US shuts down Anthropic's Mythos 5 over export controls

Key Takeaways

• The US government issued an export control directive forcing Anthropic to suspend Claude Fable 5 and Mythos 5 for all foreign nationals
• Security experts argue the restriction is pointless because competing AI models will reach similar capabilities within months
• The unprecedented move treats AI model inference as an export-controlled activity, setting a new regulatory precedent

Anthropic pulled its most advanced AI models, Claude Fable 5 and Mythos 5, offline this week after the US Department of Commerce issued an export control directive barring foreign nationals from accessing the services. The shutdown came just 72 hours after the public launch. Anthropic has been negotiating with the White House since Friday but has not yet reached an agreement to restore access.

The Trump administration's concern centers on a specific claim: that Fable 5's safety guardrails can be disabled to unlock the full Mythos 5 capabilities. Those capabilities, according to Anthropic's own documentation, include finding software vulnerabilities and figuring out ways to exploit them. The government views this as a national security risk.

But security researchers say the administration is fighting the wrong battle. The capabilities Mythos 5 demonstrates today will exist across multiple AI systems within months, making a single-company restriction ineffective at best.

Why the government acted against Anthropic's AI models

Anthropic has never hidden the dual-use nature of its Mythos-class models. When the company launched Mythos Preview in April through a private consortium called Project Glasswing, it acknowledged the technology's offensive potential.

“A great deal of advanced usage of AI models is dual use: the same queries that are beneficial in the hands of cybersecurity professionals and biology researchers could be dangerous if available to malicious actors.”

— Anthropic blog post

The company took precautions. Claude Fable 5, released to the general public, shipped with blocks preventing it from answering questions about biology and cybersecurity exploits. But the government believes those blocks can be circumvented, effectively giving public users access to Mythos 5's full offensive toolkit.

The directive introduces a novel legal concept: treating the use of an AI API as an export-controlled event. This marks the first time the US national security apparatus has extended export controls from physical hardware to inference capabilities, the ability of software to reason and respond.

Security experts call the restriction ineffective

The broader cybersecurity community is not impressed with the government's approach. A large group of security leaders sent an open letter to the administration on Sunday calling the export control directive misguided.

The core argument: Anthropic is not unique. Other companies are close behind, and some may already have equivalent capabilities.

“It's myopic in the extreme to think that no other competitors to Anthropic will develop similar capabilities to Mythos or even that they have not already done so. There are other companies hot on Anthropic's heels who probably have the capabilities, too, and are holding them in reserve as they see how Anthropic is being treated in the current regulatory environment.”

— Tarah Wheeler, Chief Security Officer, TPO Group

OpenAI, for instance, privately released a cybersecurity-focused model in mid-April and announced an expanded cybersecurity strategy. Researchers point out that even older AI models can achieve similar results with refined prompting techniques.

Bruce Schneier, a security researcher at Harvard University and the University of Toronto, emphasized the inevitability of these capabilities spreading.

"Smaller, cheaper, open-source models, sometimes by themselves and sometimes in concert with each other, can match Mythos/Fable's performance with more sophisticated prompting. And we should expect other models to match Mythos/Fable's creativity and tenaciousness within months—slightly longer for open-source models." — Bruce Schneier, Harvard University

The real question: does this restriction reduce risk?

Logan Graham, Anthropic's frontier red team lead, made this point when Mythos Preview launched in April. The message was not about Anthropic or any single model. It was about preparing for a world where these capabilities become broadly available in six to 24 months.

Chris Wysopal, cofounder of cloud security firm Veracode, framed the policy question directly.

"The policy question is not whether a technology has risk. The question is whether a specific restriction meaningfully reduces that risk or whether it mainly slows down the people trying to make systems safer." — Chris Wysopal, Veracode

This is the uncomfortable trade-off. Mythos-class models can find vulnerabilities. That helps defenders patch them before attackers exploit them. Restricting the models does not eliminate the underlying vulnerabilities. It just removes one tool for finding and fixing them, while doing little to stop determined adversaries who will access similar capabilities elsewhere.

What comes next for AI regulation

The immediate situation remains unresolved. Anthropic continues talks with the White House. The company has achieved 100% global service availability reduction for the affected models, meaning complete compliance with the deemed export regulations.

Longer term, experts argue the government needs a different approach. Focusing on one company's models while competitors catch up accomplishes little. What's needed, they say, are broader, more transparent plans for how to handle advancing AI capabilities across the industry, not reactive enforcement against whoever happens to be leading at the moment.

Anthropic's own spokesperson maintained that the company's safety framework can manage the identified vulnerabilities and that the models' defensive potential outweighs the risks. Whether the White House agrees will determine if and when Claude Fable 5 and Mythos 5 come back online.

Frequently Asked Questions

Why did the US government shut down Anthropic's Mythos 5?

The Trump administration issued an export control directive citing national security concerns. The government believes Claude Fable 5's safety guardrails can be bypassed to access Mythos 5's full capabilities for identifying and exploiting software vulnerabilities.

What is a 'deemed export' in AI?

A deemed export occurs when controlled technology is made available to a foreign national, even if they're physically in the US. The government now treats AI model inference, the act of using an API to get responses, as potentially export-controlled activity.

Can other AI models do what Mythos 5 does?

Security researchers say yes, or they will soon. Experts estimate that smaller, open-source models can already match Mythos 5 performance with sophisticated prompting, and competing frontier models will reach parity within months.

Is Anthropic negotiating with the White House?

Yes. Anthropic has been in talks since Friday but has not secured an agreement to restore service. The company maintains its safety framework can manage the risks.

What was Project Glasswing?

Project Glasswing was a private consortium that received early access to Mythos Preview before its broader release. The initiative reportedly involved $2.5 billion in investment to develop the Mythos-class models.

Source: Feed: Artificial Intelligence Latest / Lily Hay Newman