The U.S. government just pulled the plug on some of the most powerful AI security tools ever built—and the cybersecurity community is furious. On June 12, an export control directive forced Anthropic to disable its Fable and Mythos models globally, ostensibly to protect national security. Instead, 76 cybersecurity veterans argue in a scathing open letter that the ban has created exactly the opposite effect: weakening defenders while leaving attackers with plenty of alternatives.
The Nuclear Option for AI Export Controls #
The directive prohibited Anthropic from providing Fable and Mythos access to foreign nationals, citing vague national security concerns. Rather than attempt complex user verification, Anthropic chose the nuclear option: shutting off both models for everyone, including U.S. security teams who had integrated them into their defensive workflows.
Mythos, the more powerful variant, had been limited to just 150 vetted organizations across 15 countries. Fable, designed for public use with heavy guardrails, was so restricted it often refused legitimate security requests—like a bodyguard who won’t let you into your own house.
Security Veterans Fire Back #
The protest letter reads like a who’s who of cybersecurity: Alex Stamos (former Facebook CSO), Katie Moussouris (Luta Security founder), and dozens of other industry heavyweights. Their central argument cuts through the policy noise: “To pull the best capabilities away from defenders without a good reason when our adversaries are rapidly advancing is dangerous.”
They’re not wrong about alternatives—similar vulnerability-finding abilities exist in:
- GPT-5.5
- Claude Opus
- Chinese models like Kimi 2.7
The government essentially banned the Honda while leaving the highway full of Ferraris.
Moussouris went further, analyzing the unpublished Amazon research that apparently triggered the ban. The supposed jailbreak simply showed Fable helping fix code with known vulnerabilities—exactly what defenders need AI to do every day.
Setting a Troubling Precedent #
This marks a shift from controlling AI hardware to restricting specific model capabilities through API access. The precedent is chilling for both providers and users: even after public release, your AI tools can vanish based on unpublished research and closed-door determinations.
The irony would be funny if it weren’t so dangerous. In trying to protect America from AI-enhanced cyber threats, officials have handed advanced defensive capabilities to competitors while leaving U.S. security teams scrambling for substitutes. Sometimes the cure really is worse than the disease.