Restrictions on Mythos have become a fight over who gets to use powerful AI for cyber defense. More than 100 security experts urged U.S. officials in June 2026 to lift export controls on Anthropic’s Mythos and Fable models, arguing the ban weakens defenders more than attackers. Their core claim: these systems can find flaws fast, but they aren’t uniquely dangerous compared with other advanced or open-source AI tools.
Why Restrictions on Mythos triggered a rare public revolt
The June 14, 2026 open letter was addressed to Commerce Secretary Howard Lutnick and National Cyber Director Sean Cairncross. It asked the U.S. government to remove export-control directives affecting Anthropic’s Fable and Mythos large language models, which AP and TechCrunch both reported were caught by the order.
The signatories weren’t a random collection of AI enthusiasts. Names reported in June 2026 included Alex Stamos, Katie Moussouris, Rachel Tobac, Paul Vixie, Joe Levy, Bryan Payne, Bruce Schneier, Eugene Spafford, Chris Wysopal, and Philip Zimmermann. TechCrunch reported 76 signatories at the time of writing on June 15, while the live letter later showed more than 100; AP reported “more than 100” cybersecurity experts and leaders on June 16.
Their argument is narrower than some headlines make it sound. They weren’t saying advanced AI has no offensive use. They were saying Restrictions on Mythos and Fable create a lopsided outcome: responsible defenders lose access to tools that can help find vulnerabilities, while attackers can still turn to other foundation models, open-source systems, and traditional exploit development methods.
That distinction matters. A model that helps a trained analyst triage code faster is not the same policy problem as a model that gives every criminal a guaranteed exploit chain on demand. The letter’s sharper point was that Mythos-class models are good at finding flaws and weaponizing exploits, but “not uniquely good” compared with other options already available.
The timeline: from Project Glasswing to a federal clampdown
Anthropic introduced Project Glasswing and Claude Mythos Preview on April 7, 2026, framing the effort as defensive cybersecurity work. Launch partners included AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks.
By May 22, 2026, Anthropic said Project Glasswing and roughly 50 partners had used Claude Mythos Preview to find more than 10,000 high- or critical-severity vulnerabilities. That is the number defenders keep coming back to, because it suggests the model was doing more than generating reports. It was finding real security debt at scale.
On June 2, 2026, Anthropic said it was expanding Project Glasswing to approximately 150 new organizations in more than 15 countries. One week later, on June 9, the company announced Claude Fable 5 and Claude Mythos 5. It listed pricing for both at $10 per million input tokens and $50 per million output tokens.
Access was uneven from the start. Anthropic said Claude Mythos 5 was restricted to Glasswing partners and soon select biology researchers, while Claude Fable 5 was available more broadly with safeguards. Then the U.S. restrictions landed, and TechCrunch reported on June 15 that Anthropic suspended access to Fable and Mythos for all users worldwide after the order.
| Date in 2026 | Event | Why it matters |
|---|---|---|
| April 7 | Anthropic launched Project Glasswing and Claude Mythos Preview | Put the model into defensive cybersecurity programs with major technology and security partners |
| May 22 | Anthropic reported more than 10,000 high- or critical-severity vulnerabilities found by roughly 50 partners | Gave supporters a concrete result to cite when opposing Restrictions on Mythos |
| June 2 | Project Glasswing expanded to about 150 organizations in more than 15 countries | Turned a limited preview into a broader international defensive program |
| June 9 | Claude Fable 5 and Claude Mythos 5 launched at $10 per million input tokens and $50 per million output tokens | Set public pricing and clarified that Mythos 5 access was still limited |
| June 14 | Security experts published the open letter to federal officials | Moved the dispute from private policy channels into public pressure |
| June 16 | AP reported more than 100 experts urged the Trump administration to ease restrictions | Confirmed the issue had become a national cybersecurity policy fight |
What Mythos actually changes for defenders
Security teams already use static analysis, fuzzing, bug bounty reports, penetration testing, and plain human experience. Mythos doesn’t replace that stack. It compresses parts of the work, especially the dull middle: reading code paths, spotting suspicious patterns, drafting exploit hypotheses, and helping analysts decide which bug deserves attention first.
A useful way to read Anthropic’s May 2026 number is by pace. More than 10,000 high- or critical-severity vulnerabilities across roughly 50 partners means an average of at least 200 serious findings per partner during the initial Glasswing period. That’s not a formal benchmark, and the distribution could be wildly uneven, but it shows why defenders are nervous about losing the tool. Even if half the findings required heavy human cleanup, the volume is still meaningful.
The uncomfortable part is that the same capability can cut both ways. A model that explains why a memory corruption bug matters can help a vendor patch faster. It can also help an attacker understand how to chain a weakness. Security has always lived with that tension; vulnerability disclosure, exploit proof-of-concepts, and tools like Metasploit all created similar arguments before AI arrived.
For readers who want the basics behind the risk, a good primer on how zero-day exploits work in 2026 helps explain why fast vulnerability discovery can be both a blessing and a threat. The policy question is not whether AI can be misused. It can. The question is whether blocking vetted access makes the internet safer.
Who should control access: Anthropic, CISA, or export officials?
CISA’s role is the awkward subplot. Axios reported on April 21, 2026 that the Cybersecurity and Infrastructure Security Agency lacked access to Mythos Preview even though some other U.S. government agencies were using it. For a civilian agency responsible for helping defend federal and critical infrastructure systems, that gap was hard to ignore.
Nextgov/FCW then reported on June 11 that White House discussions considered designating CISA to coordinate Mythos vulnerability scans across federal agencies. A White House official also said CISA access to Mythos was “imminent,” according to the same report. Days later, the public debate had shifted toward Restrictions on Mythos and Fable more broadly.
There are three plausible control models here, none of them clean:
- Vendor-led access: Anthropic approves partners, monitors use, and can revoke access. Fast, but it leaves public-interest decisions inside a private company.
- Government-coordinated access: CISA or another agency routes scans for federal systems and critical infrastructure. Better accountability, but slower and vulnerable to politics.
- Export-control restrictions: Commerce limits distribution for national security reasons. Powerful, but blunt when the same or similar capabilities exist elsewhere.
Honestly, the CISA model makes the most sense for federal networks, provided it doesn’t become a bottleneck. Large organizations already change security priorities as they grow, and a model described in our guide to how security priorities shift inside growing organizations applies here too: central coordination helps, but only if local teams can still move quickly.
The counter-argument: why Washington may be worried
The case for limits is not absurd. TechCrunch reported on June 15 that Anthropic believed the White House order may have been based on a report alleging a method to jailbreak Fable into Mythos-level capabilities. If officials believed broader Fable access could be turned into a more powerful exploitation assistant, they had reason to pause.
Export controls also have a specific logic. Washington may want to prevent strategic rivals, sanctioned entities, or criminal groups from getting easy access to a model tuned for high-end vulnerability research. You don’t need to imagine a sci-fi scenario; a well-resourced adversary finding serious flaws faster is a real national security concern.
Still, Restrictions on Mythos carry a pitfall few casual takes mention: a global suspension can punish the most compliant users first. Glasswing partners, enterprises with logging, and researchers willing to work under rules are easy to cut off. Covert actors using other models, stolen credentials, local open-source systems, or offshore intermediaries are much harder to stop.
That asymmetry shows up in ordinary enterprise security too. Defenders must follow procurement rules, privacy policies, audit requirements, and legal review. Attackers don’t. It’s similar to the gap between brute force and credential stuffing defenses: as explained in this comparison of brute force attacks versus credential stuffing, the attacker’s cheapest path often shifts faster than the defender’s control process.
A practical reading of the open letter
The expert letter is best read as a demand for targeted governance, not open season. It asks federal officials to lift restrictions on Anthropic’s Fable and Mythos models because the authors believe the ban reduces defensive capacity without removing the underlying offensive capability from the world.
There’s a numbers-based way to test that claim. Anthropic priced Claude Mythos 5 at $50 per million output tokens in June 2026. If a vulnerability research workflow generated 20 million output tokens in a month, the output-token line alone would cost about $1,000, before input tokens. Add 50 million input tokens at $10 per million, and the total would be about $1,500 for that month. For a major bank, cloud provider, or federal agency, that’s trivial compared with a breach investigation. For a solo criminal, it’s not impossible either.
Price, then, is not the safety barrier. Identity checks, usage monitoring, rate limits, audit logs, partner vetting, and incident response obligations matter more. Restrictions on Mythos may slow access, but they don’t answer the operational question: who is allowed to run powerful vulnerability scans, against what systems, with what oversight, and what happens to the findings?
Another practical concern is patch capacity. Finding 10,000 serious bugs is impressive; fixing them is slower and messier. Security teams already struggle with backlog triage, remote access risks, and distributed work habits, which is why a practical cybersecurity checklist for remote workers still has value beside high-end AI tools. More findings can overwhelm teams that lack ownership maps and emergency patch processes.
At this point, a pure ban feels like an overcorrection. A tiered access regime would be more convincing: CISA-coordinated federal use, vetted private-sector partners, strict logging, controlled cross-border access, and clear rules for vulnerability disclosure. That won’t satisfy everyone, but it would match the actual risk better than pretending the capability disappears when one vendor’s model is restricted.
What happens next for Restrictions on Mythos?
The next phase will likely turn on whether federal officials can define a safer access channel quickly. If CISA receives a coordinating role, as Nextgov/FCW reported was under discussion in June 2026, Washington could claim it is not banning defensive use outright. It would be moving it under government supervision.
Anthropic also has a hard balance to strike. The company has promoted Glasswing as a defensive project with major partners, while also acknowledging through access limits that Mythos is sensitive. Claude Fable 5 being broadly available with safeguards and Claude Mythos 5 being restricted to Glasswing partners show that Anthropic already separated general AI use from higher-risk security capability before the federal order.
For you, the durable takeaway is simple: the fight over Restrictions on Mythos is not really about one model. It’s about whether advanced AI vulnerability discovery becomes a controlled defensive utility, a private vendor privilege, or a restricted technology treated like a strategic export. The answer will shape how quickly organizations find serious bugs before someone else does.
FAQ
What are the Restrictions on Mythos?
Restrictions on Mythos refer to U.S. export-control directives reported in June 2026 that affected Anthropic’s Claude Mythos and Fable models. AP and TechCrunch reported the order led to limits on access, while TechCrunch said Anthropic suspended access worldwide after the order.
Why do cybersecurity experts want Mythos restrictions lifted?
They argue Mythos-class systems help defenders find and prioritize serious vulnerabilities, and that the models are not uniquely dangerous compared with other foundation or open-source models. Their concern is that compliant defenders lose access faster than attackers do.
How many vulnerabilities did Project Glasswing find?
Anthropic said on May 22, 2026 that Project Glasswing and roughly 50 partners had found more than 10,000 high- or critical-severity vulnerabilities using Claude Mythos Preview.
Was CISA using Mythos?
Axios reported on April 21, 2026 that CISA did not have access to Mythos Preview, even though some other U.S. government agencies were using it. Nextgov/FCW later reported White House discussions about giving CISA a coordinating role for Mythos scans.
How much did Claude Mythos 5 cost?
Anthropic listed Claude Mythos 5 pricing on June 9, 2026 at $10 per million input tokens and $50 per million output tokens, the same public pricing listed for Claude Fable 5.
EN 
FR 
ES