A growing list of more than 100 cyber industry leaders and experts issued an open letter calling for the United States government to lift its export control directive that led to the suspension of Anthropic’s Claude Fable 5 and Mythos 5 late last week.Claude Fable 5 launched last Tuesday and was said to have the same capabilities as Anthropic’s Mythos models but with safeguards designed to prevent cyber misuse, making it suitable for release to the public. Mythos 5 was launched the same day as a more powerful version of Mythos Preview, a cyber-capable model only made available to the approximate 200 members of Project Glasswing.Anthropic announced Friday that the U.S. government had issued an export control directive requiring Anthropic to block access to Fable 5 and Mythos 5 to foreign nationals, regardless of their location. In response, Anthropic blocked access to Fable 5 and Mythos 5 for all customers, saying this was necessary to ensure compliance.The government said its export control directive was issued due to national security concerns and claimed a jailbreak was available for Fable that included asking the model to read a codebase and fix software flaws, according to Anthropic’s statement.Anthropic described this as a “narrow, non-universal jailbreak” and argued that no universal jailbreaks are available, that the capabilities the jailbreak would provide are already available in other models like OpenAI’s GPT-5.5 and that restricting access would be detrimental to defenders and AI innovation.“This suspension weakens defenses. Restricting access to advanced AI does not reduce cyber risk. It creates a massive imbalance at the worst possible time,” Nozomi Networks CEO Edgard Capdevielle told SC Media in an email. “We must assume that our adversaries already have access to, and are weaponizing, frontier models, or prior ones that are almost as powerful. And while defenders are bound by policy, attackers are not.”A group of cybersecurity leaders, headed by Alex Stamos, former Facebook CSO and current chief product officer at Corridor, issued an open letter titled “On Transparent AI Cyber Protections” to U.S. Secretary of Commerce Howard Lutnick and National Cyber Director Sean Cairncross on Sunday, asking them to lift the export control directive on Fable 5 and Mythos 5.The letter, hosted at “freefable.org,” argues that Mythos-class models are “quite good” but “not uniquely good” at finding and exploiting cybersecurity vulnerabilities. It stated that the jailbreak that triggered the government’s response only enabled secure code review, which the signatories say should not be considered an offensive capability, and that similar capabilities were available using GPT-5.5, Anthropic’s Opus and Sonnet models, and the open-source Chinese model Kimi 2.7 by Moonshot.“It is essential to provide AI to coders and security teams so they can find and fix flaws in their own newly written as well as decades of legacy code faster than our adversaries,” the letter stated. “The Chinese open-weight models are only months behind the best American models, and those are the models we know about. It seems likely that the PRC government has access to private capabilities beyond what has been published.”The letter also noted Fable’s “aggressive” protections and calls for the government to instead impose AI regulations based on scientific evidence, a democratic process, and fair and transparent enforcement, with restrictions used “to the minimal extent necessary to ensure the safety of the American public.”As of this writing, the letter has 126 signatures from cyber industries voices, including at least 26 current and former CISO and CSOs, 21 CEOs, and dozens of other founders, executives, researchers, engineers, AI experts and other stakeholders.Some notable signatories include Sophos CEO Joe Levy, CISO Ross McKerchar and CTO John Peterson, Socket CEO Feross Aboukhadijeh and CISO Andrew Becherer, VulnCheck CEO Anthony Bettini, Veracode Co-founder Chris Wysopal, Zoom CISO Sandra McLeod, Adobe VP of Product & Software Security Bryan Payne, Google Principal Engineer and OSS-Fuzz Founder Abhishek Arya, and former National Security Agency Chief Responsible AI Officer Vinh Nguyen.“Balancing innovation, access, and security in frontier AI models involves difficult tradeoffs. Defenders need the best available tools to find and fix vulnerabilities and software flaws faster than attackers can exploit them. The most capable models are essential to that work,” Levy wrote in a separate statement on LinkedIn.Security veteran Davi Ottenheimer, who opposed the government’s expert control directive, criticized some of the letter’s signatories on his blog for downplaying Mythos’ cyber offensive capabilities while previous framing them as a threat. Zack Korman, cofounder of AI security startup Embroidery, also criticized the letter, saying its statements “contradict each other” and noting that Mythos’ cyber capabilities would still remain inaccessible to most defenders due to Project Glasswing’s exclusivity.
AI/ML, Government security
100-plus cyber leaders, experts urge feds not to block Fable access
(Credit: Rafael Henrique – stock.adobe.com)
An In-Depth Guide to AI
Get essential knowledge and practical strategies to use AI to better your security program.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds