Over 100 cybersecurity experts signed an open letter dated June 14, 2026, asking the US government to lift its export restrictions on Anthropic's Claude Fable 5 and Mythos models. Organized by Alex Stamos, chief security officer at Corridor and former Facebook CSO, the letter went to Commerce Secretary Howard W. Lutnick and National Cyber Director Sean Cairncross. Its core argument: the models are good at finding software flaws but not uniquely good at it, so the restriction took the best tools away from defenders without reducing the real risk. Both models remain suspended worldwide.
What Happened: The Industry Pushes Back
For two weeks the Claude Fable 5 story was told from the government's side and the company's side. This is the first chapter told from the side of the people who actually use frontier models to defend networks. On June 14, 2026, a group of security practitioners published an open letter asking Washington to reverse the export controls that pulled Anthropic's two most capable models offline. By June 15 the letter had been picked up by TechCrunch, Fortune, PYMNTS and others.
This is the third distinct act of the Fable 5 saga, and it matters to keep them separate. The first act was the suspension itself: a federal export control directive that forced Anthropic to cut off Fable 5 and Mythos for any foreign national, which we covered in how the US suspension worked. The second act was the political and corporate standoff that followed, with conflicting White House and Anthropic accounts, a cabinet-level letter threatening penalties, and crisis talks in Washington, which we covered in the 90-minute ultimatum standoff. This third act is the response from the defensive security community itself, and its message is narrower and more technical than either of the first two.
Who Signed and Who It Was Addressed To
The letter was organized by Alex Stamos, currently chief security officer at Corridor and previously chief security officer at Facebook. According to Fortune, it was signed by about 100 cybersecurity professionals, and follow-on reporting put the count above 120 as more names were added. Because the signature count was still moving as the story spread, the honest framing is that more than 100 security leaders signed, not any single fixed number.
The signatories are not anonymous. TechCrunch reported names including Casey Ellis, founder of the bug bounty platform Bugcrowd; Jon Callas, a cryptographer and former Apple security design and architecture manager; Paul Vixie, the computer scientist behind core internet infrastructure; Dino Dai Zovi, former head of applied security engineering at Block; Rachel Tobac, CEO of SocialProof Security; and Katie Moussouris, founder and CEO of Luta Security. Per Fortune, the signers also include people from companies such as Nvidia, Adobe, Zoom, Google, Anaplan and Sophos. These are senior practitioners, not policy bystanders.
The letter was addressed to two specific officials: Commerce Secretary Howard W. Lutnick, whose department issued the export control directive, and National Cyber Director Sean Cairncross, the senior White House voice on national cyber strategy. Choosing those two recipients is itself a signal. The signers are not arguing in the abstract; they are aiming directly at the office that wrote the order and the office responsible for the country's cyber posture.
The Core Argument: Good, But Not Uniquely Good
The letter's central claim is narrow and technical. The signers do not dispute that Anthropic's Mythos-class models are strong at security work. They concede the models "are quite good at finding flaws and weaponizing exploits," in the letter's own words. The disagreement is about whether that capability is exclusive to these models. The letter argues that they "are not uniquely good at these tasks," which is the entire load-bearing point.
The reasoning matters here. If a capability exists only in one product, restricting that product can plausibly reduce risk. If the same capability already exists across several widely available models, then restricting one product mostly inconveniences the people who follow the rules, while adversaries simply use a substitute. The signers make exactly this case. They believe the model capabilities described in the underlying research "can be replicated" on OpenAI's GPT-5.5, on Anthropic's own publicly available Claude Opus 4.8 and Sonnet, and "even Chinese models like Kimi 2.7," per TechCrunch's reading of the letter. In other words, the genie they are worried about is already out of several bottles.
From that premise the letter reaches a blunt conclusion. As the signers put it, "this action has taken the best models away from defenders, created market uncertainty, and risked America's AI leadership without any real risk to justify it." That sentence packs three separate claims: a harm to defenders, a harm to the market, and a strategic cost to US competitiveness, all weighed against what the signers see as no offsetting security benefit.
Katie Moussouris and the "Fix This Code" Question
One of the most quoted voices is Katie Moussouris, founder and CEO of Luta Security, who created Microsoft's bug bounty program and helped design the US Department of Defense's first bug bounty program. Her argument goes to the heart of why defenders are frustrated. The technique that reportedly worried the government was, in plain public terms, prompting a model to read a codebase and identify and fix flaws. To a defensive security team, that is not an exotic exploit. It is the daily job.
Moussouris framed it directly. "Defenders need to be able to ask AI to fix bugs in a file, explain why the fix matters, and write tests that confirm the patch works," she told Fortune. "That is not a guardrail bypass. It is the most valuable thing an AI model can do for defensive security." Her point reframes the entire premise: if the capability that triggered the restriction is the same capability defenders rely on, then restricting it is closer to removing a tool from the people protecting systems than to closing a loophole used by attackers.
It is worth being precise about scope. The signers also note, per PYMNTS, that Anthropic built protections into the Fable model intended to prevent its use for offensive cyber purposes. That detail cuts against the framing of the model as an uncontrolled weapon, and it is part of why the signers describe the response as out of proportion to the finding.
Why This Argument Has Standing: Glasswing and Claude Security
The letter does not land in a vacuum. The cybersecurity field has already been using these models defensively, on the record, for months, which is part of why the community reaction was fast and specific. Anthropic's Project Glasswing, the program that runs its most capable models against real codebases to find vulnerabilities, reported finding roughly 10,000 zero-day issues in a single month, a result we covered in Anthropic's 10,000 zero-days update. Anthropic has also extended Mythos access for defensive use beyond the US and UK, offering it to Europe's ENISA, which we covered in the ENISA access story.
According to Anthropic's own published work on Project Glasswing, the defensive case is not theoretical. That is the backdrop the signers are drawing on: the same model family that the directive restricted has a documented record of finding and helping patch flaws at scale. From the defenders' point of view, the order did not stop a hypothetical future weapon. It interrupted a tool already in active defensive use.
Keeping Two Government Actions Separate
The Fable 5 story is easy to garble because more than one government action involving Anthropic has been in the news at the same time. This letter is about one specific matter, and it helps to name the boundary clearly.
The matter the letter addresses is the executive export control directive. It is an order from the Commerce Department, issued in mid-June, that required Anthropic to suspend access to Fable 5 and Mythos for foreign nationals, which is why the company pulled both models worldwide. There is no court ruling in this matter; it is an active executive action, which is precisely why the signers are petitioning the executive branch officials who control it. That is a different track from a separate, earlier dispute over federal contracts and a Pentagon supply-chain decision involving Anthropic, which has its own legal posture. The two should not be merged into a single "ban on Anthropic" narrative, even though both reflect friction between the administration and the company. The open letter targets the export control directive specifically, and asks for two things: lift the current restrictions, and commit to a clearer process for assessing AI risk going forward.
What It Means and What Comes Next
The significance of this letter is less about its immediate odds of success and more about who is making the argument. When more than 100 named security practitioners, including people at companies the government usually treats as part of the defensive ecosystem, tell the Commerce Secretary and the National Cyber Director that a national security action is counterproductive to national security, that is a credibility problem for the framing of the order, not just a lobbying note.
It also reframes the policy question. The first two acts of this saga asked who triggered the action and whether the two sides were telling the same story. This act asks a harder question: even if every disputed fact broke the government's way, does restricting one model family actually make the country safer when the capability already exists elsewhere? The signers say no, and they are asking for a process, not just a reversal.
As of publication, both Fable 5 and Mythos remain suspended worldwide, and there is no announced restoration date. The letter does not change that on its own. But it adds a third voice to a dispute that had been a two-party fight, and it is the voice with the most direct claim to understanding what these models do in defensive hands. We will update this analysis as the Commerce Department or the National Cyber Director responds, and as the signature count and any official reply develop.
Frequently Asked Questions
Who organized the open letter asking the US to lift the Claude Fable 5 restrictions?
The letter was organized by Alex Stamos, chief security officer at Corridor and former chief security officer at Facebook. It was dated June 14, 2026, and addressed to Commerce Secretary Howard W. Lutnick and National Cyber Director Sean Cairncross. According to Fortune, it was signed by about 100 cybersecurity professionals, with later reporting putting the count above 120 as more names were added, so it is best described as more than 100 signatories rather than a fixed number.
What is the main argument of the cybersecurity experts' letter?
The central argument is that Anthropic's Mythos-class models are "quite good at finding flaws and weaponizing exploits" but "are not uniquely good at these tasks." The signers say the same capabilities can be replicated on other widely available models, including OpenAI's GPT-5.5, Anthropic's own Claude Opus 4.8 and Sonnet, and Chinese models like Kimi 2.7. Their conclusion, in the letter's words, is that the action "has taken the best models away from defenders, created market uncertainty, and risked America's AI leadership without any real risk to justify it."
What did Katie Moussouris say about the restrictions?
Katie Moussouris, founder and CEO of Luta Security, told Fortune: "Defenders need to be able to ask AI to fix bugs in a file, explain why the fix matters, and write tests that confirm the patch works. That is not a guardrail bypass. It is the most valuable thing an AI model can do for defensive security." Her point is that the "fix this code" technique reportedly cited by the government is the same kind of vulnerability analysis defensive security teams perform routinely, not an exotic exploit.
Is this the same as the Pentagon dispute with Anthropic?
No. This letter concerns the executive export control directive issued by the Commerce Department in mid-June 2026, which required Anthropic to suspend Fable 5 and Mythos for foreign nationals and led the company to pull both models worldwide. There is no court ruling in this matter; it is an active executive action, which is why the signers petitioned executive branch officials. A separate, earlier dispute involving federal contracts and a Pentagon supply-chain decision has its own distinct legal posture. The two should not be merged into a single narrative.
Why do cybersecurity defenders say they need Fable 5 and Mythos specifically?
Because these models have a documented track record in defensive use. Anthropic's Project Glasswing, which runs its most capable models against real codebases, reported finding roughly 10,000 zero-day issues in a single month, and Anthropic has extended Mythos access for defensive purposes to bodies like Europe's ENISA. From the defenders' perspective, the directive did not stop a hypothetical future weapon; it interrupted a tool already in active defensive use for finding and helping patch software flaws at scale.
What exactly is the letter asking the government to do?
It asks for two things. First, lift the export control restrictions currently placed on Fable 5 and Mythos. Second, commit to a clearer, more transparent process for assessing AI risk going forward, so that future decisions are based on a defined standard rather than an unexplained finding. The signers also note that Anthropic built protections into the Fable model intended to prevent its use for offensive cyber purposes, which they cite as evidence that the response was out of proportion to the actual concern.
Are both Claude Fable 5 and Mythos still suspended?
Yes, as of publication. Both Fable 5 and Mythos remain suspended worldwide, and no restoration date has been announced. The open letter does not change that on its own; it adds a third party, the defensive security community, to a dispute that had previously been a two-party fight between the US government and Anthropic. Any change would depend on a response from the Commerce Department or the National Cyber Director, or on a broader deal between the administration and Anthropic.
