{"slug": "an-open-letter-on-transparent-ai-cyber-protections", "title": "An open letter: On transparent AI cyber protections", "summary": "Executives and technical leaders from the US and its allies urge Commerce Secretary Lutnick and National Cyber Director Cairncross to lift export controls on Anthropic's Fable and Mythos AI models, arguing the restrictions harm defenders while adversaries advance. The letter claims the models are not uniquely capable for cyber offense and calls for transparent, science-based AI risk assessments.", "body_md": "Dear Secretary Lutnick and National Cyber Director Cairncross,\n\nWe, the undersigned executives and technical leaders from across the United States and its allies, write to you to ask you to lift the export control directives on Anthropic’s Fable and Mythos large language models and commit to an open, scientific and transparent process of handling AI risk assessments in the future.\n\nFirst, we would like to state that we believe that:\n\n**AI is having significant impacts on cybersecurity**, including by greatly reducing the difficulty of finding flaws in software and writing exploits for those flaws.- Anthropic’s Mythos-class models\n**are quite good at finding flaws and weaponizing exploits**. - However, they are\n**not** at these tasks, and many of the undersigned individuals regularly use other foundation and open-source models for security audits and red-teaming every day.*uniquely*good - Anthropic has\n**built** to prevent its use for cyber offensive uses. These protections were so aggressive as to be the source of humor in the cyber community on launch day.[multiple protections](https://www-cdn.anthropic.com/d00db56fa754a1b115b6dd7cb2e3c342ee809620.pdf)into the Fable model - It is\n**essential to provide AI to coders and security teams** so they can find and fix flaws in their own newly-written as well as decades of legacy code faster than our adversaries. - The Chinese open-weight models\n[are only months behind the best American models](https://artificialanalysis.ai/), and those are the models**we know about**. It seems likely that the PRC government has access to private capabilities beyond what has been published. - To pull the best capabilities away from defenders without a good reason when our adversaries are rapidly advancing is\n**dangerous**.\n\nIt is our understanding that underlying model capabilities in the original research that triggered this action:\n\n**Were focused on determining whether a human-prompted section of code was insecure**. This is a necessary capability in any model that is intended to write secure code and should not be considered an offensive capability.**Can be replicated on GPT-5.5, Opus, Sonnet and even Chinese models like Kimi 2.7**. The justification for this unprecedented action was that Fable provides a unique “uplift” of capabilities beyond other AI models, but AI has been finding bugs and generating working exploits at superhuman levels since last year.**Anthropic is addressing the research.** As security professionals, we recognize that our work does not lead to a simple end-state where a system is fully safe, and the purpose of research like this is to enable continuous improvement, not to ban the technology.\n\nAs a result, this action has taken the best models away from defenders, created market uncertainty, and risked America’s AI leadership without any real risk to justify it.\n\nNot all of us agree that AI regulation is the right way forward. But if this Administration’s laudable goal of securing our nation’s critical infrastructure is going to include models being regulated, then the regulations should be:\n\n- Grounded in\n**scientific** evaluations developed with input from industry and academia; - Created through a\n**democratic** rule-making process; - Enforced\n**transparently and fairly** with appropriate time given to remediate; and - Used only to the\n**minimal extent necessary** to ensure the safety of the American public.\n\nThank you for your consideration and partnership in helping us maintain America’s lead in technology while protecting critical software and systems.\n\nSigned,\n\nAffiliations are included for reference only and do not indicate organizational endorsement.\n\n[Alex Stamos](https://www.linkedin.com/in/alexstamos/)Chief Product Officer,[Corridor](https://corridor.dev)[Derek Abdine](https://www.linkedin.com/in/derekabdine/)CEO,[Furl](https://furl.ai)[Feross Aboukhadijeh](https://www.linkedin.com/in/feross/)CEO,[Socket](https://socket.dev)[Ben Adida](https://www.linkedin.com/in/benadida)Executive Director,[VotingWorks](https://voting.works)[Iftach Ian Amit](https://www.linkedin.com/in/iamit/)Former CSO, Founder and CEO at[Gomboc.ai](https://gomboc.ai)[Omkhar Arasaratnam](https://www.linkedin.com/in/omkhar/)[Matthew Areno](https://www.linkedin.com/in/matthew-areno-phd)CTO[Abhishek Arya](https://www.linkedin.com/in/abhishek-arya-a565373)Principal Engineer,[Google](https://www.google.com)and Founder,[OSS-Fuzz](https://github.com/google/oss-fuzz)[James Nicholas Ashworth](https://www.linkedin.com/in/james-ashworth-5a49bb266/)[AI Village](https://aivillage.org)[Emily Austin](https://www.linkedin.com/in/emilylaustin/)Principal Security Researcher[Megan Baker](https://www.linkedin.com/in/megan-gillikin-baker/)CISO,[Georgian](https://georgian.io)[Kevin Bankston](https://www.linkedin.com/in/kevinbankston/)Senior AI Governance Advisor,[Center for Democracy & Technology](https://cdt.org)[Kurt Baumgartner](https://www.linkedin.com/in/kurtbaumgartner/)Co-Founder,[TLPBLACK](https://tlpblack.net)[Andrew Becherer](https://www.linkedin.com/in/andrewbecherer/)CISO,[Socket](https://socket.dev)[Brian Behlendorf](https://www.linkedin.com/in/brianbehlendorf/)Open Source Pioneer[Anthony Bettini](https://www.linkedin.com/in/anthonybettini/)CEO,[VulnCheck](https://www.vulncheck.com)[Manish Bhatt](https://www.linkedin.com/in/manishbhatt132123/)0-day Connoisseur,[OWASP](https://owasp.org)[Matt Bishop](https://www.linkedin.com/in/matt-bishop-427104/)Distinguished Professor,[University of California Davis](https://www.ucdavis.edu)[Christopher Bleckmann-Dreher](https://de.linkedin.com/in/christopher-bleckmann-dreher-18a14220)Principal Offensive Security,[Mercedes-Benz](https://www.mercedes-benz.com)[JP Bourget](https://www.linkedin.com/in/jpbourget/)CEO,[Blue Cycle](https://www.bluecycle.net)[Aaron Brown](https://www.linkedin.com/in/aaronwaynebrown/)Head of Security,[Mercor](https://mercor.com)[Jack Cable](https://www.linkedin.com/in/jackcable/)CEO & Co-founder,[Corridor](https://corridor.dev)[Jon Callas](https://www.linkedin.com/in/joncallas/)[Indiana University](https://www.iu.edu)[Justin Calmus](https://www.linkedin.com/in/jcalmus/)CISO[Jeffrey Caruso](https://www.linkedin.com/in/jeffreycaruso/)Author and Researcher[Sven Cattell](https://www.linkedin.com/in/sven-cattell-5748a311/)[AI Village](https://aivillage.org)[Jason Chan](https://www.linkedin.com/in/jasonbchan)Retired CISO[Anupam Chander](https://www.linkedin.com/in/anupam-chander-0a00562/)Professor of Law and Technology,[Georgetown](https://www.georgetown.edu)[Matthew Creager](https://www.linkedin.com/in/matthewcreager)Co-Founder,[Keycard](https://keycard.ai)[Andrew Cunje](https://www.linkedin.com/in/andrc/)CISO,[Appian](https://www.appian.com)[Dino A. Dai Zovi](https://www.linkedin.com/in/dinodaizovi)[J. Michael Daniel](https://www.linkedin.com/in/j-michael-daniel-cta)President & CEO,[Cyber Threat Alliance](https://www.cyberthreatalliance.org)[Sam Davison](https://www.linkedin.com/in/samantha-davison-77903421/)[Drew Dennison](https://www.linkedin.com/in/drewdennison/)CTO & Co-Founder[Justin Dolly](https://www.linkedin.com/in/justindolly/)Chief Security Officer,[Ory Corp](https://www.ory.sh)[Justin D'Souza](https://www.linkedin.com/in/jqdsouza/)CEO,[Asymptote Labs](https://asymptotelabs.ai)[Donald E. Eastlake 3rd](https://www.linkedin.com/in/eastlake/)Principal Engineer[Moona Ederveen-Schneider](https://www.linkedin.com/in/mederveen/)Founder, Resilia Connect[Casey John Ellis](https://www.linkedin.com/in/caseyjohnellis/)Founder,[disclose.io](https://disclose.io)and[Bugcrowd](https://www.bugcrowd.com)[Gary Ellison](https://www.linkedin.com/in/garyellison/)Former VP Trust and Product Security[Chris Eng](https://www.linkedin.com/in/realchriseng)Cybersecurity Executive[Maggie Engler](https://www.linkedin.com/in/maggie-engler/)[Sergej Epp](https://www.linkedin.com/in/sergejepp/)Multi-CISO[Gadi Evron](https://www.linkedin.com/in/gadievron/)Founder and CEO,[Knostic](https://www.knostic.ai)[Ed Felten](https://www.cs.princeton.edu/~felten/)Co-founder and Chief Scientist,[Offchain](https://www.offchainlabs.com); former Deputy U.S. CTO[Jaime Figueres](https://www.linkedin.com/in/jfigueres/)President, Fundación Costarricense de Inteligencia Artificial Responsable (FAIR Costa Rica)[Joe FitzPatrick](https://www.linkedin.com/in/securelyfitz/)Founder,[SecuringHardware.com](https://securinghardware.com)[Robert Fly](https://www.linkedin.com/in/robertfly/)CEO/Co-Founder,[detections.ai](https://detections.ai)[Richard F. Forno](https://rickf.org/)Teaching Professor,[UMBC](https://www.umbc.edu)[Erick Galinkin](https://www.linkedin.com/in/erickgalinkin/)AI Security Research Scientist[Harley Geiger](https://www.linkedin.com/in/harleylorenzgeiger/)[Steve Gentry](https://www.linkedin.com/in/scgentry/)CISO[Daniel Gorecki](https://www.linkedin.com/in/dangorecki/)CISO/Founder,[NGC Risk](https://ngcrisk.com)[Andy Grant](https://www.linkedin.com/in/andywgrant/)Head of Security Assurance,[Zoom](https://zoom.us)[Yael Grauer](https://www.linkedin.com/in/yaelgrauer/)[Matthew D. Green](https://www.linkedin.com/in/matthew-green-47850018)Associate Professor,[Johns Hopkins University](https://www.jhu.edu)[Joseph Lorenzo Hall](https://www.linkedin.com/in/josephhall)Distinguished Technologist,[Internet Society](https://www.internetsociety.org)[Arabella Hallawell](https://www.linkedin.com/in/arabella-hallawell-438243/)CMO, Sovera Security[Andrew Hay](https://www.linkedin.com/in/andrewhay/)COO,[Damovo](https://www.damovo.com)[Tyler Healy](https://www.linkedin.com/in/tyler-healy-93528a18/)CISO,[DigitalOcean](https://www.digitalocean.com)[Ariel Herbert-Voss](https://www.linkedin.com/in/adversariel/)CEO,[RunSybil](https://www.runsybil.com)[Michael Hicks](https://www.linkedin.com/in/mike-hicks-a053311)Cecilia Fitler Moore Professor and Director of the Schlein Center for Cybersecurity,[University of Pennsylvania](https://www.upenn.edu)[Cyrus Hodes](https://www.linkedin.com/in/hodes/)Co-founder,[Stability AI](https://stability.ai), Venture Partner[Lionheart Ventures](https://www.lionheart.vc)[Christofer Hoff](https://www.linkedin.com/in/choff/)Cyber Security Executive[Keith Hoodlet](https://www.linkedin.com/in/securingdev/)Director, Security Research[Rick Howard](https://www.linkedin.com/in/rickhoward/)CEO,[Cybersecurity Canon Project](https://cybercanon.org)[Jared Hunter](https://www.linkedin.com/in/rocketjared/)[Rocket Software, Inc.](https://www.rocketsoftware.com)[Mikko Hypponen](https://www.linkedin.com/in/hypponen/)CRO,[Sensofusion Finland](https://sensofusion.com)[Vlad Ionescu](https://www.linkedin.com/in/vladionescu0000000000/)CTO,[RunSybil](https://www.runsybil.com)[Dipendra Jain](https://www.linkedin.com/in/dipendrajain)Founder[Jeevan Jutla](https://www.linkedin.com/in/jeevan-jutla/)CEO,[Gecko Security](https://gecko.security)[Chad Kalmes](https://www.linkedin.com/in/chadkalmes)CISO,[Benchling](https://www.benchling.com)[Dhillon Kannabhiran](https://www.linkedin.com/in/l33tdawg/)Founder,[Hack In The Box](https://www.hitb.org)[Eoin Keary](https://www.linkedin.com/in/eoinkeary/)CEO & Founder,[Edgescan](https://www.edgescan.com)[Jake King](https://www.linkedin.com/in/jakeking1/)Founder, Minimal Software Research[Dr. Joseph Kiniry](https://www.linkedin.com/in/kiniry/)CEO and Chief Scientist, Sigil Logic[Jonathon Klobucar](https://www.linkedin.com/in/klobucar/)Security Engineer[Benjamin Knauss](https://www.linkedin.com/in/racter/)CEO,[Racter Holdings](https://racterholdings.com)[Mitja Kolsek](https://www.linkedin.com/in/mitjakolsek/)[0patch](https://0patch.com)co-founder[Martin Koopman](https://www.linkedin.com/in/martinkoopman/)Managing Director, Aditat AI[Madeline Lawrence](https://www.linkedin.com/in/madelinelawren/)Co-Founder,[Aikido Security](https://www.aikido.dev)[Nate Lee](https://www.linkedin.com/in/natetrustmind/)CEO/Founder,[TrustMind](https://trustmind.com)and[CloudsecAI](https://cloudsec.ai)[Joe Levy](https://www.linkedin.com/in/j0313vy/)CEO,[Sophos](https://www.sophos.com)[Ian Livingstone](https://www.linkedin.com/in/irlivingstone/)CEO[Max Loeffler](https://www.linkedin.com/in/maxsloef/)Researcher,[Goodfire](https://www.goodfire.ai)[Dan Lorenc](https://www.linkedin.com/in/danlorenc/)CEO,[Chainguard](https://www.chainguard.dev)[Mark Loveless](https://www.linkedin.com/in/markloveless/)Security Architect[Myke Lyons](https://www.linkedin.com/in/mykelyons)CISO,[Cribl](https://cribl.io)[Greg Martin](https://www.linkedin.com/in/gregcmartin/)CEO of[Ghost Security](https://ghost.security)[Ross Matican](https://www.linkedin.com/in/ross-matican)Investor,[Halcyon Ventures](https://halcyonfutures.org)[Jack McGivney](https://www.linkedin.com/in/jackmcgivney/)CISO,[Anaplan](https://www.anaplan.com)[Jeff McJunkin](https://www.linkedin.com/in/jeffmcjunkin/)[SANS](https://www.sans.org)Instructor and Author[Ross McKerchar](https://www.linkedin.com/in/ross-mckerchar-42bb548)CISO,[Sophos](https://www.sophos.com)[Sandra McLeod](https://www.linkedin.com/in/sandra-mcleod-7a6a61b/)CISO,[Zoom Communications](https://zoom.us)[Amanda Minnich](https://www.linkedin.com/in/amandajeanminnich)AI Security Researcher,[Microsoft](https://www.microsoft.com)[Rich Mogull](https://www.linkedin.com/in/richmogull/)Analyst, Security Executive[Joe Moles](https://www.linkedin.com/in/josephmoles)CTO,[Furl](https://furl.ai)[Christopher Monson, Ph.D.](https://www.linkedin.com/in/chrismonson)Founding Engineer,[Abundant Security](https://www.ssil.ai)[Katie Moussouris](https://www.linkedin.com/in/kmoussouris/)CEO,[Luta Security](https://www.lutasecurity.com)[Vinh Nguyen](https://www.linkedin.com/in/vxnguyen)Former Chief Responsible AI Officer,[National Security Agency](https://www.nsa.gov)[T.C. (Theodore) Niedzialkowski](https://www.linkedin.com/in/tc-niedzialkowski/)CISO, Head of Security & IT; former[Opendoor](https://www.opendoor.com),[Nextdoor](https://nextdoor.com),[Federal Reserve](https://www.federalreserve.gov)National Incident Response Team[Charles Nwatu](https://www.linkedin.com/in/cnwatu/)Security Leader, GRC Engineering[Dave Ockwell-Jenner](https://www.linkedin.com/in/daveoj)Head of Information Security,[Narvar](https://www.narvar.com)[Carey Parker](https://www.linkedin.com/in/firewall-dragons/)[Firewalls Don't Stop Dragons](https://firewallsdontstopdragons.com)[Efrain Orsini Jr](https://www.linkedin.com/in/eorsinijr/)Director of Security Operation & Deputy CISO,[SilverSky](https://silversky.com)[Bryan Payne](https://www.linkedin.com/in/bdpayne/)[Vesko Pehlivanov](https://www.linkedin.com/in/pehlivanov/)[Stephen D Pelletier](https://www.linkedin.com/in/stephenpelletier/)CEO[John Peterson](https://www.linkedin.com/in/john-peterson-a7b82814/)CTO,[Sophos](https://www.sophos.com)[Riana Pfefferkorn](https://www.linkedin.com/in/riana-pfefferkorn-2b93651/)Policy Fellow,[Stanford HAI](https://hai.stanford.edu)[Niels Provos](https://www.linkedin.com/in/nielsprovos/)Security Blueprints LLC[Nils Puhlmann](https://www.linkedin.com/in/npuhlmann)CISO[Muralidharan Ramachandran](https://www.linkedin.com/in/muralidharan-ramachandran-9239992/)Founder & Strategic Advisor[Ashwin Ramaswami](https://www.linkedin.com/in/ashwin-r)CTO & Co-founder,[Corridor](https://corridor.dev)[Jason Rebholz](https://www.linkedin.com/in/jrebholz/)CEO,[Evoke Security](https://www.evokesecurity.com)[Gavin Reid](https://www.linkedin.com/in/gavinsreid/)CISO,[Human Security](https://www.humansecurity.com)[Jonathan Reiter](https://www.linkedin.com/in/jonathan-reiter-sec670/)[Mark Risher](https://www.linkedin.com/in/mrisher/)Fmr. Head of[Google](https://www.google.com)Identity[Esteban Rodriguez](https://www.linkedin.com/in/estebanxrodriguez)[Marc Rogers](https://www.linkedin.com/in/marcrogers)CTO,[NBHD.ai](https://nbhd.ai)[Olivia Rose](https://www.linkedin.com/in/oliviarosecybersecurity/)CISO[Jason Ross](https://www.linkedin.com/in/algorythm)[OWASP](https://owasp.org)GenAI Red Team co-lead[Jim Routh](https://www.linkedin.com/in/jmrouth)Advisor[Bob Rudis](https://www.linkedin.com/in/hrbrmstr/)Distinguished Engineer, Applied AI[Dragos Ruiu](https://www.linkedin.com/in/dragosruiu)[CanSecWest](https://cansecwest.com)[Mike Sample](https://www.linkedin.com/in/mikesample/)CTO,[Minimal.dev Software](https://minimal.dev)[Chris Sandulow](https://www.linkedin.com/in/csandulow/)CISO,[Confluent](https://www.confluent.io)[Joshua Saxe](https://www.linkedin.com/in/joshsaxe/)Co-Founder,[Abundant Security](https://www.ssil.ai)[Ty Sbano](https://www.linkedin.com/in/tysbano/)CISO,[Webflow](https://webflow.com)[Alex Schapiro](https://www.linkedin.com/in/aschap/)Co-Founder,[Strix](https://usestrix.com)[Bruce Schneier](https://www.schneier.com)[Harvard University](https://www.harvard.edu)and the[University of Toronto](https://www.utoronto.ca)[Cory Scott](https://www.linkedin.com/in/coryscottlinkedin/)[Center for Cybersecurity and Privacy Protection](https://www.law.csuohio.edu/academics/centersandprograms/cybersecurity), CSU|LAW; Former CISO[Joshua Scott](https://www.linkedin.com/in/joshuascott/)CISO,[Hydrolix](https://hydrolix.io)[James Shank](https://www.linkedin.com/in/jamesshank)Director of Threat Operations,[Expel](https://expel.com)[Akram Sheriff](https://www.linkedin.com/in/akram-sheriff-81749316/)Co-Founder/CTO (Ex-Cisco Systems, Ex-Hippocratic.ai)[Ram Shankar Siva Kumar](https://www.linkedin.com/in/rssk)Affiliate,[Berkman Klein Center for Internet and Society](https://cyber.harvard.edu)at Harvard University[Matthew Southworth](https://www.linkedin.com/in/matthew-southworth/)CSO,[Priceline](https://www.priceline.com)[Eugene H. Spafford](https://www.linkedin.com/in/spafford)Distinguished Professor,[Purdue University](https://www.purdue.edu)[John N Stewart](https://www.linkedin.com/in/john-n-stewart/)President, Talons Ventures[John Stringer](https://www.linkedin.com/in/jastringer/)Divisional CTO,[ImageNet Consulting](https://www.imagenetconsulting.com)[Talha Tariq](https://www.linkedin.com/in/talhatariq/)Chief Technology Officer (Security),[Vercel](https://vercel.com)[Glenn Thorpe](https://www.linkedin.com/in/glennthorpeiii)Sr. Director – Applied AI, Intelligence[Per Thorsheim](https://www.linkedin.com/in/thorsheim/)Founder,[PasswordsCon](https://www.passwordscon.org)[Rachel Tobac](https://www.linkedin.com/in/racheltobac/)CEO,[SocialProof Security](https://www.socialproofsecurity.com)[Emily Vandewater](https://www.linkedin.com/in/emily-vandewater/)vCISO,[Elteni Cybersecurity Consulting](https://www.elteni.com)[John Villasenor](https://johnvillasenor.com/)Professor of Electrical Engineering, Law, and Public Policy,[UCLA](https://www.ucla.edu)[Paul Vixie](https://www.linkedin.com/in/paulvixie/)Internet Pioneer[Jason Waits](https://www.linkedin.com/in/jason-waits/)CISO,[Inductive Automation](https://inductiveautomation.com)[Nancy Wang](https://www.linkedin.com/in/wangnancy/)Venture Partner,[Felicis Ventures](https://www.felicis.com)[Steven Weber](https://www.linkedin.com/in/steven-weber-3a3156/)Professor of the Graduate School,[UC Berkeley School of Information](https://www.ischool.berkeley.edu)[Tarah Wheeler](https://www.linkedin.com/in/tarah/)Chief Security Officer,[TPO Group](https://www.tpo.group)[Jeff Williams](https://www.linkedin.com/in/jwill5333/)CISO,[Sigma360](https://www.sigma360.com)[Royce D. Williams](https://www.linkedin.com/in/roycewilliams/)public-interest technologist[Dave Willner](https://www.linkedin.com/in/davewillner/)Cofounder,[Zentropi](https://zentropi.ai)[Allen Wilson](https://www.linkedin.com/in/allenmwilson/)3x CISO[Beau Woods](https://www.linkedin.com/in/beauwoods)Founder/CEO,[Stratigos Security](https://stratigossecurity.com)[Chris Wysopal](https://www.linkedin.com/in/wysopal/)Co-founder,[Veracode](https://www.veracode.com)[Josh Yavor](https://www.linkedin.com/in/joshyavor/)CEO,[Credible Security](https://credible.security)[Philip Zimmermann](https://philzimmermann.com)Associate Professor Emeritus of Cybersecurity,[Delft University of Technology](https://www.tudelft.nl)", "url": "https://wpnews.pro/news/an-open-letter-on-transparent-ai-cyber-protections", "canonical_source": "https://freefable.org/", "published_at": "2026-06-16 23:41:19+00:00", "updated_at": "2026-06-16 23:52:22.973593+00:00", "lang": "en", "topics": ["ai-policy", "ai-safety", "large-language-models"], "entities": ["Anthropic", "Fable", "Mythos", "Alex Stamos", "Derek Abdine", "Feross Aboukhadijeh", "Ben Adida", "Howard Lutnick"], "alternates": {"html": "https://wpnews.pro/news/an-open-letter-on-transparent-ai-cyber-protections", "markdown": "https://wpnews.pro/news/an-open-letter-on-transparent-ai-cyber-protections.md", "text": "https://wpnews.pro/news/an-open-letter-on-transparent-ai-cyber-protections.txt", "jsonld": "https://wpnews.pro/news/an-open-letter-on-transparent-ai-cyber-protections.jsonld"}}