Pulse

Security / Jun 28, 2026 / 5 min

Commerce Cleared Mythos for 100 Defenders, Kept Fable Offline

On June 26, Commerce cleared Anthropic's unrestricted Mythos 5 for roughly 100 vetted defenders — but kept the safer, guardrailed Fable 5 offline, prompting 126 cybersecurity leaders to warn Washington is disarming American defenders while China ships rival weights.

Thesis Washington restored Anthropic's most dangerous cybersecurity model to a federal guest list while keeping the guardrailed public version dark — and the cybersecurity industry says that inversion makes America less safe, not more.

Commerce Secretary Howard Lutnick restored Mythos 5 — Anthropic's unrestricted cybersecurity flagship — to roughly 100 government-vetted organizations on June 26, while the safer, guardrailed Fable 5 that millions of developers actually used remains suspended worldwide with no return date.

The paradox: Fable was built to be the safe version. Mythos is the raw one.

  • Fable 5 launched June 9 with safety classifiers routing high-risk cyber queries to weaker fallbacks — Anthropic's answer to giving the public Mythos-class power without weaponizing it.
  • Mythos 5 is the unrestricted sibling, previously limited to ~200 Project Glasswing partners.
  • On June 12, Commerce ordered both offline after a disputed jailbreak: essentially asking Fable to read a codebase and fix software flaws.
  • On June 26, Lutnick's letter restored Mythos for Annex A organizations, U.S. government labs, and Anthropic's foreign-national employees. Fable isn't mentioned. All June 12 criminal and civil penalties remain in force.

What triggered the ban: A jailbreak that wasn't unique.

Anthropic said the government showed "verbal evidence of a potential narrow, non-universal jailbreak" — asking the model to review code and flag flaws. Anthropic reviewed the demo and found "previously known, minor vulnerabilities" that other public models could also find.

The open letter at freefable.org — signed by 126 cybersecurity leaders including former Meta CSO Alex Stamos, Sophos CEO Joe Levy, and Zoom CISO Sandra McLeod — argues Mythos-class models are "quite good" at finding flaws but "not uniquely good." Signatories say GPT-5.5, Opus, Sonnet, and China's open-weight Kimi K2.7 offer comparable secure-code-review capabilities.

CIO Dive reported Amazon CEO Andy Jassy warned Trump officials that Fable's guardrails were flawed after Amazon researchers bypassed some protections — turning Anthropic's largest cloud partner into the trigger for a global export ban.

What defenders are saying: Washington got the hierarchy backwards.

Alex Stamos, now chief product officer at AI security firm Corridor, told reporters this week: "Pretty much nobody in the cybersecurity industry believes that there's any factual basis for this action."

He reviewed Amazon's Fable research and said he "didn't find any risks that aren't present with other publicly available AI models, including those made in China."

His verdict: "If the administration is honest about wanting the United States to beat China in this race, then this is about the dumbest thing they could possibly do."

Nozomi Networks CEO Edgard Capdevielle put it sharper: "Restricting access to advanced AI does not reduce cyber risk. It creates a massive imbalance at the worst possible time. We must assume that our adversaries already have access to, and are weaponizing, frontier models."

The same day's pattern: Guest lists, not governance.

June 26 also brought OpenAI's GPT-5.6 Sol preview — limited to roughly 20 government-vetted partners — and partial Mythos restoration for ~100 organizations. Both labs framed the staggered rollouts as temporary. Neither received a formal rulebook. Executive Order 14409's voluntary framework isn't due until August.

The Verge reported the National Security Agency lost access to Mythos during the two-week suspension — silencing the defensive tool U.S. intelligence was using to find classified-system vulnerabilities.

Lutnick reserved the right to "reevaluate and adjust" requirements on both models. Anthropic says it is "continuing to work with the government to expand access to Mythos 5 and make Fable 5 available for general use again." No timeline.

Why it matters beyond Anthropic:

  • Defenders vs. attackers: Open-weight Chinese models ship without export gates. American defenders now need a Commerce-approved invitation to use the tool that was publicly available two weeks ago.
  • Enterprise contracts: Fable's suspension voided the assumption that paying customers govern access — a precedent Legion is already testing in court.
  • IPO math: Anthropic confidentially filed in June. Every day Fable stays dark is a day enterprise buyers cannot rely on the company's flagship cyber model.

Convina's view: Washington didn't neutralize a cyber weapon on June 26 — it promoted the unrestricted one to a guest list and kept the muzzled version in the dark. That is not security policy. It is improvised triage after a cloud CEO spooked the White House over a capability every frontier model already has. If the goal is beating China, handicapping the guardrailed American model while Beijing mails open weights is strategic malpractice — and 126 cyber chiefs just said so on the record.

Research Signals

https://apnews.com/article/trump-ai-openai-gpt56-sol-cybersecurity-mythos-065d5398baac7f16c8265c2cb8ba2baa https://www.theverge.com/ai-artificial-intelligence/958458/anthropic-mythos-5-is-back-trump-negotiations https://www.scworld.com/news/100-plus-cyber-leaders-experts-urge-feds-not-to-block-fable-access https://www.ciodive.com/news/anthropic-us-government-export-ban-mythos-fable/822956 https://www.techtimes.com/articles/319213/20260628/claude-fable-5-still-offline-us-clears-mythos-5-critical-infrastructure.htm