Why the US imposed export controls on Anthropic’s Fable and Mythos models – and why they’ve been lifted

Anthropic tightens up safeguards and offers expanded early access to US government to end export control issues

Dario Amodei, CEO and co-founder of Anthropic, pictured during an interview on "The Circuit with Emily Chang" at the company's headquarters in San Francisco, USA.
(Image credit: Getty Images)

Anthropic's Fable 5 and Mythos 5 are back after a three-weeks-long restriction saw the security models effectively banned.

Earlier this month, the US government applied export controls to Claude Mythos and Claude Fable 5, banning any foreign users, inside or outside the US, from either model.

As Anthropic had no way of checking the nationality of its users, both models were de facto banned from use. Last week, the restriction was loosened to allow Mythos to be used by US organizations deemed trustworthy.

Now, Anthropic has said the restrictions have been mostly dropped following the introduction of new safeguards.

Latest Videos From

"Anthropic has agreed to proactively detect and address security risks associated with the models," US Commerce Secretary Howard Lutnick wrote in a letter to the tech company, according to the BBC,

Lutnick later added on social media: "Over the past two weeks, we have worked closely with Anthropic to analyze and approve Fable 5 to ensure alignment across the US Government and strengthen America’s leadership in AI."

Anthropic said it was still working to expand access to Mythos 5 to a wider set of partners in its Project Glasswing program – which gives access to the security model in a managed way – and hoped that would include domestic and international users.

Fable 5 should now be available again for all Claude users, with access reenabled for AWS, Google Cloud, and Microsoft Foundry as quickly as possible.

Why Mythos and Fable were restricted

Fable 5 and Mythos 5 are both security focused models, sharing the same underlying model, Anthropic notes.

As ITPro reported in early June, Fable 5 was built with "strong safeguards to make it safe for general use".

Mythos, meanwhile, has fewer protections in place, and as such was released to a limited number of trusted partners under Project Glasswing for the express purpose of defensive security.

Just days after the release of Fable 5, the government applied strict export controls. That was driven by Amazon researchers finding a way to dodge Fable 5's safeguards to use it to hunt for flaws in software and produce exploits.

Anthropic argued that most of its models could actually uncover the same vulnerability and exploit demonstration, and that the Amazon research didn't make use of any "unique Mythos-level cyber capabilities".

The workaround discovered by Amazon has now been blocked for most instances, with any users attempting similar techniques downgraded to a lesser model. Anthropic admitted that more "benign requests" may be flagged accidentally now, though it hopes to reduce such false positives as the system is improved.

"One particularly important safety mechanism involves classifiers — smaller automated AI systems that, during an interaction, detect when the model is asked to perform a potentially harmful cybersecurity task (or produces potentially harmful outputs)," the company said.

"When this occurs, the classifiers block the model from responding to requests. The ultimate goal of these classifiers is to prevent the model from engaging in uniquely dangerous behaviors."

Beyond the new safety classifiers and other safeguards, Anthropic is working with industry partners including Amazon, Microsoft, and Google to develop a framework for addressing AI model ‘jailbreaking’ techniques, developing a system for judging the severity of such attacks.

Plus, Anthropic said it would work more closely with the US government, offering expanded early access for models that could impact national security and sharing information about jailbreaks or misuse patterns.

The company called for the same rules to apply to its rivals: "These rules should be codified in strong regulation and applied equally across frontier model developers."

Mixed industry reactions

It's no surprise this was sorted quickly. Keven Knight, CEO, of cybersecurity firm, Talion, noted that the US government would not have wanted to risk slowing down AI development, particularly in security.

"Given that China is steadily advancing with its advanced AI model, with a platform that mirrors Mythos being launched by 360 Security Technology last week, the US could not afford to limit access to Anthropic's platforms for much longer," Knight said.

"Restricting access to the platforms would only leave western organisations on the backfoot, and at a time when the AI arms race is really heating up, this would be dangerous."

Though the export ban is now loosened, Andrew Bloster, senior R&D manager at Black Duck, said that won't end the "chilling effect" the incident has had on the use of such models.

"Security leaders globally are now wary to depend on AI as a service models that can be launched with much fanfare and then pulled from the global market," he said, pointing to the rise of sovereign AI.

Bloster added that "technology leaders are more concerned about resilience, data security, and cost, and Fable being permitted back on the world stage might not be enough to earn back global trust."

Though Anthropic was the first company to jump through these hoops, it actually tried to find a good balance between safety and use via Glasswing, said Mike Britton, CIO at Abnormal AI.

"On Mythos, the controlled rollout to a vetted set of US organizations is actually the right model. Limiting access to trusted institutions, with use cases focused on finding and remediating vulnerabilities, is how you derive real security value from a model at this capability level without creating new risks," said Britton.

"The goal should be more secure software — and that's achievable if the access controls stay disciplined over time."

FOLLOW US ON SOCIAL MEDIA

Follow ITPro on Google News and add us as a preferred source to keep tabs on all our latest news, analysis, views, and reviews.

You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.

Freelance journalist Nicole Kobie first started writing for ITPro in 2007, with bylines in New Scientist, Wired, PC Pro and many more.

Nicole the author of a book about the history of technology, The Long History of the Future.