U.S. export controls shut down Anthropic's Fable and Mythos AI models after a security flaw was discovered, sparking debate among cybersecurity experts over whether the move weakens defenders more than attackers.

What happened: The U.S. government imposed export controls on Anthropic's Fable 5 and Mythos 5 AI models following a security vulnerability discovered by Amazon researchers. The flaw involved a simple prompt technique—asking the model to "fix this code" rather than "review the code for security issues"—that allowed the model to identify and generate patches for software vulnerabilities. Because U.S. export controls treat any distribution to non-citizens, including those physically in the U.S., as an export, Anthropic disabled both models for all users to avoid violating the restrictions.

Why it matters: Cybersecurity experts argue the controls may harm defensive security more than they prevent misuse. Moussouris noted that defenders need AI models to fix bugs and write patches, and that the vulnerability Amazon found "cannot meaningfully be fixed, and any attempt would only weaken the model for defense." An open letter signed by about 100 cybersecurity professionals from companies including Nvidia, Adobe, Google, and Zoom contends that other AI models, including open-source options and Chinese models, can already perform similar code security reviews, making Fable's export restriction strategically questionable.

What to watch: An open letter opposing the export controls has been signed by about 100 cybersecurity professionals and notes that Anthropic's Mythos model, while notable for autonomously chaining multiple cybersecurity vulnerabilities together, is "not uniquely good" at finding flaws compared to other available models. The letter also highlights that Anthropic had built multiple protections into Fable to prevent cyber attacks, making the justification for export controls disputed within the security community.