← all news

76 cybersecurity veterans say the Fable export ban breaks defender workflows

AI · · · source (techcrunch.com)

Seventy-six cybersecurity professionals signed an open letter arguing that the US export order on Claude Fable 5 and Mythos 5 takes away tools defenders rely on without addressing the real risk. The signatories include Alex Stamos (formerly Facebook), Casey Ellis (Bugcrowd), Jon Callas (cryptographer, formerly Apple), Paul Vixie, Dino Dai Zovi, Katie Moussouris, and Rachel Tobac.

Their core technical claim, attributed to Moussouris, is that the Amazon paper behind the order describes a guardrail bypass, not a new exploit class. The setup involves asking the model to read open-source code with planted vulnerabilities and propose fixes, the kind of request defenders make every day. She argues the behavior in the paper cannot be cleanly patched without breaking the model for defensive use, since the same prompts let security teams request bug fixes, explanations, and confirmations against test cases.

The letter notes the same workflow can be reproduced on OpenAI's GPT-5.5, Anthropic's own Opus 4.8 and Sonnet, and Kimi 2.7 from China. Restricting Fable, the group writes, removes one defender tool without removing the underlying capability from anyone else, including adversaries. The signatories ask the administration to lift the order and to set up a transparent rule-making process that brings in industry and academic experts before any future model-level controls go out.

Why it matters

If your security team has been weighing how to staff up around Mythos or Fable, the letter is the clearest argument on record that the current policy is asymmetric: it constrains defenders while leaving the same techniques broadly available. The call worth tracking is the proposal for a rule-making process that involves outside experts, since that process would shape every model-level control after this one.

AnthropicSecurityPolicy