U.S. blocks Anthropic models, defenders lose critical tools

U.S. blocks – After Anthropic launched Claude Fable 5 on June 9, the Trump administration ordered the company to suspend foreign nationals’ access to Fable 5 and Mythos 5, citing national security concerns. Anthropic disabled the models for all customers, and cybersecurity

On June 9, Anthropic rolled out Claude Fable 5, calling it a high-powered AI system aimed at helping users with advanced cybersecurity tasks—while wrapping the capability in safeguards intended to keep it from being used for attacks. Days later, the model was offline.

The shutdown escalated fast. Citing national security concerns. the Trump administration ordered Anthropic to suspend foreign nationals’ access to Fable 5 and Mythos 5. a closely related version with some safeguards lifted. Anthropic’s response was sweeping: it disabled the models for all customers. The company said the order applied to any foreign national, whether inside the country or not—including Anthropic employees.

For cybersecurity teams trying to stay ahead of exploitation. that kind of abrupt interruption lands like a missed shift at the worst possible time. The core tension is painfully simple: the same AI systems that can be misused by hostile actors are also increasingly used to help defenders locate weaknesses before they’re turned into breaches.

Two recent examples are already being held up as evidence of what could be lost. Mozilla said its Firefox team used Claude Mythos Preview to identify 271 vulnerabilities that were later fixed in Firefox 150. Mozilla also said earlier work with Anthropic’s Opus 4.6 helped uncover 22 security-sensitive bugs in Firefox 148.

Cloudflare described a different kind of test. It said it tested Mythos against live code in critical parts of its infrastructure, where the model could chain lower-severity bugs and generate proof-of-concept code to check whether vulnerabilities were actually exploitable.

Peter Swire. a professor at the School of Cybersecurity and Privacy at the Georgia Institute of Technology and a former adviser to the Clinton and Obama administrations. argued that Anthropic’s broader shutdown may have been exactly what the Trump administration wanted. He said the order was framed as an export-control action aimed at foreign nationals. but the company’s response—pulling access for everyone—amounted to blocking use by Americans included.

Swire drew a comparison to the 1990s fight over encryption. In that era, U.S. rules treated encryption products as munitions and restricted their export tightly. The outcome. he said. was an awkward split: what could be used domestically versus what could be shared abroad. until the Clinton administration loosened many of those controls later in the decade.

Cybersecurity leaders are making a parallel argument about AI now. In an open letter. dozens of cybersecurity experts and executives urged the government to lift the restrictions. saying cutting off access could slow the work of people trying to find and fix software flaws before hackers exploit them.

Swire said their point is hard to ignore. “Going forward, banks and other critical infrastructure should be using the best AI to scan their own systems for defensive purposes,” he said. He also warned that “America First” restrictions aimed at foreign access can still backfire on U.S. security.

“The U.S. hurts its own national security if the critical infrastructure of U.S. allies is undermined due to blockage of the best tools for defenders, so we end up in a less safe place,” Swire said.

In a world where financial and software systems are intertwined. the idea of a “foreign problem” doesn’t hold for long. Swire pointed to the way modern networks and supply chains work: if a vulnerability shows up in an overseas partner. attackers can eventually use that weakness to enter U.S. systems and then move laterally.

“If major European banks go down, that hurts the United States,” he said. “U.S. cybersecurity defense depends on effective protections for all of their counterparties, many of whom are outside of the United States.”

Alan Woodward, a professor of cybersecurity at the University of Surrey in England, called the restriction a “very blunt instrument.” He said Anthropic has emphasized the power of its “Mythos-class” models, but that message may now be working against the company.

Woodward also focused on the signal the restriction sends beyond U.S. borders. “What they are going to do, of course, is put people off relying on U.S. companies,” he said. “My fear. then. is that the Chinese will storm in—and they already are. which we saw happen with DeepSeek—and they’ll capture the market. and they’ll be controlling our use of it in a very different way.”.

The stakes for Washington, Woodward suggested, are whether the policy is actually making misuse harder—or making legitimate defense slower. If something is banned, he said, people often find work-arounds. “If you have an outright ban on something. ‘you effectively do lose control of it. because people will find other ways around it.’”.

For now. the decision that began with an export-control rationale has ended with an all-customer disablement for Claude Fable 5 and Mythos 5. The fight over where AI should be allowed—and by whom—has landed squarely in the middle of cybersecurity. where defenders are racing attackers with tools that can’t be replaced on a timetable set by politics.

Anthropic Claude Fable 5 Mythos 5 cybersecurity AI security export controls Firefox vulnerabilities Cloudflare testing Mozilla Peter Swire Alan Woodward