WASHINGTON – Alex Stamos spent part of last spring telling the world that Anthropic’s Mythos-class models were a threat serious enough to warrant a dedicated enterprise security program. On Sunday, he signed a letter telling the Trump administration that banning those same models was reckless, harmful to American cybersecurity, and should be reversed immediately.
Stamos, the chief product officer at the AI security firm Corridor and a former Facebook security chief, led the effort to draft what has become the most prominent industry pushback to the Commerce Department’s June 12 export control directive on Anthropic’s two most powerful models. The letter, posted at freefable.org and addressed jointly to Secretary Howard Lutnick and National Cyber Director Sean Cairncross, drew more than 80 signatories by Monday morning, including executives from Adobe, Zoom, Sophos, and Nvidia, alongside well-known figures in vulnerability research and red-teaming.
The core argument is straightforward: Fable 5’s ability to find and explain software flaws is not unique to Fable 5. OpenAI’s GPT-5.5, Anthropic’s own Opus and Sonnet, and Chinese frontier models including Kimi 2.7 can replicate the capability that reportedly alarmed the White House, the letter argues. Pulling the best tool away from defenders while leaving equivalent capabilities freely available everywhere else does not make the United States safer. It hands the advantage to adversaries.
What the letter does not mention is that several of its signatories argued something rather different just nine weeks ago.
In April, the Cloud Security Alliance published a paper titled “The AI Vulnerability Storm: Building a Mythos-ready Security Program,” led by Knostic CEO Gadi Evron, who is also among the FreeFable signatories. The paper warned enterprises to prepare for a new era of AI-enabled cyberattacks driven precisely by Mythos’s capabilities. The pitch was explicit: organizations needed new security infrastructure because Mythos was categorically different from what came before. Evron was paid for that work. He now co-signs a document telling Lutnick those capabilities are nothing a defender couldn’t find in a dozen other models. At least three other FreeFable signatories contributed to the April paper.
Both things could be true simultaneously. A model can be genuinely powerful at vulnerability discovery and simultaneously be not so uniquely powerful that banning it meaningfully reduces risk. But the whiplash matters because it is precisely the question the Commerce Department cannot answer in public: whether the jailbreak that triggered the export control directive was unique to Fable 5 or reproducible elsewhere. Anthropic says the latter. The administration has not produced evidence either way.
The directive landed on Amodei’s desk at 5:21 p.m. Eastern on June 12, after Amazon CEO Andy Jassy shared his company’s internal cybersecurity research with administration officials, including Scott Bessent at Treasury. Amazon researchers had found that through a sequence of prompts, Fable 5 could be induced to generate detailed exploit code for known vulnerabilities in x86 Linux systems. The specific paper has not been made public. According to Axios, Stamos told the outlet that the capability in question was the model’s ability to produce a “proof of concept” for a software vulnerability – which, the FreeFable letter notes, is foundational to any legitimate security audit.
Katie Moussouris, the founder of Luta Security and another FreeFable signatory, reviewed Amazon’s research privately and said it did not amount to a jailbreak. “I’ve seen the paper,” she wrote on Bluesky. “It’s not a jailbreak.” Moussouris previously served as a technical expert to the Wassenaar Arrangement, the multilateral export control framework that governs dual-use technology. She called the restrictions “heavy handed” and “misguided.” According to TechCrunch, she noted that Fable 5’s safety guardrails had been so aggressive on launch day that they became something of a joke in the security community – the model initially refused legitimate red-teaming requests that any enterprise security team would consider routine.
That detail lands differently than most of the coverage has allowed. The government banned a model that cybersecurity professionals were already mocking for being too restricted. Fable 5’s guardrails defaulted sensitive queries to older, less capable Anthropic models. Anthropic subjected it to more than 1,000 hours of internal and external red-teaming before release, with no universal jailbreak found. The narrow method Amazon demonstrated required a multistep, manually guided process, not an automated exploit.
The FreeFable letter makes four demands of any future AI regulatory action: that it be grounded in scientific evaluations developed with industry and academic input; that it proceed through a democratic rule-making process rather than emergency executive fiat; that it be enforced transparently and with adequate time for companies to remediate; and that it be limited to the minimum necessary scope. None of those conditions were met in the June 12 directive, the signatories argue.
Anthropic itself has chosen careful distance from the campaign. When Axios asked for comment on the FreeFable letter, the company declined to add anything beyond its Friday statement. That statement disagrees with the government’s assessment but does not call out the process in the pointed terms the security community has used. Anthropic is simultaneously appealing the directive in federal court, which may explain the measured tone – and Stamos told Axios that the company had no involvement in organizing the letter.
The administration’s posture has grown more openly hostile toward Anthropic in recent weeks. Former AI and crypto policy adviser David Sacks accused the company of being “woke” and running “a sophisticated regulatory capture strategy based on fear-mongering.” Defense Department officials invoked Anthropic’s refusal to help build lethal autonomous weapons as evidence of bad faith. As Eastern Herald reported, Hegseth separately claimed credit for expelling Anthropic from Pentagon AI programs, though his stated rationale for the expulsion shifted within days. The political dimension has led at least one former Commerce official, Kate Koren, to speculate publicly that the White House’s antipathy toward Anthropic may have shaped the decision as much as the technical findings did.
Stamos, in his comments to Axios, offered the administration something like a ticking clock: “We only have something like six months before the open-weight models catch up to the foundation models in bug finding.” The argument is that the window to use Fable 5 as a defensive tool – before Chinese and open-source alternatives match it – is closing. Whether the administration reads that as a reason to restore access or as confirmation that the broader AI race requires more aggressive intervention, not less, remains the unanswered question at the center of this dispute.
What the FreeFable letter does not resolve is whether the same group of people can credibly argue that Mythos-class capabilities are both alarming enough to require enterprise preparation and not alarming enough to restrict. That tension runs through the entire security community’s response to the export controls – and it is the one thing the letter’s 80-plus signatories have yet to address directly.
