Cybersecurity vets protest 'dangerous' US government ban on Anthropic's most powerful models

US Government's AI Export Ban on Anthropic's Fable and Mythos Models Sparks Outcry from Cybersecurity Experts

In a move that has sent ripples across the artificial intelligence and cybersecurity communities, the US government has issued a significant export control directive, effectively banning foreign nationals from accessing Anthropic's latest and most powerful AI models: Fable 5 and Mythos 5. This unprecedented decision, citing national security concerns, has prompted Anthropic to disable global access to both models, leading to strong protests from dozens of cybersecurity experts who argue the ban is "dangerous" and hinders their ability to defend against evolving cyber threats.

The Models at the Center of the Controversy: Fable 5 and Mythos 5

Anthropic, a leading AI research company, recently introduced its "Mythos-class" models, Fable 5 and Mythos 5, as its most capable to date, surpassing even their highly regarded Claude Opus series. These models demonstrate exceptional performance across various domains, including software engineering, knowledge work, vision, and scientific research. However, their most striking capabilities lie in cybersecurity.

Claude Mythos 5 is heralded as possessing "the strongest cybersecurity capabilities of any model in the world." In pre-release testing, Mythos demonstrated an ability to autonomously identify thousands of previously unknown zero-day vulnerabilities across major operating systems and web browsers. It could even reproduce these vulnerabilities and develop working exploits on the first attempt in over 83% of cases. One documented instance saw it uncover a 27-year-old vulnerability in OpenBSD, an operating system known for its robust security. This level of AI-powered vulnerability discovery represents a significant breakthrough, transforming how security leaders approach risk.

Fable 5 is essentially the same powerful underlying model as Mythos 5 but was designed for general use with additional safeguards, particularly in high-risk areas like cybersecurity and biology. Anthropic launched Fable 5 for general availability shortly before the ban, with Mythos 5 initially deployed through a restricted program called Project Glasswing, in collaboration with the US government and select partners.

For developers and enterprises, access to Fable 5 was available via the Claude API, priced at $10 per million input tokens and $50 per million output tokens.

The US Government's Directive and Anthropic's Compliance

On June 12, 2026, the US government, under the Trump administration, through the Commerce Department's Bureau of Industry and Security, issued an export control directive. This directive explicitly ordered Anthropic to suspend all access to Fable 5 and Mythos 5 for any foreign national, regardless of their location (inside or outside the US) or their employment status, including Anthropic's own foreign national employees.

The primary justification for this ban was "national security concerns." The government's understanding was that a method, often referred to as "jailbreaking," could bypass Fable 5's safeguards, allowing it to be used for identifying software vulnerabilities and potentially facilitating cyberattacks. Reports suggest that Amazon CEO Andy Jassy conveyed concerns to administration officials after internal Amazon researchers reportedly circumvented some of Fable 5's anti-hacking guardrails.

In response, Anthropic "abruptly disabled" access to both Fable 5 and Mythos 5 for all customers globally. The company stated that it had no other choice, as it could not reliably screen users based on nationality. While complying, Anthropic expressed its disagreement, calling the situation a "misunderstanding." The company argued that the government had provided only "verbal evidence of a potential narrow, non-universal jailbreak" and that applying such a standard across the industry would essentially halt all new model deployments for frontier AI providers.

Cybersecurity Experts Protest the Ban

The government's directive and Anthropic's subsequent actions immediately drew sharp criticism from the cybersecurity community. A group of over 50 prominent cybersecurity experts, including CEOs, Chief Information Security Officers (CISOs), venture capitalists, and leading security researchers, signed an open letter to Commerce Secretary Howard Lutnick and National Cyber Director Sean Cairncross.

Their letter unequivocally labels the ban as "dangerous" and "counterproductive" for the defensive capabilities of the United States and its allies. The experts argue that restricting access to these advanced AI models severely limits the ability of cybersecurity defenders to secure software, critical infrastructure, and digital products. They highlight that Anthropic's models are crucial "frontier tools for analyzing malicious code, generating automated countermeasures, and simulating complex cyberattacks."

Furthermore, the cybersecurity professionals contend that the capabilities in question are not unique to Anthropic's models. They point out that similar abilities for finding flaws exist in other publicly available models, including OpenAI's GPT-5.5, Anthropic's own Claude Opus and Sonnet, and even models from Chinese developers like Kimi 2.7. They also dismissed the alleged jailbreak as concerning "relatively simple, previously known, minor vulnerabilities," which other models could discover without needing a bypass.

The experts fear that by removing these powerful tools from defenders, the US government risks ceding a critical advantage to adversaries. They warned that "while our adversaries are developing rapidly, it is dangerous to unjustifiably strip defenders of the best capabilities." The letter also raised concerns that China's advanced AI models are "only months behind the best American models," implying that the ban could jeopardize America's leadership in AI innovation.

Instead of an outright ban, the signatories advocate for a more nuanced and flexible control regime that focuses on the end-use of the technology. They propose that AI for cyber defense should be treated as a priority exception, akin to other critical dual-use products.

Broader Implications and Precedent

This incident represents a significant escalation in the US government's efforts to control access to advanced AI technology. It marks the first known instance where the US government has used export controls to restrict access to commercially available AI models themselves, rather than focusing solely on the underlying hardware like semiconductor chips or development tools. This sets a new precedent for how frontier AI models might be governed and regulated in the future, raising complex questions about the nature of "export" when dealing with continuously available API-driven services.

The ban has also ignited concerns globally, particularly in Europe and other allied nations, about the implications for sovereign AI initiatives and potential over-reliance on US AI infrastructure. Critics worry that governments outside the US could see critical systems powered by AI models disrupted by foreign policy decisions.

Adding another layer of complexity, this directive comes amid an ongoing dispute between Anthropic and the Trump administration. Earlier this year, Anthropic was reportedly placed on a supply chain blacklist after refusing to allow the US military to use its AI models for domestic surveillance and fully autonomous weapon systems. This latest action further intensifies the tensions surrounding the governance and deployment of cutting-edge AI capabilities.

The debate underscores a fundamental paradox in managing dual-use technologies: how to prevent powerful AI from falling into the wrong hands for offensive purposes, while simultaneously ensuring that defenders have access to the same tools to protect against those very threats. The cybersecurity community is calling for transparency, consistency, and a clear, rules-based process for assessing AI risks to avoid stifling innovation and undermining defensive capabilities.

Frequently Asked Questions

What are Anthropic's Fable 5 and Mythos 5 models?

Fable 5 and Mythos 5 are Anthropic's most advanced AI models, surpassing their Claude Opus series in capability. Mythos 5 is particularly renowned for its exceptional cybersecurity capabilities, able to autonomously find and exploit zero-day vulnerabilities. Fable 5 is a general-use version of Mythos 5 with additional safeguards.

Why did the US government ban access to these models?

The US government issued an export control directive citing national security concerns. They believe a method exists to bypass Fable 5's safeguards, allowing it to be misused for identifying software vulnerabilities, which could facilitate cyberattacks.

How did Anthropic respond to the ban?

Anthropic complied with the directive by "abruptly disabling" access to both Fable 5 and Mythos 5 for all users globally, stating they could not reliably screen users by nationality. They expressed disagreement with the decision, suggesting it was based on a "narrow, non-universal jailbreak" and would set a problematic precedent for the AI industry.

What are cybersecurity experts saying about the ban?

Dozens of cybersecurity experts have publicly protested the ban, calling it "dangerous" and "counterproductive." They argue it limits the ability of defenders to secure software, potentially giving an advantage to adversaries, and that similar vulnerability-finding capabilities exist in other AI models.