A coalition of 76 cybersecurity professionals has issued an open letter urging the U.S. government to lift its recent export control order on Anthropic’s advanced AI models, Fable 5 and Mythos 5. The group contends that the ban hampers defenders’ ability to identify and mitigate software vulnerabilities, thereby compromising overall cybersecurity.
The U.S. government’s directive, citing national security concerns, led Anthropic to suspend access to these models for all users worldwide. The company stated that it was not provided with specific details regarding the security issues prompting the order. This abrupt suspension has sparked significant concern within the cybersecurity community.
Among the signatories of the letter are prominent figures such as former Facebook security chief Alex Stamos, Bugcrowd founder Casey Ellis, cryptographer Jon Callas, and computer scientist Paul Vixie. They argue that removing these advanced tools from the hands of security professionals, especially when adversaries are rapidly advancing their capabilities, is a dangerous move.
Anthropic had previously restricted access to Mythos 5 due to its exceptional ability to identify software vulnerabilities, granting initial access to around 50 companies and later expanding to approximately 150 organizations across 15 countries. The recent release of Fable 5 was intended to provide a public version with strict guardrails to prevent misuse in sensitive fields, including cybersecurity.
The government’s decision appears to be influenced by concerns over potential methods to bypass these guardrails, known as “jailbreaking,” which could unlock the models’ full capabilities. However, cybersecurity experts argue that such restrictions hinder defensive efforts more than they prevent malicious use, as similar capabilities exist in other widely available models.
This situation underscores the delicate balance between national security and the need for robust cybersecurity tools. While the government’s caution is understandable, the blanket ban may inadvertently weaken the very defenses it aims to strengthen. A more nuanced approach, involving collaboration with the cybersecurity community to address specific concerns, could prove more effective in safeguarding both national security and digital infrastructure.
