Dear Secretary Lutnick and National Cyber Director Cairncross,
We, the undersigned executives and technical leaders from across the United States and its allies, write to you to ask you to lift the export control directives on Anthropic’s Fable and Mythos large language models and commit to an open, scientific and transparent process of handling AI risk assessments in the future.
First, we would like to state that we believe that:
AI is having significant impacts on cybersecurity, including by greatly reducing the difficulty of finding flaws in software and writing exploits for those flaws.- Anthropic’s Mythos-class models are quite good at finding flaws and weaponizing exploits. - However, they are not at these tasks, and many of the undersigned individuals regularly use other foundation and open-source models for security audits and red-teaming every day.uniquelygood - Anthropic has built to prevent its use for cyber offensive uses. These protections were so aggressive as to be the source of humor in the cyber community on launch day.multiple protectionsinto the Fable model - It is essential to provide AI to coders and security teams so they can find and fix flaws in their own newly-written as well as decades of legacy code faster than our adversaries. - The Chinese open-weight models are only months behind the best American models, and those are the modelswe know about. It seems likely that the PRC government has access to private capabilities beyond what has been published. - To pull the best capabilities away from defenders without a good reason when our adversaries are rapidly advancing is dangerous.
It is our understanding that underlying model capabilities in the original research that triggered this action:
Were focused on determining whether a human-prompted section of code was insecure. This is a necessary capability in any model that is intended to write secure code and should not be considered an offensive capability.Can be replicated on GPT-5.5, Opus, Sonnet and even Chinese models like Kimi 2.7. The justification for this unprecedented action was that Fable provides a unique “uplift” of capabilities beyond other AI models, but AI has been finding bugs and generating working exploits at superhuman levels since last year.Anthropic is addressing the research. As security professionals, we recognize that our work does not lead to a simple end-state where a system is fully safe, and the purpose of research like this is to enable continuous improvement, not to ban the technology.
As a result, this action has taken the best models away from defenders, created market uncertainty, and risked America’s AI leadership without any real risk to justify it.
Not all of us agree that AI regulation is the right way forward. But if this Administration’s laudable goal of securing our nation’s critical infrastructure is going to include models being regulated, then the regulations should be:
- Grounded in scientific evaluations developed with input from industry and academia; - Created through a democratic rule-making process; - Enforced transparently and fairly with appropriate time given to remediate; and - Used only to the minimal extent necessary to ensure the safety of the American public.
Thank you for your consideration and partnership in helping us maintain America’s lead in technology while protecting critical software and systems.
Signed, Affiliations are included for reference only and do not indicate organizational endorsement.
Alex StamosChief Product Officer,CorridorDerek AbdineCEO,FurlFeross AboukhadijehCEO,SocketBen AdidaExecutive Director,VotingWorksIftach Ian AmitFormer CSO, Founder and CEO atGomboc.aiOmkhar ArasaratnamMatthew ArenoCTOAbhishek AryaPrincipal Engineer,Googleand Founder,OSS-FuzzJames Nicholas AshworthAI VillageEmily AustinPrincipal Security ResearcherMegan BakerCISO,GeorgianKevin BankstonSenior AI Governance Advisor,Center for Democracy & TechnologyKurt BaumgartnerCo-Founder,TLPBLACKAndrew BechererCISO,SocketBrian BehlendorfOpen Source PioneerAnthony BettiniCEO,VulnCheckManish Bhatt0-day Connoisseur,OWASPMatt BishopDistinguished Professor,University of California DavisChristopher Bleckmann-DreherPrincipal Offensive Security,Mercedes-BenzJP BourgetCEO,Blue CycleAaron BrownHead of Security,MercorJack CableCEO & Co-founder,CorridorJon CallasIndiana UniversityJustin CalmusCISOJeffrey CarusoAuthor and ResearcherSven CattellAI VillageJason ChanRetired CISOAnupam ChanderProfessor of Law and Technology,GeorgetownMatthew CreagerCo-Founder,KeycardAndrew CunjeCISO,AppianDino A. Dai ZoviJ. Michael DanielPresident & CEO,Cyber Threat AllianceSam DavisonDrew DennisonCTO & Co-FounderJustin DollyChief Security Officer,Ory CorpJustin D'SouzaCEO,Asymptote LabsDonald E. Eastlake 3rdPrincipal EngineerMoona Ederveen-SchneiderFounder, Resilia ConnectCasey John EllisFounder,disclose.ioandBugcrowdGary EllisonFormer VP Trust and Product SecurityChris EngCybersecurity ExecutiveMaggie EnglerSergej EppMulti-CISOGadi EvronFounder and CEO,KnosticEd FeltenCo-founder and Chief Scientist,Offchain; former Deputy U.S. CTOJaime FigueresPresident, Fundación Costarricense de Inteligencia Artificial Responsable (FAIR Costa Rica)Joe FitzPatrickFounder,SecuringHardware.comRobert FlyCEO/Co-Founder,detections.aiRichard F. FornoTeaching Professor,UMBCErick GalinkinAI Security Research ScientistHarley GeigerSteve GentryCISODaniel GoreckiCISO/Founder,NGC RiskAndy GrantHead of Security Assurance,ZoomYael GrauerMatthew D. GreenAssociate Professor,Johns Hopkins UniversityJoseph Lorenzo HallDistinguished Technologist,Internet SocietyArabella HallawellCMO, Sovera SecurityAndrew HayCOO,DamovoTyler HealyCISO,DigitalOceanAriel Herbert-VossCEO,RunSybilMichael HicksCecilia Fitler Moore Professor and Director of the Schlein Center for Cybersecurity,University of PennsylvaniaCyrus HodesCo-founder,Stability AI, Venture PartnerLionheart VenturesChristofer HoffCyber Security ExecutiveKeith HoodletDirector, Security ResearchRick HowardCEO,Cybersecurity Canon ProjectJared HunterRocket Software, Inc.Mikko HypponenCRO,Sensofusion FinlandVlad IonescuCTO,RunSybilDipendra JainFounderJeevan JutlaCEO,Gecko SecurityChad KalmesCISO,BenchlingDhillon KannabhiranFounder,Hack In The BoxEoin KearyCEO & Founder,EdgescanJake KingFounder, Minimal Software ResearchDr. Joseph KiniryCEO and Chief Scientist, Sigil LogicJonathon KlobucarSecurity EngineerBenjamin KnaussCEO,Racter HoldingsMitja Kolsek0patchco-founderMartin KoopmanManaging Director, Aditat AIMadeline LawrenceCo-Founder,Aikido SecurityNate LeeCEO/Founder,TrustMindandCloudsecAIJoe LevyCEO,SophosIan LivingstoneCEOMax LoefflerResearcher,GoodfireDan LorencCEO,ChainguardMark LovelessSecurity ArchitectMyke LyonsCISO,CriblGreg MartinCEO ofGhost SecurityRoss MaticanInvestor,Halcyon VenturesJack McGivneyCISO,AnaplanJeff McJunkinSANSInstructor and AuthorRoss McKercharCISO,SophosSandra McLeodCISO,Zoom CommunicationsAmanda MinnichAI Security Researcher,MicrosoftRich MogullAnalyst, Security ExecutiveJoe MolesCTO,FurlChristopher Monson, Ph.D.Founding Engineer,Abundant SecurityKatie MoussourisCEO,Luta SecurityVinh NguyenFormer Chief Responsible AI Officer,National Security AgencyT.C. (Theodore) NiedzialkowskiCISO, Head of Security & IT; formerOpendoor,Nextdoor,Federal ReserveNational Incident Response TeamCharles NwatuSecurity Leader, GRC EngineeringDave Ockwell-JennerHead of Information Security,NarvarCarey ParkerFirewalls Don't Stop DragonsEfrain Orsini JrDirector of Security Operation & Deputy CISO,SilverSkyBryan PayneVesko PehlivanovStephen D PelletierCEOJohn PetersonCTO,SophosRiana PfefferkornPolicy Fellow,Stanford HAINiels ProvosSecurity Blueprints LLCNils PuhlmannCISOMuralidharan RamachandranFounder & Strategic AdvisorAshwin RamaswamiCTO & Co-founder,CorridorJason RebholzCEO,Evoke SecurityGavin ReidCISO,Human SecurityJonathan ReiterMark RisherFmr. Head ofGoogleIdentityEsteban RodriguezMarc RogersCTO,NBHD.aiOlivia RoseCISOJason RossOWASPGenAI Red Team co-leadJim RouthAdvisorBob RudisDistinguished Engineer, Applied AIDragos RuiuCanSecWestMike SampleCTO,Minimal.dev SoftwareChris SandulowCISO,ConfluentJoshua SaxeCo-Founder,Abundant SecurityTy SbanoCISO,WebflowAlex SchapiroCo-Founder,StrixBruce SchneierHarvard Universityand theUniversity of TorontoCory ScottCenter for Cybersecurity and Privacy Protection, CSU|LAW; Former CISOJoshua ScottCISO,HydrolixJames ShankDirector of Threat Operations,ExpelAkram SheriffCo-Founder/CTO (Ex-Cisco Systems, Ex-Hippocratic.ai)Ram Shankar Siva KumarAffiliate,Berkman Klein Center for Internet and Societyat Harvard UniversityMatthew SouthworthCSO,PricelineEugene H. SpaffordDistinguished Professor,Purdue UniversityJohn N StewartPresident, Talons VenturesJohn StringerDivisional CTO,ImageNet ConsultingTalha TariqChief Technology Officer (Security),VercelGlenn ThorpeSr. Director – Applied AI, IntelligencePer ThorsheimFounder,PasswordsConRachel TobacCEO,SocialProof SecurityEmily VandewatervCISO,Elteni Cybersecurity ConsultingJohn VillasenorProfessor of Electrical Engineering, Law, and Public Policy,UCLAPaul VixieInternet PioneerJason WaitsCISO,Inductive AutomationNancy WangVenture Partner,Felicis VenturesSteven WeberProfessor of the Graduate School,UC Berkeley School of InformationTarah WheelerChief Security Officer,TPO GroupJeff WilliamsCISO,Sigma360Royce D. Williamspublic-interest technologistDave WillnerCofounder,ZentropiAllen Wilson3x CISOBeau WoodsFounder/CEO,Stratigos SecurityChris WysopalCo-founder,VeracodeJosh YavorCEO,Credible SecurityPhilip ZimmermannAssociate Professor Emeritus of Cybersecurity,Delft University of Technology