The US ban on advanced AI models is a gift to hackers

While the US government claims its recent export ban on Anthropic’s most powerful models is a victory for national security, the reality is far more volatile. Washington believes that by locking away the latest artificial intelligence, it prevents foreign adversaries from finding holes in American infrastructure. However, the people who actually spend their lives defending our digital borders say this move does the exact opposite. A group of 76 cybersecurity veterans recently signed an open letter to the White House, arguing that this ban has taken the best tools away from the protectors while the attackers continue to advance at full speed.

This conflict is a classic example of a policy designed for a physical world being applied to a digital one. In the physical world, you can lock a prototype in a vault to keep it secret. In the world of software, the only way to keep a system safe is to find its flaws before someone else does. By restricting access to these advanced models, the government has essentially blindfolded the security guards while the intruders are already inside the building with high-tech flashlights.

The policy shift that blindfolded the guards

The trouble began on Friday when the US government ordered Anthropic to limit the export of its two most advanced AI models: Fable and Mythos. The government cited national security concerns but did not provide specific details about why these models are suddenly too dangerous for the public to use. In response, Anthropic suspended access to these models for all users worldwide. This decision is not just a corporate setback; it is a systemic disruption for the cybersecurity industry.

For the average user, this might look like a minor spat between a tech company and a regulator. Looking at the big picture, these models are the digital crude oil of the security world. Security firms use them to scan millions of lines of code in seconds. They act as a tireless intern that never sleeps, hunting for the tiny errors that lead to massive data breaches. When the government pulls these tools from the market, software developers lose their most efficient way to patch the apps you use every day, from your mobile banking portal to your smart home thermostat.

Understanding the power of mythos and fable

To understand why these experts are angry, we have to look under the hood of what Anthropic actually built. Mythos is the high-performance version of their AI. When it launched in a preview phase in April, Anthropic recognized its power. It was so effective at identifying security vulnerabilities that the company initially limited access to a small group of 150 organizations across 15 countries. These were the "vetted" defenders who used the AI to harden their systems against attack.

Fable was the public version. It had strict guardrails designed to prevent it from being used for malicious purposes, such as creating biological weapons or writing malware. However, those guardrails were so aggressive that Fable often refused to help with legitimate security tasks. If a researcher asked Fable to find a bug in a piece of code, the AI would frequently decline, fearing that the information might be used for harm. This created a paradox where the "safe" version of the model was useless for the very people trying to make the internet safer.

The amazon research that sparked a ban

The justification for the government's ban appears to stem from a report by researchers at Amazon. This report, which is not yet public, allegedly claims there is a way to bypass—or jailbreak—the guardrails on the Fable model to unlock its full Mythos-level power. The White House likely saw this as a red flag, fearing that if Fable is easy to hack, then any adversary could use it to find zero-day vulnerabilities in American software.

Katie Moussouris, the founder of Luta Security and a signatory of the open letter, has reviewed that paper and disagrees with its conclusions. She argues that the researchers did not actually find a jailbreak. Instead, they simply asked the AI to fix public, open-source code that had known bugs. When the AI initially refused, they rephrased the request until it complied. Moussouris points out that this is not a security failure; it is the model's primary function. Asking an AI to fix a bug is the most valuable thing it can do for defensive security. Labeling this as a "jailbreak" is like saying a locksmith is a criminal because he knows how to fix a broken lock.

Why security veterans are sounding the alarm

The list of people signing this protest letter is a who’s who of the security world. It includes Alex Stamos, the former security chief at Facebook, and Jon Callas, who managed security architecture at Apple. These are pragmatic experts who understand how software is built and broken. Their overarching concern is that the US government is making decisions based on a misunderstanding of how AI interacts with code.

In their letter, these experts explain that the "find, fix, and test" loop is the foundational process of modern security. Defenders need to find a bug, write a fix for it, and then run tests to make sure the fix works. AI models like Mythos can do this at a scale that humans simply cannot match. By removing these models, the government is forcing defenders to go back to manual labor while hackers are already using automated tools. This is a dangerous imbalance that makes every piece of software on your phone and computer more vulnerable to an exploit.

The threat of a lopsided global market

One of the most concerning points in the open letter is that the US is not the only player in this game. While the White House is restricting Anthropic, other companies and countries are moving forward. The experts noted that the same capabilities found in Mythos are already appearing in other models, such as OpenAI’s GPT-5.5 and even Chinese models like Kimi 2.7. The technology is already out in the wild.

Essentially, the US government is trying to stop the tide with a broom. If American defenders cannot use American AI, they will eventually have to look elsewhere, or they will simply fall behind. Historically, when the US restricts a technology that is already available globally, it only succeeds in hobbling its own industry. China and other rivals are not going to stop developing high-powered AI because of a US export order. If anything, this ban gives them a clear window to gain a lead in defensive cybersecurity technology—a gap that could take years for the US to close.

What this means for your daily digital safety

For the average consumer, this debate might feel distant, but the practical implications are tangible. Security is not a product that you buy; it is a resilient process of constant updates. Every time your phone asks you to install a security update, it is because a developer found a hole and patched it. If those developers lose access to the best tools for finding those holes, those updates will come slower, or they might not come at all.

We are moving toward a world where software is too complex for humans to secure alone. As our lives become more interconnected through the internet of things, the volume of code we rely on is exploding. We need AI to act as a digital immune system. When the government restricts that immune system, it leaves the body of the internet open to infection. The bottom line is that security through obscurity—the idea that you are safe because no one knows how your system works—has never worked in the digital age.

Moving toward a transparent solution

The experts are not asking for a total lack of regulation. Instead, they are demanding a transparent and democratic rule-making process. They want regulations based on scientific research and industry expertise rather than secret reports and fear. They argue that any restriction should be the minimal amount necessary to ensure public safety, rather than a broad ban that catches defenders in the crossfire.

Ultimately, this is a call for the government to trust the people who are actually on the front lines. The cybersecurity industry has spent decades learning that openness is the best path to security. By sharing information about bugs and working together to fix them, the community stays ahead of the bad guys. Applying a shroud of secrecy to AI tools breaks this collaborative model and leaves the public in a more precarious position. As we look toward the future, we should prioritize giving the good guys the best possible tools, rather than hoping that a ban will keep those same tools out of the hands of the bad guys.

Sources:

• Open Letter from Cybersecurity Professionals regarding Anthropic Export Controls (June 2026)
• Anthropic Official Statement on Fable and Mythos Model Access
• Luta Security Analysis of Amazon AI Research Paper
• Department of Commerce Export Control Order 2026-AF42