More than 50 cybersecurity leaders — including executives at Nvidia and Adobe — have signed an open letter urging the Trump administration to reverse its ban on Anthropic’s most capable AI models, warning that the restrictions leave American defenders more exposed, not less.
The letter, sent Sunday, follows a Friday government order directing Anthropic to suspend access to its Fable 5 and Mythos 5 models for foreign nationals, citing national security concerns. The move has triggered immediate pushback from the very industry professionals the restrictions were meant to protect — and set the stage for a high-stakes meeting at the U.S. Department of Commerce on Monday, where senior Anthropic staff are scheduled to face government officials, according to a Trump administration official who spoke to Reuters.
Who’s Affected?
The order hits Anthropic’s two frontier models simultaneously. Mythos 5 is the company’s most powerful research-grade system — one that Anthropic itself had previously withheld from wide release after flagging its potential to identify software vulnerabilities and generate working exploits. Fable 5 is its safer, more guarded public counterpart, built with what Anthropic described as cybersecurity safeguards. The government’s concern, according to Anthropic, is that a narrow technique exists to “jailbreak” Fable’s protections — bypassing a safeguard that prevents the model from being used to pinpoint software flaws. Anthropic has argued that a limited potential workaround does not justify cutting off access to tools used by hundreds of millions of people.
The signatories of Sunday’s letter represent organizations that rely on those tools daily. Joshua Saxe, CTO of AI security firm Abundant Security and a letter signatory, described Mythos as “almost definitely the best model right now for finding security bugs and code” in an interview — while simultaneously noting it represents “an incremental advance over other models that are already open.” That nuance is central to the industry’s argument: pulling Anthropic’s models does not eliminate the capability from the threat landscape; it simply removes it from defenders’ hands. Alex Stamos, chief product officer at Corridor and another signatory, was more direct, calling the order “an overreaction by the government” and saying there was an active dispute between Anthropic and the third party that flagged the jailbreak issue over how serious the findings actually were.
What Comes Next?
The Monday meeting at the Department of Commerce is the clearest near-term inflection point. With Anthropic valued at approximately $965 billion and actively preparing for a public offering, the stakes of a prolonged standoff extend well beyond cybersecurity policy. The company has already navigated a prior clash with the Trump administration earlier this year, when U.S. agencies were directed to stop working with Anthropic after it declined to allow its technology to be used for mass surveillance and autonomous weapons — a dispute that saw it labeled a supply risk. That backdrop means the current conflict is not an isolated incident but a recurring pattern of tension between Anthropic’s safety commitments and Washington’s national security demands.
The letter raised a more systemic concern: that the order’s timing may work against U.S. interests precisely when the competitive gap is narrowing. The signatories cited China’s Kimi 2.7 as a model offering similar vulnerability-discovery capabilities, and warned that Beijing is likely already operating with access to abilities beyond what is publicly disclosed — with Chinese open-source models potentially months away from matching leading American systems. That assessment aligns with findings published last week by cybersecurity company CrowdStrike, which identified China-linked hackers as the single largest espionage threat to technology companies over the past year. Stamos added that any regulation in this space must be “evidence-based, clearly defined and applied consistently” — standards he said were not met by Friday’s order. These parallel pressures — a narrowing technical lead and an emboldened state-linked adversary — suggest the policy question is less about whether AI models can find vulnerabilities and more about who benefits when access is restricted.
The collision between Anthropic’s model restrictions and the industry’s reaction reveals a structural tension that is likely to recur across the AI sector: as frontier models become genuinely useful for offensive cyber operations, governments face a binary that doesn’t hold up under scrutiny — restricting powerful AI tools may reduce misuse risk at the margin while simultaneously degrading the defensive capabilities of the very organizations tasked with detecting and responding to nation-state attacks. The letter’s signatories, by pointing to China’s Kimi 2.7 and open-source parity, are essentially arguing that the “moat” the ban is meant to protect has already been bridged — a dynamic explored in broader industry context in analyses of how AI is reshaping the vulnerability race between attackers and defenders.
How Anthropic’s Restricted Models Compare to Available Alternatives
The letter’s central empirical claim — that Mythos 5 is not uniquely capable — is worth examining against what is publicly known about comparable systems. The table below reflects only publicly documented or source-attributed capabilities; no specifications have been inferred or fabricated.
| Model | Developer | Access Status (as of this report) | Cybersecurity Capability (per source) | Safeguards |
|---|---|---|---|---|
| Mythos 5 | Anthropic (U.S.) | Restricted — foreign national access suspended by U.S. government order | “Almost definitely the best model for finding security bugs” (Saxe, Abundant Security) | Previously withheld from wide release by Anthropic itself |
| Fable 5 | Anthropic (U.S.) | Public, but access restricted for foreign nationals; jailbreak vulnerability disputed | Capable; Anthropic says cybersecurity safeguards are built in | Active safeguards; potential narrow jailbreak flagged by third party |
| Kimi 2.7 | Moonshot AI (China) | Open / publicly available | “Similar abilities” to Anthropic models, per letter signatories | Not subject to U.S. government export restrictions |
Note: Capability assessments reflect source-attributed claims from letter signatories, not independent benchmarks.
The comparison underscores the asymmetry at the heart of the policy dispute: the model the U.S. government is restricting faces open competition from a Chinese system that operates beyond its jurisdiction. This echoes the broader context of why Washington moved against Fable 5 and Mythos 5 in the first place — and raises questions about whether supply-side access controls can be effective when capability parity already exists elsewhere. The dynamic also mirrors earlier debates around regulatory pressure on AI companies approaching public markets, where governance concerns intersect with commercial milestones.
For further background on Anthropic’s model architecture and why the two-version approach matters, see our explainer on Fable 5 and why it has two versions.
How Serious Players Should Respond
For cybersecurity organizations — whether enterprise security teams, government contractors, or national CERTs — the immediate practical implication is a tool gap that competitors in less restricted jurisdictions do not face. Security leaders should document, with specificity, how Anthropic’s models are being used in defensive workflows today, and what alternative systems would realistically replace them. That evidence base is precisely what Stamos and the letter’s signatories are calling for: regulation grounded in demonstrated harm rather than precautionary access controls. Organizations that have already integrated Mythos or Fable into vulnerability research pipelines should be prepared to present that operational data if the Commerce Department meeting produces a formal comment or rulemaking process.
For regulators and policymakers, the letter’s reference to China’s Kimi 2.7 and near-term open-source parity is the most pointed challenge to the current approach. If the capability gap that the order was meant to protect closes within months regardless of what Anthropic does, the policy cost — degraded U.S. defensive capacity — becomes a net loss. A more durable framework would likely distinguish between offensive and defensive use cases, establish clear jailbreak severity thresholds before triggering access bans, and apply restrictions consistently across all frontier models rather than singling out one company.
For Anthropic itself, the IPO timeline adds urgency. A prolonged designation as a national security risk — even informally — creates material disclosure obligations and investor uncertainty that go well beyond any single model release. The company’s willingness to engage directly with the Department of Commerce, rather than litigate the order immediately, suggests it is prioritizing a negotiated resolution. Whether Washington is prepared to offer one, on terms Anthropic can accept without compromising its safety commitments, is the question Monday’s meeting must begin to answer.
