US restrictions on Anthropic models raise broader AI security debate
Experts say limits on Anthropic’s Claude Fable 5 and Mythos 5 may not address similar capabilities emerging across AI systems.
By Hana Yoshida · Markets Reporter
3 min read
Anthropic has taken two advanced AI models offline after a U.S. export-control order barred access by “any foreign national,” according to Wired. The move has turned a dispute over one company’s products into a wider argument over how governments should handle AI systems that can aid both defenders and attackers.
Wired reported that Anthropic removed Claude Fable 5 and Mythos 5 late last week and has been discussing the matter with the White House since Friday. The company had not reached a deal that would allow the services to return, according to the report.
Anthropic has described Mythos as a system with advanced cybersecurity capabilities since its April debut, Wired reported. The company has said the model can help find software flaws so they can be fixed, while also potentially helping users identify ways to exploit those flaws.
In a company blog post cited by Wired, Anthropic said advanced AI use is often dual use, with the same kinds of requests helping cybersecurity workers and biology researchers while posing risks in the hands of malicious users.
Anthropic first made a Mythos Preview version available to a limited consortium through a working group called Project Glasswing, according to Wired. Last week, the company also privately released Mythos 5 to that group, while offering Claude Fable 5 to the public with blocks on answers involving biology and cybersecurity.
The Trump administration then moved to restrict both models, Wired reported. The administration believes Fable 5’s safeguards could be bypassed, giving users access to Mythos 5-level capabilities and creating a national security concern, according to the report.
Experts point to a broader technology trend
Security specialists told Wired that focusing on Anthropic may miss the larger issue: comparable AI capabilities are expected from other companies and open-weight developers soon, and may already exist.
Tarah Wheeler, chief security officer at the cybersecurity consulting firm TPO Group, told Wired that it would be shortsighted to assume Anthropic has no rivals with similar systems. She said other companies may already have comparable tools and could be waiting to see how regulators treat Anthropic.
Anthropic has made a similar argument. Logan Graham, the company’s frontier red team lead, told Wired in April that the issue was not limited to Anthropic or to a single model, and that society should prepare for such capabilities to become widely available within “6, 12, 24 months.”
Wired also reported that OpenAI privately released a cybersecurity-focused model in mid-April and announced a broader cybersecurity strategy.
Researchers cited by Wired said current AI systems can already support sophisticated vulnerability research and exploit development when paired with careful tooling. A group of cybersecurity leaders made that point in an open letter to the administration on Sunday, arguing that the export-control directive was the wrong response.
Bruce Schneier, a researcher at Harvard University and the University of Toronto, told Wired that smaller and cheaper open-source models may match Mythos and Fable through more advanced prompting, either alone or in combination. He said other models could reach similar levels of creativity and persistence within months, with open-source systems taking somewhat longer.
Chris Wysopal, cofounder of cloud security company Veracode, told Wired that policymakers should ask whether a particular limit actually lowers risk or mostly slows people working to improve security. Experts cited by Wired said governments need broader, more transparent plans for AI advances in cybersecurity and other sensitive fields.
This story draws on original reporting from Ars Technica.