The Trump administration's de facto ban on Anthropic's Mythos derivative, Fable 5, has stirred controversy as experts question the government's justification. Last week, the administration cited national security concerns to issue an export control preventing any foreign national, including Anthropic employees, from using the models. In response, Anthropic shut down both models for all customers, leaving the company and security community in dispute over the move's validity.
The Government's Case and a Short Notice
The Bureau of Industry Security's letter, obtained by Bloomberg, required a license for export or transfer of the models due to risks of military intelligence use. The broad restriction gave Anthropic only about 90 minutes to comply, with little explanation. Employees reported that the government refused to elaborate, simply ordering the shutdown. This abrupt action has led some within Anthropic to suspect the company is being singled out.
Expert Critique of the Rationale
Cybersecurity expert Katie Moussouris, known for founding Microsoft's bug bounty program and leading Hack the Pentagon, reviewed the third-party report that allegedly justified the ban—an Amazon security analysis. According to Moussouris, Amazon researchers fed Fable 5 and Mythos 5 open-source code with known CVEs and new vulnerabilities, prompting the model to "fix this code." The model complied, but when asked to "review the code for security issues," it refused. Moussouris argues this is exactly what defensive security teams need, not a national security threat. She and over 100 other security experts, including Alex Stamos, signed a letter opposing the ban, stating it harms defenders more than attackers.
Broader Implications for AI Models
Even if Mythos and Fable are as advanced as claimed, experts note similar capabilities already exist in other models, including open-weight ones overseas like DeepSeek. The ban may be futile as such abilities become widespread. The incident raises questions about how the U.S. will handle future AI models with dual-use potential, especially when defenders argue these tools are essential for cybersecurity.