A coalition of cybersecurity professionals, including several of the industry’s most respected figures, has published an open letter urging the U.S. government to reverse its export restrictions on Anthropic’s Fable and Mythos artificial intelligence models.
The group argues that the decision effectively removes some of the most capable AI-powered cybersecurity tools from the hands of security researchers and defenders, limiting their ability to identify software vulnerabilities and strengthen digital infrastructure against growing cyber threats.
According to the letter, the restrictions have deprived cybersecurity professionals of technologies that could significantly improve defensive capabilities at a time when malicious actors continue to advance their own techniques.
“To pull the best capabilities away from defenders without a good reason when our adversaries are rapidly advancing is dangerous,” the letter states.
The controversy began on Friday when the U.S. government instructed Anthropic to restrict the export of its Fable and Mythos models, citing national security concerns. Anthropic said authorities did not publicly provide detailed explanations for the decision. In response, the company suspended access to the models for users around the world while it assessed the implications of the order.
At the time of publication, the open letter had been signed by 76 cybersecurity experts. Among them are several prominent figures in the field, including former Facebook Chief Security Officer Alex Stamos, Bugcrowd founder Casey Ellis, renowned cryptographer Jon Callas, computer scientist Paul Vixie, former Block security executive Dino Dai Zovi, Luta Security founder Katie Moussouris, and SocialProof Security CEO Rachel Tobac.
When Anthropic first introduced Mythos as a preview model in April, the company described it as exceptionally capable at identifying software vulnerabilities and security weaknesses. Because of those capabilities, Anthropic initially restricted access to a small group of organizations, citing concerns that malicious hackers or foreign adversaries could potentially misuse the technology.
At launch, access was limited to approximately 50 organizations. Anthropic later expanded the program to roughly 150 companies and institutions spread across 15 countries.
The company followed that release with Fable, a public-facing version of the technology that incorporated extensive safeguards designed to prevent misuse in sensitive areas such as cybersecurity, biology, and chemistry. Anthropic also implemented protections intended to stop users from extracting knowledge from the model to recreate its underlying capabilities.
However, many cybersecurity researchers argued that those restrictions were so stringent that Fable frequently refused to engage with legitimate security-related requests altogether, reducing its usefulness for defensive applications.
Anthropic later suggested that the White House export-control decision may have been influenced by reports claiming researchers had discovered a method to bypass, or “jailbreak,” Fable’s safeguards and unlock capabilities comparable to those available in Mythos.
According to Katie Moussouris, one of the signatories of the letter, the alleged bypass technique was documented in an unpublished research paper authored by Amazon researchers. Although the paper has not been publicly released, Moussouris said she reviewed its findings.
In a separate blog post, Moussouris argued that the research did not demonstrate a genuine jailbreak. Instead, she explained that the researchers asked Fable to repair open-source code containing publicly known vulnerabilities as well as intentionally inserted flaws after the model initially declined to conduct a direct security review.
“The behavior described in the paper cannot meaningfully be fixed, and any attempt would only weaken the model for defense,” Moussouris wrote. “Defenders need to be able to ask AI to fix the bugs in a file, explain why the fix matters, and write tests that confirm the patch works. That is not a guardrail bypass. It is the most valuable thing an AI model can do for defensive security: executing the find, fix, and test loop defenders run every day.”
The open letter echoes that criticism and argues that the capabilities highlighted in the Amazon research are not unique to Anthropic’s restricted models. According to the signatories, similar outcomes can reportedly be achieved using other advanced AI systems, including OpenAI’s GPT-5.5, Anthropic’s publicly available Claude Opus 4.8 and Sonnet models, and even certain Chinese-developed models such as Kimi 2.7.
Moussouris further explained that the vulnerabilities used to demonstrate the techniques described in the research paper can already be identified by multiple competing AI models. She acknowledged that the method could technically be described as a guardrail bypass, but emphasized that many alternative models do not require such workarounds because they already respond to legitimate security-analysis requests.
“The bugs used to demonstrate the techniques in the paper can be found using the other models,” Moussouris told TechCrunch. “The method in the paper is a guardrail bypass technique. Other models that lack the Fable guardrails often won’t refuse the straightforward request to look for security bugs, so they don’t need a bypass.”
Beyond calling for the restoration of access to Fable and Mythos, the signatories are also urging policymakers to adopt a more transparent regulatory framework for advanced AI technologies. The letter advocates for rules that are developed through an open democratic process, informed by independent scientific research, and guided by contributions from both academic and industry experts.
The group argues that any restrictions on AI systems should be narrowly tailored and implemented only when necessary to protect public safety, while ensuring that researchers and defenders retain access to tools that can strengthen cybersecurity and help defend critical digital infrastructure.