Forgot your password?
typodupeerror
Security

Cybersecurity Vets Protest 'Dangerous' US Government Ban On Anthropic's Most Powerful Models (techcrunch.com) 40

An anonymous reader quotes a report from TechCrunch: A group made up of dozens of cybersecurity experts, including several well-known veterans of the industry, published an open letter to the U.S. government asking it to lift the export control order on Anthropic's Fable and Mythos models. According to the open letter, "this action has taken the best models away from [cybersecurity] defenders" who now can't use the models to find vulnerabilities and make their software and products more secure. "To pull the best capabilities away from defenders without a good reason when our adversaries are rapidly advancing is dangerous," read the letter.

On Friday, the U.S. government ordered Anthropic to limit the export of Fable and Mythos, citing national security concerns, without explaining the specific reasons behind the order, according to Anthropic. In response, the company suspended access to the models to all users worldwide. As of this writing, the letter is signed by 76 cybersecurity experts, including Alex Stamos, former Facebook chief of security; Casey Ellis, the founder bug bounty platform Bugcrowd; Jon Callas, famed cryptographer and former Apple security design and architecture manager; Paul Vixie, computer scientist ; Dino Dai Zovi, the former head of applied security engineering at Block; Katie Moussouris, the founder of Luta Security; and Rachel Tobac, the CEO of the security awareness training firm SocialProof Security.

[...] Anthropic said that the White House export control order may have been based on a report that there was a method to bypass -- or jailbreak -- Fable to unlock its powerful Mythos-level capabilities. According to Katie Moussouris, one of the signatories of the open letter, the method was demonstrated by Amazon researchers in a paper that is not public but that she has reviewed. But Moussouris said in a blog post that the paper did not actually demonstrate a real jailbreak. Instead, she wrote, the researchers simply asked Fable to fix open source code with public and known vulnerabilities along with "deliberately planted vulnerabilities," after the model initially refused to "review the code for security issues."

"The behavior described in the paper cannot meaningfully be fixed, and any attempt would only weaken the model for defense," Moussouris wrote. "Defenders need to be able to ask AI to fix the bugs in a file, explain why the fix matters, and write tests that confirm the patch works. That is not a guardrail bypass. It is the most valuable thing an AI model can do for defensive security: executing the find, fix, and test loop defenders run every day." Moussouris' critique was echoed in the open letter, which also said that the group of experts believe the model capabilities in the Amazon paper "can be replicated" on OpenAI's GPT-5.5, on Anthropic's own publicly available Claude Opus 4.8 and Sonnet, "and even Chinese models like Kimi 2.7."

Moussouris told TechCrunch that "the bugs used to demonstrate the techniques in the paper can be found using the other models. The method in the paper is a guardrail bypass technique. Other models that lack the Fable guardrails often won't refuse the straightforward request to look for security bugs, so they don't need a bypass." The letter also asked for transparently and fairly enforced regulations created by "a democratic rule-making process" that are based on scientific research done by industry and academic experts, and "used only to the minimal extent necessary to ensure the safety of the American public."

This discussion has been archived. No new comments can be posted.

Cybersecurity Vets Protest 'Dangerous' US Government Ban On Anthropic's Most Powerful Models

Comments Filter:
  • Dario Amodei, Anthropic CEO, has been campaigning for government regulation. Only last week, he was putting out statements that we need an AI pause. He keeps saying how dangerous his own products are and how likely they are to create mass unemployment. Well, now he has his government regulation and he has his own personal pause. Hopefully, this will teach him why many are sceptical of asking governments to regulate against innovation.

    • by T34L ( 10503334 ) on Tuesday June 16, 2026 @12:13AM (#66194984)

      There's no such lesson for him to learn; the whole thing around access to Mythos, including the initial limited access pre "Fable", and the "regulation" now, is entirely a hype building promotion. It doesn't even matter if the state administration is in on the grift, or just serving as useful idiots; their job in this is to be the "out of Anthropic's control" throttle that offers another convenient explanation of the scarcity of this mythological AI tech that nobody can get quite enough time with to really evaluate how useful it is in practice and most importantly, never get to break Anthropic's compute bank with it. This way, Anthropic gets to keep making headlines with their latest and greatest; too hot to handle, too smart for safety, too exceptional for the politics to let it pass by. Meanwhile, nobody gets to see if they can actually offer it at scale and at sane price. Nobody gets to run actual comprehensive benchmarks that'd really compare it to the alternatives.

      The goddamn name of the project betrays the play right off the bat in a way that I'd call an incredibly daring of a lampshade anytime before our current post-truth world; it's not about progress, or performance, or invention, or incrementalism, or efficiency, capability, practicality, imagination, or even fucking simply doing a job. It's about mythology. It's about tales. About telling fucking stories. And hoo boy, do many people seem to really love stories these days.

      • There's still plenty of people with access to Fable/Mythos. You sound deranged TBH.

      • I guess I'm imagining all those zero days then.

        • by fuzzyf ( 1129635 )
          If you fine tune a capable model to recognize a known type of vulnerability, it might just find some of them. Nothing too revolutionary about that.
          There are no independent reviews or benchmarking of these "frontier" models, as they are usually operated by internal employees. Customers are just handedthe (probably manually) vetted results.

          It might be a good model, but the hype and PR around this thing is just borderline stupid.
      • Re: (Score:1, Informative)

        by gtall ( 79522 )

        My own take is that the dustup is another ploy by el Bunko for a payoff. He isn't hard to figure out.

      • by Rei ( 128717 ) on Tuesday June 16, 2026 @06:49AM (#66195254) Homepage

        Whether Anthropic was trying to hype about Mythos / Fable or not (and FYI, it is a pretty big leap forward), they absolutely did not want to get public access shut down. The US government very much seems to want to have exclusive access to it for now.

        Also, to clarify the "jailbreak": They took open source projects that had known vulnerabilities, as well as deliberately introducing vulnerabilities into some other projects, then asked Fable to fix them, and then asked for test scripts to demonstrate that the exploits could no longer be exploited - the implication being that they could then use those exploits against unpatched systems. But what's the logic here? The challenge isn't "how to write exploits against known bugs", any model can do that. The challenge is finding the bugs - something Mythos / Fable has proven better than previous models at. Even if Fable refused to write said test scripts, it would automatically downgrade to Opus 4.8, and then *Opus* would have written those test scripts. Or any other model out there could do it, including free open source ones that can be safety-abliterated at will.

    • Well they didn't quite ask for this, but they rightly are looking for some rational government regulation on the whole industry. When they say "You shouldn't trust us to restrict ourselves, because market competition will steamroll any company who holds back when the others don't", it's true.

      Hopefully, this will teach him why many are sceptical of asking governments to regulate against innovation.

      Healthy skepticism of government is always worthwhile. Until it becomes a habit of outright suspicion and automatic disbelief. Because "the government" literally is us. It's how we do things as a society. If it's crap t

  • AD campaign (Score:4, Insightful)

    by Uldis Segliņš ( 4468089 ) on Tuesday June 16, 2026 @12:08AM (#66194980)
    This is just a big ad campaign. Artificial int... I mean shitshow. Trying to create scarcity, urgency - same methods scammers use to part you and your money. Neither is there scarcity as there is no actual need, nor there is urgency as nothing will collapse today. Keep calm and eat your popcorn until the bubble bursts.
  • You can not put safe guards in a tool to prevent evil doings. And evil will get done with any tools evil doers can get a hold of. And they will be able to get a hold of most any tool they want.
    And there really isn't much the government or the security experts can do about it anyway! You can't put the tooth paste back in the tube.
    Soon we will all see how things work out.
  • by Charlotte ( 16886 ) on Tuesday June 16, 2026 @01:56AM (#66195048)

    Paul Vixie, computer scientist

    That's like saying "Linus Torvalds, computer scientist". The guy invented DNS for fuck's sake.

  • How are the NSA supposed to infect the software of enemies of the US (everyone :-) if these enemies can simply use US technology to remove them?

  • Wonder how much and how often the CCP payed those security "experts" to pimp-their-ride ? Million$ up front ... or "fellowships & grants" for academics ... or vacation to Macao fleshpots ... . Almost any guess is not outrageous enough  for our Bejing  influence peddlers ! I mean ... they've been doing it expertly for the last 5000 years.
  • If you listen to actual experts, Mythos gives grandma and grandpa farmers the ability to hack "unknown" black boxes.

    Anyone with 101 computing skills can even use Opus to do the work. And, there are actually better existing models than Mythos that do better in most "black box" simple ("duh, I don't know nothing skill set wise") cases.

    So, in all fairness, Anthropic used a slick marketing technique of "we're too dangerous" (e.g. we're the best) and it went wrong on them. IMHO, that's the lesson learned
  • by CEC-P ( 10248912 ) on Tuesday June 16, 2026 @10:09AM (#66195480)
    Oh no, they restricted the international export of a dangerous weapon that can effectively let you into any computer system on the planet. And 99% of all cyberattacks and criminals are outside the US. I wonder why they did that. I can't think of one single logical reason they wouldn't want it in the hands of Russia, China, Indonesia, parts of Africa, and India.
  • I can't help but think this is just some kind of ad campaign. Oh no, this restaurant's lobsters are too buttery and steaks too juicy.
  • Seems more likely that the U.S. Gov't doesn't want the AI to detect and therefore fix the backdoors it's using for whatever reasons.
  • misinformation (Score:4, Interesting)

    by groobly ( 6155920 ) on Tuesday June 16, 2026 @12:05PM (#66195680)

    No, government did not order "Anthropic to limit the export of Fable and Mythos." What they actually did order is more sweeping: they banned them from making it available to any foreigner, including in the US, including Anthropic's own employees.

  • If you outlaw [tool], then only outlaws will have [tool].

    Fill in the blank according to your needs -it applies to all of them. Outlaw Guns? They are easy to make or buy via blackmarket means. Outlaw an AI? There are other AIs, and they are all improving.

    It is just a tool. It can be used for good or ill.

  • But if the moron is going to brag that his product is a national security threat... Come on... It's like protesting that some moron got arrested for joking about bombs at airports

Committees have become so important nowadays that subcommittees have to be appointed to do the work.

Working...