The controversy surrounding the Trump administration's order to Anthropic to disable its new Claude Fable 5 and Mythos 5 models has become the new focus of tension between Washington and the cybersecurity community. A group of sector veterans assures that this decision not only does not improve national security but also leaves defenders with fewer tools than attackers.

What really happened to Anthropic and the Fable 5 and Mythos 5 models

It all starts when the United States government orders Anthropic to limit the export of its Fable and Mythos models, citing national security reasons without publicly explaining the specific reasons behind the measure according to the company itself. Given this order, Anthropic decides to go further and suspends access to both models for all users worldwide, which in practice amounts to a total blackout of its most powerful systems.

The response from the cybersecurity community does not take long. Dozens of experts, many of them well-known names in the industry, sign an open letter asking the government to withdraw that export control order on Fable and Mythos. The letter already has 76 signatures, including figures such as Alex Stamos, former head of security at Facebook, Casey Ellis, founder of Bugcrowd, and Katie Moussouris, head of Luta Security.

These specialists argue that the decision has taken the best available models off the board for defenders who are now unable to use these tools to find vulnerabilities and harden their systems and products. In the letter they go so far as to describe the measure as dangerous because it is taken at a time when the adversaries are advancing quickly and without the government having given a solid and transparent reason.

Why the ban on Fable 5 and Mythos 5 worries defenders so much

To understand anger you have to first look at Mythos. When Anthropic released this model in preview they explained that it was so powerful at detecting vulnerabilities that they had to restrict it very strictly to prevent malicious hackers or foreign actors from using it to wreak havoc on the internet. That translated into super limited access initially only to about 50 companies and later to about 150 organizations in 15 countries always under control.

Then came Fable, a public version of Mythos designed with especially aggressive gatekeepers that blocked its use in sensitive areas such as chemical biology and cybersecurity, as well as preventing third parties from distilling the model to recreate it. The restrictions were so harsh that many security experts complained that Fable practically rejected any prompts related to cybersecurity, making it useless for defensive tasks.

The government makes its decision after a method was supposedly discovered to bypass those Fable guardians and unlock Mythos-level capabilities, Anthropic explained, noting that the origin could be in a report that reached the White House. According to Katie Moussouris, the method was described in a paper by Amazon researchers that is not public but that she has been able to read.

Here comes the twist that outrages many in cybersecurity. Moussouris maintains that this paper does not actually demonstrate a classic jailbreak. What the researchers did was ask Fable to fix open source with known vulnerabilities and other vulnerabilities introduced on purpose after the model initially refused to review the code for security issues. In other words, they used the model for something totally necessary in defense: review code with bugs and propose patches.

Moussouris argues that the behavior described in the paper cannot be corrected significantly without degrading the value of the model for defense. Remember that defenders need to be able to ask AI to find bugs in a file, explain why the fix is ​​important, and write tests that validate the patch—that's the find-fix-and-test cycle that runs daily on any security team. From their point of view, confusing this with a security vulnerability of the model is a basic error.

The real debate on national security powerful models and smart regulations

The open letter from cybersecurity experts goes beyond the specific case of Anthropic and puts its finger on an incipient wound in the advanced AI ecosystem. The signatories point out that the capabilities described in the Amazon paper can be replicated not only in Fable or Mythos but also in other models such as GPT 5 point 5 from OpenAI, the Claude Opus 4 point 8 and Sonnet models from Anthropic itself and even Chinese models such as Kimi 2 point 7. The underlying idea is clear, although blocking Fable and Mythos, attackers still have equally capable alternatives.

Moussouris adds that the bugs used to demonstrate the paper's techniques can also be found with other models that don't have the same strict gatekeepers as Fable. In those cases you don't even need a bypass trick because the model doesn't refuse to check the code for vulnerabilities. Hence, many see the government's measure as a disproportionate blow to defenders while attackers can continue to operate with equivalent tools.

The letter calls for regulations that are transparent and fairly applied, designed through a democratic process and based on scientific evidence produced by industry and academia. It also calls for controls to be used only to the minimum extent necessary to protect the population. It is not about denying that there are risks in such powerful models but rather about avoiding reactive responses that end up doing more damage to the defense than to the attack.

Beyond the signatures and well-known names, what underlies is a clash of approaches. On the one hand, a government that fears that models like Mythos will become digital weapons in the hands of hostile actors. On the other hand, a cybersecurity community that insists that removing advanced tools from defenders does not stop attackers only tipping the balance in their favor. It is not a simple dilemma of prohibit or allow, it is a discussion about how to design fine policies that understand how AI is really used in the day-to-day security.