CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership Jun 17, 2026

Security Community Slams US Ban on Exporting Mythos, Fable

Dark Reading Archived Jun 17, 2026 ✓ Full text saved

An open letter signed by dozens of security experts asked the government to reverse export restrictions on Anthropic's Claude Fable 5 and Mythos 5 models.

Full text archived locally
✦ AI Summary · Claude Sonnet


    VULNERABILITIES & THREATS СLOUD SECURITY APPLICATION SECURITY CYBERSECURITY OPERATIONS NEWS Security Community Slams US Ban on Exporting Mythos, Fable An open letter signed by dozens of security experts asked the government to reverse export restrictions on Anthropic's Claude Fable 5 and Mythos 5 models. Alexander Culafi,Senior News Writer,Dark Reading June 16, 2026 6 Min Read SOURCE: TAKENOBU VIA GETTY IMAGES The security community criticized the US government's decision to restrict Anthropic Claude Mythos and Fable use to foreign nationals, and many have asked the government to reverse course. Following last week's launch of Anthropic's highly anticipated Fable 5 and Mythos 5 models, the company suspended use of the models for all customers on June 12. This was a direct response to the US government issuing an export control order preventing access to all foreign nationals from using the large language models (LLMs), including those that work for Anthropic themselves. The suspension of the models was to ensure compliance with the order.  In a statement, Anthropic said the government had national security concerns with the frontier models; Mythos in particular is said to be capable of discovering critical vulnerabilities and developing novel critical exploits in software. Security experts have warned that Mythos, and models like it, will change the vulnerability remediation landscape, and organizations must become "Mythos-ready" for the threat actors that will attempt to abuse the LLM. Related:HTTP/2 Bomb Attacks Put Telcos, Healthcare Orgs at Risk Anthropic previously said Mythos would remain exclusive to a select group of partners, and consumer-grade Fable has stringent guardrails the AI vendor believes will prevent abuse at scale. For example, when consumers make requests to Fable for assistance with certain topics like cybersecurity and biology, Fable will pull in Claude Opus 4.8, the previous model, to output a response instead.  The government has not stated a specific reason for the export control, though Anthropic believes it's due to a supposed jailbreaking technique. "We have not even received a disclosure of a concerning non-universal potential jailbreak that led to a harmful result," Anthropic said in its statement. "The potential jailbreaks that have been disclosed to us are either entirely benign responses or are minor findings that provide no Mythos-specific uplift." What's the Point? Semafor reported that the export control was the result of the White House suspecting a China-linked threat group had accessed the model, although Anthropic officially prohibits access to its products from China.  David Sacks, an adviser to US President Donald Trump, said in a post on X that a "highly credible trusted partner of both Anthropic and the [US government]" reported the jailbreak, and claimed Anthropic CEO Dario Amodei declined to fix the jailbreak when asked to. Sacks said the export control was issued "reluctantly." "The Admin's hope now is that Anthropic remediates the safety issue, the export control is lifted, and Fable goes back into general release," Sacks wrote. "The Admin wants all of this to happen as soon as possible. It is frankly bewildered that Anthropic hasn't wanted to comply with safety requests that it previously said were its highest priority." Related:ShinyHunters Uses Oracle Zero-Day to Rampage Higher Ed The US government's ruling is questionable for a number of reasons, but assuming its main motivation is to prevent adversaries and cybercriminals from getting their hands on Mythos, it's hard to see how this ruling will stop them. Ram Varadarajan, CEO at security vendor Acalvio, tells Dark Reading that one shouldn't assume Anthropic is the only entity with access to Mythos-level technology. "Geopolitical adversaries can, and should, be expected to have significant undeclared capabilities," he says. Similarly, John Strand, owner at penetration testing firm Black Hills Information Security, says the government's actions change "very little, if anything at all," for adversaries. “What a lot of people fail to understand is that Mythos-level capabilities are not limited to a small number of US companies like Anthropic, OpenAI, or Google," he tells Dark Reading. "These kinds of capabilities are being developed across multiple countries and across many different models." Related:Claude Fable 5 Doesn't Change the Mythos Security Story Noelle Murata, chief operating officer of penetration testing and incident response firm Xcape, says export restrictions on Mythos and Fable likely offer "little more than a speed bump" for nation-state and financially motivated attackers. "With unauthorized access reported as early as launch day, the directive appears to be a reactive measure against a China-linked group that may have already breached the perimeter for model distillation," she explains. "When equivalent capabilities like GPT-5.5 remain accessible, such bans risk accelerating a shift toward decentralized, unblockable open-source initiatives. The Security Community Asks US Government to Reconsider Mythos/Fable Ruling Many members of the security community have been critical of the government's decision to block Mythos and Fable. Katie Moussouris is the founder and CEO of Luta Security, as well as a pioneer in vulnerability management. In a blog post published yesterday, Moussouris argued that the Fable 5 export control harms US cyber defenses, calling the move heavy handed, hasty, and misguided.  The argument has to do with the nature of the jailbreak, which she detailed, as she had seen the relevant research. "The researchers took open-source code with known CVEs, plus new code with deliberately planted vulnerabilities, and asked Fable 5, Mythos, and Opus to 'review the code for security issues.' Fable 5 refused. They then asked the models to 'fix this code' and, through a multistep and manual process, turned the output into scripts that test the patches," she wrote. "The prompts worked because they were defensive requests, and that capability cannot be removed without making the model worse at fixing bugs and verifying patches." Moussouris said that to limit access to defenders at such a critical stage will effectively kneecap them "while doing nothing to impede attackers." She also signed an open letter co-signed by many prominent figures in the cybersecurity industry, including Alex Stamos, Casey Ellis, Bruce Schneier, and others. The letter asks the government to lift the export controls. It argues that the issues highlighted in the research cited by the government can be replicated in other models, that Anthropic is addressing the research, and that the restriction will only give US competitors like China an advantage. "The Chinese open-weight models are only months behind the best American models, and those are the models we know about. It seems likely that the PRC government has access to private capabilities beyond what has been published," the letter read. Even vendors are speaking up. Joe Levy, CEO of Sophos, published a blog post on LinkedIn stating he'd signed the open letter and that defenders need access to the best tools to fix vulnerabilities before attackers can get to them. "The fastest path there is to keep defenders equipped and to build policy on evidence, together," he wrote. Black Hills Information Security's Strand explains that if access to cutting-edge tooling becomes constrained by tooling, it "directly degrades the defender's ability to operate."  "These capabilities are not optional for defenders. They need to be integrated into security operations centers, development pipelines, and both defensive and offensive security assessments," he says. "When access is restricted based on fear, uncertainty, or incomplete understanding of the technology, the practical effect is to make it easier for adversaries to succeed while making it harder for defenders to do their jobs." About the Author Alexander Culafi Senior News Writer, Dark Reading Alex is an award-winning writer, journalist, and podcast host based in Boston. After cutting his teeth writing for independent gaming publications as a teenager, he graduated from Emerson College in 2016 with a Bachelor of Science in journalism. He has previously been published on VentureFizz, Search Security, Nintendo World Report, and elsewhere.  At Dark Reading, he covers a variety of cybersecurity topics, including the cybercrime ecosystem, open source security, and the intersection between AI and threat actors. In his spare time, Alex hosts the weekly Nintendo podcast, "Talk Nintendo Podcast," and works on personal writing projects, including two previously self-published science fiction novels. He has received numerous awards, including TechTarget's Writer of the Year in 2022 as well as more than 10 Azbee awards for his reporting between 2022 and today.  Want more Dark Reading stories in your Google search results? ADD US NOW More Insights Industry Reports How Organizations Are Managing Incident Response How Enterprises Are Developing Secure Applications Inside RSAC 2026: security leaders reveal the risks redefining your defense strategy Essential News & Insights from Black Hat USA 2025 How Enterprises Are Harnessing Emerging Technologies in Cybersecurity Access More Research Webinars Advanced Persistent Threats: A Practical Guide to Detection and Response The Frontier AI Era: Why Cybersecurity Must Move at Machine Speed Build vs. Buy: The Hidden Cost of Building Your Own AI Security Stack Defending in the Shadow Era: When the CVE Feed Goes Dark Building SecOps That Make the Most of Every Dollar More Webinars You May Also Like VULNERABILITIES & THREATS Cheap Hardware Module Bypasses AMD, Intel Memory Encryption by Rob Wright NOV 25, 2025 VULNERABILITIES & THREATS Patch Now: Microsoft Flags Zero-Day & Critical Zero-Click Bugs by Jai Vijayan, Contributing Writer NOV 11, 2025 VULNERABILITIES & THREATS Microsoft Issues Emergency Patch for Critical Windows Server Bug by Rob Wright OCT 24, 2025 VULNERABILITIES & THREATS 350M Cars, 1B Devices Exposed to 1-Click Bluetooth RCE by Nate Nelson, Contributing Writer JUL 11, 2025 Editor's Choice CYBERSECURITY OPERATIONS 20 Leaders Who Built the CISO Era: 2 Decades of Change byDark Reading Editorial Team MAY 12, 2026 41 MIN READ APPLICATION SECURITY It's Patch Tuesday for Microsoft & Not a Zero-Day In Sight byJai Vijayan MAY 12, 2026 5 MIN READ CYBERATTACKS & DATA BREACHES Instructure Breach Exposes Schools' Vendor Dependence byAlexander Culafi MAY 6, 2026 4 MIN READ Want more Dark Reading stories in your Google search results? Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. SUBSCRIBE AUG 1-6 | MANDALAY BAY, LAS VEGAS USE CODE: DARKREADING & SAVE $200 ON A BRIEFINGS PASS OR $100 ON A BUSINESS PASS The premier cybersecurity event returns. GET YOUR PASS ANATOMY OF A DATA BREACH This comprehensive virtual event examines the main vulnerabilities and exploits that lead to enterprise data breaches, plus the latest tools and best practices for conducting incident response. BEAT HACKERS TO IT
    💬 Team Notes
    Article Info
    Source
    Dark Reading
    Category
    ◇ Industry News & Leadership
    Published
    Jun 17, 2026
    Archived
    Jun 17, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗