Trump directive sidelines Anthropic Fable 5, Mythos 5
The national-security case gets awkward when the restricted model is also finding flaws inside classified government systems.
TL;DR
Federal News Network/AP reports, citing a U.S. official, that Anthropic’s Mythos model found vulnerabilities in highly sensitive U.S. government systems during intelligence-agency testing. The Trump administration directed Anthropic to block foreign-national access to Fable 5 and Mythos 5, forcing a global disablement for customers. Primes, defense industrial base suppliers, Cybersecurity Maturity Model Certification assessment organizations and multinational teams lose a useful audit tool while more than 100 cyber leaders say comparable open-source and foundation models already do similar work; retroactivity for deployed pipelines remains unanswered.
Federal News Network, carrying AP, has the awkward version of the Anthropic fight: the model the administration is restricting is also the model U.S. intelligence testers apparently found useful. AP cites a U.S. official saying Anthropic’s Mythos identified vulnerabilities in highly sensitive government systems within hours during testing with intelligence agencies. Sen. Mark Warner described the testing more dramatically at a June 11 Senate Banking hearing; AP’s official account stops at vulnerability discovery, which is short of proving exploitability at operational speed.
The directive is blunt. The administration told Anthropic to prevent foreign nationals from using Fable 5 and Mythos 5. Anthropic says it disabled the models for all customers to comply. Fable is the widely released, limited version; Mythos is the more advanced model Anthropic had already limited because of cybersecurity fears. That matters because it treats a domestic AI model like an export-sensitive cyber asset. The order arrived 10 days after Trump signed an executive order setting up voluntary federal vetting of advanced AI models for up to a month before release. Voluntary review followed by mandatory global disablement is exactly the kind of policy seam compliance teams have to treat as risk.
The government worry is real. A model that can triage flaws in classified systems within hours can also help an adversary with code, credentials and patience. The credibility problem sits in the remedy. More than 100 cybersecurity executives and experts told the administration Mythos is “quite good” at finding flaws and weaponizing exploits, while comparable foundation and open-source models already support audits and training. If that assessment is right, the directive pulls a defensive tool from U.S. teams while leaving similar capability in the world.
For primes, defense industrial base suppliers, Cybersecurity Maturity Model Certification assessment organizations and critical-infrastructure operators, the Monday problem is scope. Does the directive reach existing Anthropic deployments already wired into code-review, vulnerability-management or assessment workflows, or only new instances after the order date? The report leaves that unanswered. It also leaves multinational teams to prove they can isolate foreign-national access, or accept that AI-assisted security work just became a compliance exposure. Inventory, compartmentalize and document are the immediate verbs. Replacing the lost vulnerability-finding capacity is the harder work.
Published ·Deep Fathom