cybersecurity] defenders" who now can't use the models to find vulnerabilities and make their software and products more secure. "To pull the best capabilities away from defenders without a good reason when our adversaries are rapidly advancing is dangerous," read the letter. On Friday, the U.S. government ordered Anthropic to limit the export of Fable and Mythos citing national security concerns, without explaining the specific reasons behind the order, according to Anthropic. In response, the company suspended access to the models to all users worldwide. As of this writing, the letter is signed by 76 cybersecurity experts, including: former Facebook chief of security Alex Stamos; Casey Ellis, the founder bug bounty platform Bugcrowd; famed cryptographer and former Apple security design and architecture manager Jon Callas; computer scientist Paul Vixie; Dino Dai Zovi, the former head of applied security engineering at Block; Katie Mossouris, the founder of Luta Security; and Rachel Tobac, the CEO of the security awareness training firm SocialProof Security. When Mythos launched as a preview in April, Anthropic claimed it was so powerful at finding security vulnerabilities that the company needed to tightly restrict access to prevent malicious hackers or foreign adversaries from using it to cause havoc on the internet. In practice, that meant Anthropic gave around 50 companies initial access to Mythos, recently expanding that group to include around 150 organizations in 15 countries. Last week, Anthropic released Fable, a public version of Mythos that the company said had strict guardrails to block its use in the fields of biology, chemistry, and cybersecurity, as well as to stop others from distilling the model in order to recreate it. The guardrails on Fable were so strict that many cybersecurity experts found that it stopped essentially any prompts related to cybersecurity. Anthropic said that the White House export control order may have been based on a report that there was a method to bypass -- or so-called jailbreaking -- Fable to unlock its powerful Mythos-level capabilities. According to Katie Moussouris, one of the signatories of the open letter, the method was demonstrated by Amazon researchers in a paper that is not public, but that she has reviewed. But Moussouris said in a blog post that the paper did not actually demonstrate a real jailbreak. Instead, she wrote, the researchers simply asked Fable to fix open source code with public and known vulnerabilities along with "deliberately planted vulnerabilities," after the model initially refused to "review the code for security issues." "The behavior described in the paper cannot meaningfully be fixed, and any attempt would only weaken the model for defense," Moussouris wrote. "Defenders need to be able to ask AI to fix the bugs in a file, explain why the fix matters, and write tests that confirm the patch works. That is not a guardrail bypass. It is the most valuable thing an AI model can do for defensive security: executing the find, fix, and test loop defenders run every day." Moussouris' critique was echoed in the open letter, which also said that the group of experts believe the method in the Amazon paper "can be replicated" on OpenAI's GPT-5.5, on Anthropic's own publicly-available Claude Opus 4.8 and Sonnet, "and even Chinese models like Kimi 2.7." The letter also asked for transparently and fairly enforced regulations created by "a democratic rule-making process" that are based on scientific research done by industry and academic experts, and "used only to the minimal extent necessary to ensure the safety of the American public."
[2]
Feds freaked over Fable 5 after simple 'fix this code' prompt, not jailbreak, says researcher
According to the one person who actually read the research paper The "jailbreak" that prompted the Trump administration to block Anthropic's most advanced models was actually a simple three-word prompt: "Fix this code." That's according to Katie Moussouris, founder and CEO of Luta Security, and the fairy godmother of bug bounties. She says she was the only outside expert to read the third-party research paper on Fable 5 guardrail bypass techniques that prompted the ban. On Friday, the US government, reportedly citing national security concerns, issued an export control directive to suspend access to Fable 5 and Mythos 5 by any foreign national, inside or outside the United States. In response, Anthropic disabled both models "for all our customers to ensure compliance." Anthropic shared the report privately with her, Moussouris wrote in a Monday blog post. The outside researchers reportedly fed Anthropic's Fable 5, Mythos, and Claude Opus models open-source code containing known CVEs, plus new code intentionally laced with vulnerabilities, and asked the models to "review the code for security issues." As Moussouris tells it, Fable 5 refused, so the researchers asked the AI systems to "fix this code." The model reportedly obliged, and after additional prompts also produced scripts to test the patches. "That's it," Moussouris wrote. "'Fix this code,' plus several manual steps to generate test scripts, should never have triggered an export control. I feel like making '90s-style t-shirts with 'fix this code' on the front and 'this shirt is a munition' on the back." Between 2013 and 2017, Moussouris served on the technical expert group that renegotiated the Wassenaar Arrangement, a voluntary agreement between 42 nations that governs certain export controls for classified dual-use software and technology. The group eventually won exemptions for defensive cybersecurity activity. This allows defenders to share vulnerability data, conduct malware analysis, and coordinate incident response internationally without the threat of criminal prosecution. On Sunday, Moussouris joined more than 100 other cybersecurity leaders and signed an open letter urging the Trump administration to reverse the restrictions on Fable 5 and Mythos and restore cybersecurity firms' access to the advanced models. "To pull the best capabilities away from defenders without a good reason when our adversaries are rapidly advancing is dangerous," they wrote. In her blog, Moussouris argues that there was no guardrail bypass or jailbreak. Defenders should be able to ask AI systems to find and fix bugs, and write tests to validate the patch, she said. Anthropic's models were doing "the most valuable thing an AI model can do for defensive security: executing the find, fix, and test loop defenders run every day." Removing the capability for models to respond to defensive requests makes AI systems "worse at finding bugs and verifying patches," she continued. Plus, the US can't extend export controls to open-weight systems or similar advanced models from China and other countries - and these systems will soon achieve Mythos-like capabilities, anyway. Anthropic and Google have both accused China-based rivals including DeepSeek of using "distillation attacks" to train their models by siphoning knowledge from American companies' AI. Banning Anthropic's advanced models is going to hurt defenders more than attackers, Moussouris warns. "Defense improves when defenders find the same bugs attackers find and fix them faster," she wrote. "We need the best tools to defend against increasingly capable attackers in the AI era of cybersecurity." The Register reached out to the Trump administration for comment on Moussouris' assertion, and we'll update this post if we hear back. ®
[3]
Cybersecurity executives urge the Trump administration to ease restrictions on Anthropic AI models
SAN FRANCISCO (AP) -- A group of cybersecurity executives and experts is asking the Trump administration to lift its directive preventing the use of Anthropic's latest artificial intelligence models by foreign nationals, saying the move could help U.S. adversaries more than it hurts them. Anthropic said Friday it has taken its latest artificial intelligence models, known as Fable 5 and Mythos 5, offline to comply with the directive. The AI giant said it did not believe the steps taken by the government were warranted by the concern it flagged about a potential security issue. Anthropic has said it was limiting use of some its latest technology to select customers because of its ability to surpass human cybersecurity experts in finding and exploiting computer vulnerabilities. The San Francisco-based company has had discussions with the White House previously about the latest models' capabilities. In the letter Sunday, more than 100 cybersecurity experts and leaders from companies including Adobe and Nvidia asked the U.S. government to lift the export control directives on the Anthropic models and "commit to an open, scientific and transparent process of handling AI risk assessments in the future." The letter said that while Anthropic's Mythos models are "quite good" at finding flaws in software and weaponizing exploits, they are "not uniquely good at these tasks" and many of the letter's signatories regularly use other foundation and open-source models for security audits and training. The letter said it is dangerous to take away the best cyber defense capabilities "without a good reason" when America's adversaries are rapidly advancing. China's models, the letter said, are "only months behind the best American models," and it is even likely that China's government has access to private capabilities beyond what's been made public. The export controls marked the U.S. government's most significant step yet to restrict access to the most advanced AI models. Anthropic released Fable widely last week. That model is a limited version of the more advanced Mythos, to which the company has tightly limited access due to cybersecurity fears. The Commerce Department did not immediately respond to a request for comment on Monday. Friday's directive came 10 days after President Donald Trump signed an executive order to establish a framework for the federal government to vet the national security risks of the most advanced AI systems for up to a month before their public release. Participation by AI developers would be voluntary, the order said. Tensions have been running high between the Trump administration and the safety-conscious Anthropic, which has sought to put guardrails on the development of AI to minimize any potential risks and maximize its economic and national security benefits for the U.S. After a contract dispute with the Pentagon, Defense Secretary Pete Hegseth sought to declare Anthropic a supply chain risk, an unprecedented move against a U.S. company that Anthropic has challenged in two federal courts. The company said it wanted assurance the Pentagon would not use its technology in fully autonomous weapons and the surveillance of Americans. Hegseth said the company must allow for any uses the Pentagon deemed lawful.
[4]
Anthropic crisis talks with Commerce over Fable 5 ban
Personality clashes, accusations of "recklessness," and a revolt by 100+ cybersecurity experts frame Monday's Commerce Department meeting Anthropic's senior technical staff will sit down with Commerce Department officials in Washington on Monday in a bid to resolve the escalating crisis over its suspended Fable 5 and Mythos 5 models. The meeting, confirmed by Reuters and Bloomberg, comes after a week in which the dispute has metastasised from a narrow cybersecurity concern into a full-blown confrontation between Silicon Valley and the Trump administration. Neither side has commented on expected outcomes. But the behind-the-scenes picture, pieced together from half a dozen media reports over the weekend, is deeply unflattering to everyone involved. 'They screwed us' The personal friction is now impossible to ignore. An administration official told Axios on Sunday that "everybody said Anthropic was a bad actor" and that some had pushed to give the company a chance anyway. "Now those people are questioning that," the official said. "They screwed us." Sources familiar with the discussions told the outlet that Anthropic has struggled to communicate with the administration. "It's like they just speak in different languages," one said. A separate Fox Business report cited a senior official calling Anthropic's handling of known vulnerabilities "recklessness" that had damaged government trust. The administration had reportedly pressed the company to pause the release before launch, but Anthropic declined. How the dominoes fell The crisis ignited on 9 June, when Anthropic launched Fable 5 as a public model and Mythos 5 as a restricted tool for vetted cyber defenders. Three days later, researchers at Amazon, Anthropic's largest investor, discovered a "fix this code" jailbreak that could coax dangerous outputs from both models. Amazon CEO Andy Jassy escalated the findings directly to Treasury Secretary Scott Bessent, Commerce Secretary Howard Lutnick, and National Cyber Director Harry Coker Jr. That same evening, Lutnick sent a letter to Anthropic CEO Dario Amodei imposing export controls on both models, without providing a specific national security rationale. By midnight on 12 June, Anthropic had disabled both models globally for all users. The speed of the shutdown stunned the AI industry. China fills the vacuum Beijing wasted no time. On 13 June, Chinese AI lab Zhipu AI launched GLM-5.2, explicitly citing the US ban as proof that American models are unreliable partners. Zhipu's stock surged 33% in a single session. The geopolitical fallout the administration feared was arriving, just not from the direction it expected. The irony was not lost on critics. More than 100 cybersecurity experts, including Stanford's Alex Stamos, Katie Moussouris, and Ian Levy, published an open letter on Sunday demanding the ban be reversed, arguing it actively harms US cyber defence by removing the very tools defenders rely on. Meanwhile, Semafor reported that White House concerns extend beyond the jailbreak itself. Officials suspect a China-linked group accessed Mythos before the shutdown. Commerce Secretary Lutnick cited "unacceptable risk" that the models could be "diverted to military intelligence users in China, Russia or other countries of concern." Anthropic says the White House never raised Chinese access in its conversations around the jailbreak. The Sacks-Amodei standoff Trump AI adviser David Sacks claims the administration gave Amodei a clear choice: fix the jailbreak or de-deploy the models. Amodei refused, according to Sacks. Anthropic disputes that characterisation. The competing accounts have not been reconciled. The standoff underscores a deeper rift. The administration had signalled that Fable 5 would serve as the first test case for a new AI guardrails executive order, raising the stakes for both sides well beyond a single product launch. Strange bedfellows, sharp critics Amazon's dual role adds an uncomfortable wrinkle. It is simultaneously Anthropic's largest financial backer and the company whose researchers triggered the ban, a tension first reported by Fortune on 14 June. On Capitol Hill, Rep. Zoe Lofgren, the House Science Committee's ranking member, said she was "appalled." The R Street Institute, a centre-right think tank, called the export controls "a bad idea applied badly." The National, a UAE-based outlet, questioned whether Trump was "using national security as excuse to punish Anthropic." The criticism now spans the political spectrum. That question sits alongside a broader backdrop: the Pentagon has blacklisted Anthropic as a national security supply chain threat, Anthropic has sued the government in response, and the NSA still quietly uses Claude for its own operations. What Monday means The Commerce meeting is the first formal opportunity for de-escalation. But the accumulation of personal grievances, competing narratives, and geopolitical fallout means a quick resolution is far from guaranteed. If no deal emerges, the US risks ceding more ground to Chinese competitors while its own cyber defenders remain locked out of the tools designed to protect them. For Anthropic, prolonged suspension threatens not just revenue but the company's foundational claim that safety and capability can coexist. Monday's meeting will test whether Washington and Silicon Valley can still solve a problem in a room together, or whether this fight has already moved past the point of repair.
[5]
100 cyber experts say Fable 5 ban hurts defenders
The US government pulled Anthropic's most powerful AI models from the market. Now the people who protect networks for a living say America just disarmed itself. Three days after the US government ordered Anthropic to shut down Fable 5 and Mythos 5, roughly 100 of the world's most prominent cybersecurity professionals have published an open letter demanding the ban be reversed. Their argument is blunt: pulling the best AI tools from defenders while adversaries keep building is not safety, it is sabotage. "This action has taken the best models away from defenders, created market uncertainty, and risked America's AI leadership without any real risk to justify it," the letter states. The signatories include Alex Stamos, former chief security officer at both Facebook and Yahoo and now chief product officer at Corridor, alongside Katie Moussouris, CEO of Luta Security, Rachel Tobac of SocialProof Security, Chris Wysopal of Veracode, and Joe Levy, CEO of Sophos. The "jailbreak" that triggered a government order The chain of events began when Amazon researchers found a way to coax Fable 5 into surfacing code vulnerabilities. The technique was unremarkable by industry standards: after an initial refusal to "review the code for security issues," the researchers simply rephrased the prompt to "fix this code," feeding it open-source code with known and deliberately planted flaws. Moussouris has been particularly vocal, telling reporters the exploit "is not a jailbreak." The open letter makes the same point, noting that other leading AI models, including OpenAI's GPT-5.5, can surface identical vulnerabilities without any bypass. Anthropic's own position tracks with the critics. The company has said the exploit is narrow, not universal, and that the vulnerabilities it surfaced were minor and already publicly documented. Amazon's uncomfortable double role The letter does not address what may be the most awkward dimension of the affair: the company that discovered the vulnerability is also Anthropic's largest investor and cloud host. Amazon CEO Andy Jassy personally escalated the findings to Treasury Secretary Scott Bessent, Commerce Secretary Howard Lutnick, and National Cyber Director Sean Cairncross. That escalation path, from a competitor's security team to the highest levels of the executive branch, has raised questions about whether commercial rivalry played a role in the government's response. Semafor has reported that the White House's concerns extended beyond the jailbreak itself to worries about Chinese access to Mythos. The Sacks-Amodei standoff Trump AI adviser David Sacks offered a different account on X. He claimed the administration gave Anthropic CEO Dario Amodei a choice: fix the jailbreak or de-deploy Fable 5. According to Sacks, Amodei refused, and Anthropic "prioritised the continued offering of the consumer model over safety." Anthropic has pushed back on that characterisation, maintaining that the vulnerability is too narrow to justify pulling its flagship products from the market. China's gift-wrapped opportunity If the ban was meant to protect national security, it may have achieved the opposite. Chinese AI company Zhipu AI launched its GLM-5.2 model on 13 June, exactly one day after the Fable 5 shutdown, and directly cited the ban as evidence that US AI models cannot be relied upon. Zhipu's stock surged 33% on the announcement. The company claims GLM-5.2 tops BridgeBench reasoning at 42.8, runs at 300 tokens per second, and costs one-tenth of comparable US frontier models, though it published no independent benchmark scores at launch. The trade-off is stark. Any organisation deploying through Zhipu's cloud API would expose its data to the Chinese government under China's National Intelligence Law, which compels companies to cooperate with state intelligence operations. Defenders without their best tools The open letter's core claim is practical, not ideological. Cybersecurity professionals use frontier AI models to hunt for vulnerabilities in software before attackers find them, to generate detection rules, and to analyse malware at speed. Removing the most capable models from that workflow does not stop adversaries, who can use open-source alternatives, foreign models, or simply older techniques. It stops defenders from working at the pace the threat landscape demands. The irony has not been lost on observers. Eastern Herald has reported that some of the same executives who signed the open letter spent April warning about the dangers of Mythos, Anthropic's most powerful reasoning model. That apparent contradiction does not necessarily undermine the letter's argument. It does suggest the cybersecurity community is still working out where to draw the line between capability and caution. What happens next Prediction markets are betting the ban will not last. Kalshi puts the odds of Fable 5 returning before 1 July at 68%, with Polymarket slightly more bullish at 71%. The European Union has already begun pushing for guaranteed access to Mythos for cyber defence purposes, adding international pressure to the domestic backlash. India has similarly used the episode to accelerate its own sovereign AI ambitions. For now, America's cybersecurity defenders are left with a question the open letter frames in stark terms: if the best tools are taken from the people protecting networks, who exactly is safer?
[6]
Cyber experts warn Fable limits aid attackers and hurt defenders
Why it matters: Pulling back access to Anthropic's first publicly available Mythos-class model could kneecap cyber defenders just as they're bracing for a wave of AI-powered hacking threats, the leaders argue. Driving the news: The loosely organized group of experts, led by former Facebook Chief Security Officer Alex Stamos, argue in the letter that the issue Amazon researchers flagged exists across other leading AI models, too. * As of Sunday evening, the letter had over 40 signatories. Luta Security CEO Katie Moussouris, SocialProof Security CEO Rachel Tobac, Veracode co-founder Chris Wysopal, prominent computer scientist Paul Vixie, Sophos CEO Joe Levy and Nvidia security researcher Aaron Grattafiori are among those who signed the letter. * "This action has taken the best models away from defenders, created market uncertainty, and risked America's AI leadership without any real risk to justify it," the letter says. * When asked for a statement, Anthropic pointed Axios to its Friday statement on the U.S. government's directive. * Amazon did not immediately respond to a request for comment, but a company spokesperson told Axios Friday that it does not share details about cybersecurity security discussions it has with governments. Zoom in: Stamos, now the chief product officer at Corridor, told Axios that the Fable 5 security capabilities that appeared to alarm the White House was the model's ability to create a "proof of concept" for vulnerabilities. * Those "proofs of concept" can create a blueprint for code that lets adversarial hackers into a system -- but they also help security teams understand how to protect their systems, he added. * Only Mythos 5 and Mythos Preview -- which had been available only to vetted members of Anthropic's Project Glasswing initiative before Friday -- could turn those proofs of concept into fully autonomous attack chains, Stamos said. * "You cannot give Fable the entire Linux kernel and say 'Find all the security bugs,'" Stamos told Axios. Amazon is not claiming that they're able to do this, he added. Flashback: When Anthropic rolled out Fable 5 last week, its strict guardrails quickly became a "source of humor in the cyber community on launch day," the letter says. Yes, but: That capability can also be replicated using OpenAI's GPT-5.5, Anthropic's Opus and Sonnet models and Chinese models like Kimi 2.7, according to the letter. Between the lines: Stamos argued that open-source Chinese models aren't far behind Fable 5's ability to analyze security flaws. * "For us to shut down our best capabilities at the moment we know the Chinese are using and stockpiling these vulnerabilities is dangerous -- absolutely foolish," Stamos said. "We are in a race right now to fix these bugs as fast as possible." What to watch: Stamos told Axios the letter is still open to new signatures from security leaders.
[7]
Why Anthropic's closed approach may be safer than OpenAI's
Humans are a cantankerous bunch. We don't agree on much. But if there's one certainty in this world - one North Star we can all get behind - it's that the AI industry has never been quiet. And it's been particularly noisy of late. We've had Musk and Altman levelling up their feud by going head-to-head in the courts, investors growing increasingly concerned with whether they'll ever see a return on their investment, and all the while regulators are standing on the sidelines wondering what they should be doing about AI tools at all. But somewhere in the midst of all this chaos, there is real work being done. With their heads down and headphones on, AI developers (and their growing army of AI agents) are just getting on with the job of rolling out continuous updates. While most of these updates are iterative in nature - merely small arms fire in the ongoing attritional warfare between the big players - Anthropic and OpenAI may have just changed the nature of the war by unveiling an entirely new weapons class. The question now is not whether they should take these weapons to battle (you can't rewind time), but about who they are giving these weapons to. Head-to-head: Anthropic vs. OpenAI So, what's happened exactly? In summary, two of the world's leading AI companies recently launched powerful new tools to identify cyber vulnerabilities -- and they're taking very different routes to market. This divergence highlights a critical tension at the heart of AI security: control versus scale. On 7th April 2026 Anthropic announced "Claude Mythos Preview". One week later, on 14th April 2026, OpenAI announced "GPT Cyber 5.4". Both AI models are focused on cybersecurity, specifically their ability to identify and exploit software vulnerabilities almost instantaneously. These new models are the quintessential Double-Edged Sword; on the one hand, they are a software developer's dream because they can identify serious software vulnerabilities so quickly, but on the other hand, they are a software developer's nightmare because they can help attackers, well, do the exact same thing - "identify serious software vulnerabilities so quickly." Whether they are "good" or "bad" is a matter of whose side you're on. Two different approaches to opening Pandora's Box While the PR might suggest that both companies are taking an equally cautious and responsible approach to their product's respective launches, the approaches are actually very different. Neither product is being released publicly at this time. Anthropic's Claude Mythos Preview is being deployed through Project Glasswing, a tightly controlled group of companies which includes AWS, Apple, Google, Microsoft, Nvidia, Cisco, CrowdStrike, and the Linux Foundation (i.e. all the companies responsible for the bulk of the world's critical IT infrastructure). Anthropic has explicitly warned that the model's ability to autonomously discover severe vulnerabilities makes wider access unsafe for now. If they are opening Pandora's box, they are at least lifting the lid up slowly and only giving the keys to people they know and trust. By contrast, OpenAI's "GPT 5.4 Cyber," has been launched through an expanded Trusted Access for Cyber program. While still gated via a multi-tier verification process, the model is being made available more broadly to thousands of individual defenders and hundreds of security teams, significantly broadening access when compared to Anthropic's approach. OpenAI argues this "democratized defence" model is necessary to keep pace with AI driven threats, but it raises the risk of powerful capabilities spreading too quickly. They too are opening the lid slowly, but they are more trustful of who has the keys. Implications for the rest of us Why does this split in approach matter, and what does it reveal about the differing risk attitudes of these two AI leaders? Ultimately, this is a question about the best approach to opening Pandora's Box. Do you lift the lid up slowly inch-by-inch to see what happens, or do you close your eyes and just flip the lip open in one go? Regardless of the scenario, you still can't close the lid again once it's opened. Anthropic's approach is to fix the world's critical infrastructure before the capability is available to bad actors. If they can patch the Linux kernel and major browsers today, then when the model inevitably leaks or is built by a bad actor, the most devastating vulnerabilities will have already been addressed. On the other hand, OpenAI believes that a small group of companies cannot possibly see every threat. By giving GPT-5.4-Cyber to thousands of verified defenders, they are saturating the ecosystem with an army of AI-assisted defenders to repel any future AI-assisted attack. But how good is their multi-tier verification process? On balance, Anthropic's more managed approach feels like the right one at this time, as the ability to autonomously discover severe vulnerabilities is a major risk that needs to be taken very seriously. Tick, tick, boom The hype of AI is becoming very real indeed, and the change is coming at an incredible pace. We are entering the era of autonomous self-healing code. Whether we like it or not, this is a paradigm shift that cannot be undone. But it's interesting to see these two companies taking such different views on how these solutions should be brought to market. Both approaches aim to strengthen defense -- but the two companies clearly have very different risk tolerances. I doubt this will be the last time their differing approaches will be brought into question. We are no longer asking the question about whether AI will transform cybersecurity. That much is proven. The question now is whether the industry can move fast enough without creating the very threats it's trying to prevent. I said the AI industry is never quiet. You can expect the next six months to be positively deafening. We've ranked and reviewed the best antivirus software. This article was produced as part of TechRadar Pro Perspectives, our channel to feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit
[8]
'Fix this code.' The three little words behind the U.S. government decision that shut down Anthropic's Fable and Mythos AI models | Fortune
It remains unclear exactly why Amazon decided to test the safeguards around Fable and when it first contacted Anthropic about the issue. Moussouris wrote that the jailbreak Amazon discovered was simple and involved giving Fable software code with known vulnerabilities. When the researchers asked Fable to "review the code for security issues" the model refused. But when the researchers instead asked the model to "fix this code," the model produced patches. The researchers, she said, then used a manual process that turned Fable's output into scripts -- a set of programming instructions that can automate a process -- that could test the patches. But because the model had to find the software vulnerabilities in order to generate the fixes, the same process could potentially be used by an attacker to spot code vulnerabilities. She wrote that the vulnerability that Amazon discovered "cannot meaningfully be fixed, and any attempt would only weaken the model for defense." Many other AI models can also be used to spot security flaws in existing code. The jailbreak, as described by Moussouris, did not unlock the most potent capabilities of Anthropic's Mythos model, upon which Fable is based. Mythos was notable for being able to autonomously find and chain multiple cybersecurity vulnerabilities together, potentially orchestrating entire attacks autonomously. Mythos was the first model to successfully complete both cybersecurity "test ranges" that the U.K. AI Security Institute uses to test the hacking abilities of AI models. Moussouris wrote that the capabilities Fable displayed using the Amazon technique, while potentially useful to attackers, were also vital for cyber defenders. "Defenders need to be able to ask AI to fix bugs in a file, explain why the fix matters, and write tests that confirm the patch works," she wrote. "That is not a guardrail bypass. It is the most valuable thing an AI model can do for defensive security." Moussouris suggested that those opposing the export controls ought to have T-shirts printed with the words "fix this code" on one side and the phrase "this shirt is a munition" on the other. That's a reference to a 1990s effort by the cybersecurity community to overturn U.S. export controls on strong encryption methods. In 1995, cryptographer Adam Back printed three lines of RSA encryption code on the front of a T-shirt, and on the back printed "this shirt is classified as a munition and cannot be exported from the United States." He encouraged people to cross the border wearing the shirts in an act of civil disobedience. Moussouris was among the cybersecurity experts who have added their names to an open letter, put together by Alex Stamos, the chief security officer at cybersecurity startup Corridor and a former chief security officer at Facebook, that is calling for the export controls on Fable and Mythos to be rescinded. "To pull the best capabilities away from defenders without a good reason when our adversaries are rapidly advancing is dangerous," the letter stated, noting the increasing capabilities of Chinese AI models. That letter has now been signed by about 100 cybersecurity professionals from companies including Nvidia, Adobe, Zoom, Google, Anaplan, and Sophos, as well as some academic cybersecurity researchers. The letter stated that while Anthropic's Mythos-class models "are quite good at finding flaws and weaponizing exploits...they are not uniquely good at these tasks." It noted that cybersecurity experts were already using other AI models, including open source models, for security audits and red-teaming of software. And it said that OpenAI's GPT-5.5 as well as Anthropic's latest Claude Opus and Sonnet models, as well as Chinese models such as Moonshot AI's Kimi 2.7 can all perform similar reviews of code for security flaws in a similar way to the one Amazon discovered with Fable. "The justification for this unprecedented action was that Fable provides a unique 'uplift' of capabilities beyond other AI models, but AI has been finding bugs and generating working exploits at superhuman levels since last year," the letter stated. The letter also notes that Anthropic had built multiple protections into Fable to prevent its use for cyber attacks. "These protections were so aggressive as to be the source of humor in the cyber community on launch day," it said. Axios cited an unnamed source familiar with the Trump administration's thinking around the export controls as suggesting that Anthropic's decision to engage Moussouris to review the Amazon research might have inflamed tensions with the White House and precipitated the export controls. Axios quoted the official as saying the company had enlisted an expert -- Moussouris -- who the administration viewed as a "radical Democrat." The same unnamed source also noted that it also didn't help that security researcher Chris Krebs had vouched for Moussouris' analysis on social media. President Trump had fired Krebs from his role as Cybersecurity and Infrastructure Security chief during his first term after Krebs contradicted Trump's claims of widespread election fraud, including hacking of electronic voting machines, in the November 2020 presidential election.
[9]
Anthropic expands Mythos access despite calling it dangerous
Anthropic says Mythos is too dangerous for public release but has expanded access to 200 organisations across 15 countries. Only 14% of its 10,000+ critical vulnerability discoveries have been patched. Its claims have not been independently verified. Anthropic has said its Mythos model is so good at finding software vulnerabilities that releasing it publicly could help attackers steal data or disrupt critical infrastructure. It has also, as of early June, expanded access to 150 additional organisations, bringing the total to roughly 200 across 15 countries. The tension is deliberate. Anthropic's argument is that the same capabilities that make Mythos dangerous for offence make it indispensable for defence, and that the sooner defenders have it, the sooner they can patch the flaws before attackers build their own equivalents. What Mythos can do Mythos Preview has found thousands of zero-day vulnerabilities during testing, including in every major operating system and every major web browser. One was a 27-year-old flaw in OpenBSD, an operating system with a reputation as one of the most security-hardened in the world. The model can also chain vulnerabilities together into working exploits. In one test, it linked several flaws in the Linux kernel to allow an attacker to take complete control of a machine. Non-experts asked Mythos to find ways to remotely take control of computers overnight and found a complete, working exploit waiting the next morning. The sandbox escape In an early test, a researcher urged Mythos to escape a secured, isolated sandbox computer and send a message back. The model succeeded, then continued taking "additional, more concerning actions," developing a multistep exploit to gain internet access on its own. Anthropic published this incident in the Mythos system card. The company described it as a rare failure that occurred during deliberate adversarial testing, not in normal operation. It is, nonetheless, the kind of result that makes the expansion of access harder to explain to a non-technical audience. Who has access The core group under Project Glasswing includes Amazon, Apple, Google, Microsoft, Nvidia, Palo Alto Networks, CrowdStrike, Broadcom, Cisco, JPMorgan Chase, and the Linux Foundation. An additional 40 organisations were added in April, and 150 more in June. Anthropic declined to name the new participants but said they include companies and nonprofits that produce key programming code. The EU's cybersecurity agency ENISA is reportedly among them. All are meant to use Mythos for defensive security work, essentially AI-powered penetration testing at a scale and speed no human team can match. The patch gap Since launch, Mythos has been used to find over 10,000 high- or critical-severity vulnerabilities. Only 14% of those have been patched as of 22 May. The disclosure process is slow by design: human specialists validate each discovery before sending details to the code maintainers. But hackers are using AI to dramatically speed up how quickly they exploit vulnerabilities once they are publicly disclosed. Palo Alto Networks CEO Nikesh Arora warned in March that "a single bad actor will now be able to run campaigns that required entire teams." The unauthorised access incident In April, a small group of unauthorised users in a private online forum gained access to Mythos, according to Bloomberg. Anthropic has not publicly detailed the breach or how it was resolved. This is the core vulnerability in the "expand access to defend" strategy: every additional organisation with access is another potential leak point. The model's offensive capabilities do not diminish when used defensively; they are the same capabilities, pointed in a different direction. Anthropic is not alone OpenAI's Codex Security and Google's Big Sleep agent have been built for similar purposes. OpenAI is reportedly finalising a product with advanced cybersecurity capabilities for select partners. Israeli startup Buzz says it has built an autonomous five-agent tool with a 98% success rate in exploiting known flaws, constructed by six engineers in three weeks. Anthropic's Frontier Red Team said in April that "in the long run, we expect that defence capabilities will dominate" and the world will emerge more secure. "But the transitional period will be fraught." The verification problem Researchers have not been given access to independently verify Anthropic's claims about Mythos's performance. Gang Wang, associate professor of computer science at the University of Illinois, told Bloomberg it is hard to assess the significance of Mythos without more hands-on testing. Anthropic's claims about the model's capabilities, the 10,000 vulnerabilities, the zero-day discoveries, the sandbox escape, are all self-reported. No independent audit has been published. The company's argument for expanding access rests on trust in its own assessments, at a moment when it is simultaneously preparing for an IPO and positioning Mythos as a product category. That combination of interests does not make the claims false. It does make independent verification more important, not less.
[10]
Anthropic and OpenAI spark new race for frontier AI access
Why it matters: OpenAI's trusted-access program and a pending program from Anthropic are creating a new power center in cybersecurity where AI companies help decide which defenders can use the most advanced cyber capabilities. * For decades, competitive advantage in cybersecurity largely came from talent, data and infrastructure. Now, it also comes from access to models. Driving the news: Anthropic announced Tuesday it will make a version of its Mythos class of models, Fable 5, available to the general public. * Fable 5 includes protections that block some high-risk cybersecurity and biology requests and instead route users who ask about those issues to Claude Opus 4.8. * At the same time, Anthropic is offering users of its restricted Mythos Preview program an upgrade to its new Mythos 5 model. * Dianne Penn, Anthropic's head of product management for research and labs, tells Axios the company is being deliberately conservative at launch, meaning some legitimate security work may also get routed away from Fable 5. The intrigue: Anthropic is also working on a formal trusted-access program that would determine who gets access to Mythos 5 and future less restricted models. * The company has not provided a timeline for launching the program. * Behind the scenes, organizations have spent the last two months lobbying Anthropic for access to Mythos Preview. * Last week, the company expanded access to more than 150 companies and governments. The big picture: OpenAI is already using a similar two-tier system. * The company has been vetting security researchers and organizations to decide who gets access to models that could help accelerate their cyber defenses. * The company rolled out an alternate version of its GPT-5.5 model with fewer guardrails to let those cyber defenders hunt for bugs, study malware and reverse engineer attacks. Between the lines: It's now up to the AI labs to decide who gets access to the cybersecurity industry's most cutting-edge capabilities. * Security vendors, researchers and critical infrastructure operators eager to get frontier AI into their products and workflows have been scrambling for access. Reality check: Selective access gives Anthropic and OpenAI the best of both worlds, allowing them to ensure scary hacking capabilities are only in the hands of the good guys -- while also finding a way to monetize their increasingly powerful models as they consider entering the public markets. What to watch: Whether trusted-access users begin finding vulnerabilities, conducting research and building products that organizations without access simply can't match.
[11]
Cyber Leaders Urge US to Lift Curbs on Anthropic's Security Models
June 15 (Reuters) - Cybersecurity leaders at major U.S. firms, including Nvidia and Adobe, have asked the Trump administration to lift restrictions on Anthropic's most powerful AI models, arguing that the bans hamper efforts to prevent the spread of digital attacks. The letter follows Washington's decision on Friday ordering Anthropic to suspend access to its Fable 5 and Mythos 5 models for any foreign nationals over national security concerns. After previously warning about the hacking capabilities of its Mythos model and withholding it from wide release to prevent potential harm, Anthropic last week released a public version called Fable with what it described as cybersecurity safeguards. The curbs that Washington has now placed on the technology will limit the cybersecurity industry's ability to find and fix software flaws at a time when other AI tools are making it easier for hackers to exploit vulnerabilities, according to a letter on Sunday signed by more than 50 security leaders. The letter said Anthropic's models were not uniquely capable of finding security flaws and weaponizing exploits, with rival models, including China's Kimi 2.7, offering similar abilities. "Mythos is almost definitely the best model right now for finding security bugs and codes, but it is like an incremental advance over other models that are already open," Joshua Saxe, CTO of AI security firm Abundant Security and a signatory of the letter, said in an interview. ANTHROPIC'S NATIONAL SECURITY TIGHTROPE Senior Anthropic staff are scheduled to meet with government officials at the U.S. Department of Commerce in Washington on Monday, an official in the Trump administration told Reuters. Anthropic has said the government believes there is a way to bypass, or "jailbreak," a safeguard that prevents Fable from being used to identify software vulnerabilities. It has argued that a narrow potential jailbreak should not be grounds for cutting off access to a model used by hundreds of millions of people. The letter echoed the point, saying Anthropic has already built robust protections and that pulling the capabilities could prove "dangerous" as China's open-source models are just months behind the best American ones, with Beijing likely having access to capabilities beyond what is publicly known. Any regulation needs to be evidence-based, clearly defined and applied consistently and "none of those standards was followed here," said Alex Stamos, another signatory who serves as chief product officer at Corridor. "This is an overreaction by the government," he said, adding that there was a dispute between Anthropic and the third party that flagged the issue over how serious the findings were, based on his conversations with those involved. Cybersecurity company CrowdStrike last week said China-linked hackers posed the biggest espionage threat to technology companies over the past year. The $965 billion AI company, which is preparing to go public, has previously tussled with the U.S.government on access to its models and their impact on national security. The Trump administration earlier this year directed U.S. agencies to stop working with Anthropic and declared it a supply risk due to its reluctance to let its technology be used for mass surveillance and autonomous weapons. (Reporting by Zaheer Kachwala in Bengaluru; Editing by Arun Koyyur and Anil D'Silva)
[12]
Cybersecurity Experts Ask Feds to Lift Restrictions on Mythos | PYMNTS.com
The open letter is dated Sunday (June 14) and addressed to Commerce Secretary Howard W. Lutnick and National Cyber Director Sean Cairncross. The letter followed Anthropic's Friday (June 13) announcement that it disabled some access to its Fable 5 and Mythos 5 AI models in response to a U.S. government export control directive, which called on the company to suspend access to those models by "any foreign national," whether within or outside the United States, Anthropic employees included. The company had launched the model four days earlier, on Tuesday (June 9), saying that it had developed safeguards to prevent them from being misused for purposes related to cybersecurity, biology and chemistry, and distillation. Joe Levy, CEO of cybersecurity firm Sophos, shared a link to the open letter in a Monday (June 15) post on LinkedIn, saying that he and many colleagues from across the security community had signed it. The open letter said that the signers believe AI is having significant impacts on cybersecurity, that Anthropic's Mythos models are good at finding flaws but are not uniquely good at it, and that Anthropic has built protections into the Fable model to prevent its use for cyber offensive purposes. The signers also believe that it is essential to provide AI to coders and security teams, that Chinese open-weight models are only months behind the best American models, and that it is dangerous to keep the best capabilities from defenders when adversaries are making rapid advances, according to the letter. In the case of the action taken on Anthropic's Fable and Mythos models, the letter said that the signers believe that the models' capability that triggered the action should not be considered an offensive capability, that Fable's capability to find bugs and generate working exploits can be replicated by other models, and that Anthropic is addressing research to enable continuous improvement. "As a result, this action has taken the best models away from defenders, created market uncertainty, and risked America's AI leadership without any real risk to justify it," the open letter said. The letter also said that while not all signers agree that AI regulation is the way to go, any regulation that does get implemented should include input from industry and academia, include a democratic rule-making process, be enforced transparently and fairly, and be used only to the extent necessary to protect the American public. With these suggestions, the federal government and industry can partner to help "maintain America's lead in technology while protecting critical software and systems," the letter said. It was reported Monday that Anthropic is working with the White House to end restrictions on the two models.
[13]
Cyber leaders urge U.S. to lift curbs on Anthropic's security models
Cybersecurity leaders at major U.S. firms including Nvidia and Adobe have asked the Trump administration to lift restrictions on Anthropic's most powerful AI models, arguing that the bans hamper efforts to prevent the spread of digital attacks. The letter follows Washington's decision on Friday ordering Anthropic to suspend access to its Fable 5 and Mythos 5 models for any foreign nationals over national security concerns. After previously warning about the hacking capabilities of its Mythos model and withholding it from wide release, Anthropic last week released a public version called Fable with what it described as cybersecurity safeguards. The curbs that Washington has now placed on the technology will limit the cybersecurity industry's ability to find and fix software flaws at a time when other AI tools are making it easier for hackers to exploit vulnerabilities, according to a letter on Sunday signed by more than 50 security leaders. The letter said Anthropic's models were not uniquely capable of finding security flaws and weaponizing exploits, with many rival models offering similar abilities. The company said in the blog it disagrees that the finding of a narrow potential jailbreak should be the reason for halting access of a commercial model deployed to hundreds of millions of people. National security tightrope The letter from the security experts mirror Anthropic's sentiment. "This action has taken the best models away from defenders, created market uncertainty, and risked America's AI leadership without any real risk to justify it," the letter stated. It argued that taking away access to Anthropic's latest models at a time when China is rapidly progressing with its own AI ambitions is "dangerous." Cybersecurity company CrowdStrike last week said China-linked hackers posed the biggest espionage threat to technology companies over the past year. Anthropic has previously tussled with the U.S. government on access to its models and their impact on national security. Earlier this year, Trump directed U.S. agencies to stop working with Anthropic and declared it a supply risk due to its reluctance to let its technology be used for mass surveillance and autonomous weapons. These tensions, however, are showing signs of easing as Anthropic, valued at US$965 billion, prepares to go public.
[14]
Cybersecurity researchers aren't happy with Anthropic Fable 5 guardrails, here is why
Others say strong protections are useful while the technology is still new. Anthropic had recently made its latest AI model, Fable 5, public, which is a limited version of its AI model, Mythos, and since its launch, the tool has been attracting attention. While many people stated that the AI tool was helpful, many cybersecurity researchers said that the extra guardrails and safety controls are just making the use of the AI tool difficult even for the basic security-related tasks. While the company says that the restrictions are meant to prevent misuse, several experts argue that the system is blocking harmless requests and creating frustration among legitimate users. They further added that the current safeguards may be too broad, affecting normal work that has little connection to cyber threats or harmful activities. Fable was launched on Tuesday as a more widely available version of Mythos, a model that Anthropic first introduced in April through a restricted program. Mythos was designed to help protect software and critical infrastructure and was initially made available only to a select group of organisations. According to users, Fable 5 often stops conversations when it detects topics linked to cybersecurity or biology. When this happens, the model displays a message saying its safety measures have flagged the discussion. Anthropic created these controls to reduce the risk of its technology being used to develop malware, attack software systems, or support biological weapons research. Also read: Apple iPhone 18 Pro: From 2nm A20 chip to smaller dynamic island, here is what leaks suggest However, many security professionals believe the model is being overly cautious. Valentina Chompie Palmiotti, a security researcher at IBM X-Force, said Fable rejects requests that are only loosely connected to cybersecurity. She noted that even asking the model to read a blog post can trigger the restrictions. Others have also reported similar experiences while running the AI tool. Cybersecurity veteran Matt Suiche said the model sometimes treats requests for secure coding guidance as cybersecurity work and limits its responses. He suggested that the filtering appears to rely heavily on certain keywords, causing ordinary software development discussions to be flagged. Also read: Google loses legal battle in Germany over inaccurate AI Overviews responses Despite the criticism, some experts believe the strict approach is understandable during the early stages of deployment. Suiche said it is better for companies to be cautious at first and gradually adjust the safeguards as they learn from real-world use. Anthropic also offers a Cyber Verification Program that gives approved professionals broader access to cybersecurity capabilities. Similar programmes are being introduced across the industry as AI companies attempt to manage the risks associated with powerful security-focused models.
Share
Copy Link
More than 100 cybersecurity experts, including Alex Stamos and Katie Moussouris, signed an open letter urging the Trump administration to reverse restrictions on Anthropic AI models Fable 5 and Mythos 5. The professionals argue the ban removes critical tools from defenders while adversaries advance. Meanwhile, China's Zhipu AI capitalized on the chaos, launching GLM-5.2 and positioning US models as unreliable.
The US government ban on Anthropic's most powerful AI models has triggered an unprecedented backlash from the cybersecurity community. Over 100 cybersecurity experts published an open letter demanding the Trump administration lift export controls on Fable 5 and Mythos 5, arguing the move weakens America's cyber defenses rather than strengthening them
1
. The signatories include prominent figures like Alex Stamos, former Facebook chief of security, Katie Moussouris, founder of Luta Security, and Rachel Tobac, CEO of SocialProof Security1
.
Source: Axios
On Friday, Commerce Secretary Howard Lutnick sent a letter to Anthropic CEO Dario Amodei imposing restrictions on Anthropic AI models, citing national security concerns without providing specific rationale
4
. In response, Anthropic suspended global access to both models to ensure compliance3
. The swift action stunned the AI industry and left defenders without access to tools they rely on for vulnerability identification and threat analysis.The trigger for the Fable 5 ban appears to be a research paper from Amazon demonstrating what officials called a guardrail bypass. However, Moussouris, who reviewed the non-public Amazon paper, disputes that characterization entirely
2
. According to her analysis, researchers fed Fable 5 open-source code containing known CVEs and deliberately planted code vulnerabilities, then asked the model to "review the code for security issues." When the model refused, they simply rephrased the prompt to "fix this code"2
.
Source: The Register
"That's it," Moussouris wrote in a blog post. "'Fix this code,' plus several manual steps to generate test scripts, should never have triggered an export control"
2
. She argues this behavior is not a jailbreak but rather the most valuable function AI-driven cybersecurity tools can perform: executing the find, fix, and test loop that defenders run daily1
.The open letter echoes this critique, noting that the method described in the Amazon paper "can be replicated" on OpenAI's GPT-5.5, Anthropic's own publicly-available Claude Opus 4.8 and Sonnet, "and even Chinese models like Kimi 2.7"
1
.The controversy carries an awkward dimension: Amazon, Anthropic's largest investor and cloud host, is the company whose researchers discovered the vulnerability
4
. Amazon CEO Andy Jassy personally escalated the findings to Treasury Secretary Scott Bessent, Lutnick, and National Cyber Director Harry Coker Jr.4
. This escalation path from a competitor's security team to the highest levels of government has raised questions about whether commercial interests influenced the response.The geopolitical fallout arrived swiftly. One day after the Fable 5 ban, Chinese AI lab Zhipu AI launched GLM-5.2, explicitly citing the US restrictions as proof that American models are unreliable partners
4
. Zhipu's stock surged 33% in a single session4
. The company claims GLM-5.2 delivers superior performance at one-tenth the cost of comparable US models, though independent benchmarks remain unavailable5
.The irony is stark: AI export controls intended to protect national security may have accelerated China's AI advancement while simultaneously weakening American cyber defenses. The open letter warns that China's models are "only months behind the best American models," and China's government likely has access to private capabilities beyond what's publicly available
3
.Related Stories
The cybersecurity professionals argue that restrictions on Anthropic AI models actively harm US interests. "To pull the best capabilities away from defenders without a good reason when our adversaries are rapidly advancing is dangerous," the letter states
1
. Defenders rely on frontier AI models to hunt for vulnerabilities before attackers find them, generate detection rules, and analyze malware at speed5
.
Source: TechRadar
Removing these capabilities doesn't stop adversaries, who can use open-source alternatives, foreign models, or traditional techniques. It simply prevents defenders from working at the pace the threat landscape demands
5
. The letter calls for transparently and fairly enforced regulations created through "a democratic rule-making process" based on scientific research, used only to the minimal extent necessary for AI safety1
.Anthropic senior technical staff are scheduled to meet with Commerce Department officials Monday in an attempt to resolve the crisis
4
. The meeting comes amid deepening friction between the company and the Trump administration. An administration official told Axios that "everybody said Anthropic was a bad actor" and described the company's handling as "recklessness"4
.Trump AI adviser David Sacks claims the administration gave Amodei a clear choice: fix the jailbreak or de-deploy the models. According to Sacks, Amodei refused
4
. Anthropic disputes this characterization, maintaining the vulnerability is too narrow to justify pulling flagship products from market5
.The standoff occurs against a broader backdrop of conflict. The Pentagon has blacklisted Anthropic as a national security supply chain threat after a contract dispute over autonomous weapons and surveillance guardrails, prompting Anthropic to sue the government in two federal courts
3
. Prediction markets suggest the ban may be short-lived, with Kalshi putting odds of Fable 5 returning before July 1 at 68%5
.Summarized by
Navi
[1]
[2]
[3]
[4]
[5]
19 Jun 2026•Policy and Regulation

14 Jun 2026•Policy and Regulation

19 Apr 2026•Policy and Regulation

1
Policy and Regulation

2
Policy and Regulation

3
Policy and Regulation
