Cybersecurity experts urge US government to lift restrictions on Anthropic's most powerful models

More than three dozen cybersecurity specialists have sent a formal letter to the White House demanding the removal of export control restrictions affecting Anthropic's most advanced models. According to TechCrunch, the signatories—veterans from both the private sector and defense agencies—warn that the current order directly limits defenders' ability to protect critical software and products.

The affected models are Fable and Mythos. It's worth noting that Mythos is a designation that does not appear in Anthropic's publicly known product catalog to date; the signatories and the source cite it literally, and we are reporting it as stated. What is clear is that Fable, the most capable line in the current portfolio, falls squarely within the scope of the restrictions.

What exactly the order prohibits

The export restrictions imposed by the US administration prevent operators and companies outside a limited set of allied nations from accessing Anthropic's most powerful models via API or cloud deployments. The logic behind the measure follows the usual pattern for dual-use technology controls: preventing advanced reasoning capabilities from reaching hostile actors who could use them to generate malicious code, orchestrate disinformation campaigns, or automate attacks on critical infrastructure.

The problem, according to the signatories, is that the same logic works against those defending those infrastructures. Cybersecurity organizations operating across multiple jurisdictions, or collaborating with international partners to respond to incidents, find themselves in an asymmetric position: attackers face no access restrictions to powerful models, while defenders do.

The defensive asymmetry argument

This is the core of the complaint: offensive and defensive cybersecurity use the same models for symmetric tasks. A model like Claude Fable 5 can analyze binaries, detect vulnerabilities in proprietary code, generate patches, or simulate attack vectors for controlled penetration tests. Restricting its use to certain geographies does not prevent attackers from accessing equivalent or superior tools through other means; it only makes legitimate response teams' work more expensive and complicated.

The signatories further note that many cybersecurity firms have global presence and distributed teams. An analyst in a country not on the exemption list cannot use the same tools as their colleague in US territory, which introduces real operational friction and, in cases of active incident response, can make the difference in containment time.

Why it matters beyond the US

Europe and other blocs are watching closely how Washington manages frontier model regulation. If US export restrictions are maintained or tightened, they will likely create pressure for other governments to adopt equivalent measures or, conversely, establish more permissive frameworks to attract companies needing unrestricted access. Either way, the debate over which models can be used where and for what is beginning to have tangible commercial and geopolitical consequences.

For teams working with Claude integrations—MCP servers, code analysis agents, automated audit pipelines—regulatory uncertainty is a real risk factor when designing architectures operating in multinational environments. It is not a theoretical problem.

What might happen next

The letter is a public pressure move, not legal action. Its impact depends on how much political weight the signatories accumulate and whether the debate reaches Congress or competent regulatory agencies. Historically, these initiatives have had mixed results: in some cases they have accelerated control list reviews; in others, they have gone without formal response.

What does seem clear is that the technical community specializing in security is not willing to silently accept the operational consequences of a policy that apparently was designed without consulting those most affected by it.

---

EP: The asymmetry described by the signatories is real and documentable. That a measure designed to limit offensive capabilities ends up penalizing primarily those on defense is the type of collateral effect that should be corrected before it crystallizes into regulatory precedent.