Last Friday, citing unspecified national security concerns, the White House ordered Anthropic to restrict the export of its powerful Fable and Mythos AI models to anyone outside the United States, as well as to foreign nationals within the country. Soon after, the AI giant hastily pulled the plug on both models, which were no longer available to anyone for a week.
The episode is the first real test of whether the US government can use export controls to contain border AI the way it has tried, with wildly uneven results, to contain encryption and spyware before it. And as dramatic as it sounds, how this standoff is resolved could shape not just Anthropic’s access to foreign markets, but the rulebook that other AI labs will have to create.
Some context first. Since Anthropic released Mythos in April, the company has marketed it as some kind of cyber Doomsday machine that could wreak havoc on the Internet if released too widely — which is why, before the ban, only about 150 vetted companies and government organizations had access to it at all. The goal was to help defenders secure their software and services before the bad guys could reach Mythos-like capabilities.
So what triggered the ban? According to information, two consecutive events. The first: Anthropic gave access to South Korean telecoms to Mythos through its limited partner program, and U.S. officials became concerned after recognizing that the company was suspected of having ties to China. (The company, was widely reported to be SK Telecom, it has he refused any connection to China.) Amazon CEO Andy Jassy also reportedly notified management after Amazon researchers, he said, found a way to bypass Fable 5’s safeguards. Anthropic disputes the “jailbreak” label, calling it a narrow, already-fixed issue rather than a general defeat of the model’s security measures.
The result was the same: The Commerce Department issued an export control directive, and Anthropic had to try to limit access to its products immediately — within about 90 minutes of notification, by some accounts.
None of this is new, though. Governments have tried to use export controls to limit the spread of what they see as dangerous cyber technology for decades, but their track record has been mediocre at best.
The US government was behind what is perhaps the most spectacular failure of this approach in history in the early to mid-1990s. At the time, computer scientists were developing encryption technologies to secure data as it traveled over the Internet. One of these encryption products was called Pretty Good Privacy, or PGP, a popular piece of software that could encrypt data and make it virtually impossible to decipher even if intercepted as it traveled to the intended recipient over the Internet.
The US government initially saw PGP as a dangerous weapon, fearing that it would prevent its intelligence agencies from spying on emails as they traversed their wires. To stop the distribution of PGP, the US Customs Service opened a criminal investigation against PGP creator Phil Zimmermann for allegedly violating arms export controls. He responded by publishing the PGP source code as a printed booksparking what is known today as the ‘Crypto Wars’.
Zimmermann later won a key battle when the investigation was closed, paving the way for critical end-to-end encryption algorithms like the one used by billions of Signal and WhatsApp users.
Later, in the early 2010s, researchers began to discover Western-made spyware being used against dissidents in the Middle East. In response, several governments agreed to expand the Wassenaar Arrangementan international treaty that restricts the export of dual-use software and technologies used in both civilian and military applications.
The idea was to classify tracking and hacking software as dual-use, thereby forcing spyware makers to obtain export licenses to sell their products abroad.
Contact us
Got more info on the Mythos ban? From a broken device and network, Lorenzo Franceschi-Bicchierai can be reached securely on Signal at +1 917 257 1382 or via Telegram and Keybase @lorenzofb or via email.
But Wassenaar has always had two inherent weaknesses. There are many countries that do not abide by the agreement, including Israel, which is home to some of the most active spyware makers in the world.
The agreement also depends on countries applying it to companies within their borders at their discretion. For a time, the Italian government allowed one of the country’s then-leading spyware makers, Hacking Team, a license to export its tools around the world, despite the company’s history of selling spyware to overbearing governments that he used it to hack journalists and human rights activists.
Since, other countries in Europe they were easy on spyware makers like Italy. Despite numerous scandals, Europe, home to many spyware and hacking tool makers, has consistently failed to limit spyware export in authoritarian regimes. Critics say a recently renewed effort across the 27-nation bloc to tackle the growing problem of spyware exports to authoritarian states “doesn’t go far enough”.
Several spyware makers, such as Intellexa, a consortium of spyware companies subject to sanctions, simply moved their operations to countries with lax export controls. Other spyware makers have sought to move their operations to Saudi Arabia for similar reasons.
There have been some victories. FinFisher spyware maker based in Germany close in 2022 after a years-long investigation by German prosecutors into the company for allegedly sells spyware in Turkey without an export permit. Researchers previously discovered that the FinFisher spyware was developed on phones of critics of the Turkish government.
As of this writing, the impasse between Anthropic and the Trump administration remains. There is a reasonable possibility that the administration will loosen and lift the restriction to keep US AI companies competitive globally – a move that would amount to a tacit acknowledgment that AI labs elsewhere, including in China, will likely have similar capabilities regardless of what the US restricts. Alternatively, US AI companies could end up needing government approval before serving foreign clients at all, a compliance burden that would always hurt their bottom line.
Given the past experiences of world governments trying to control the reach of software, government-mandated export controls are unlikely to be the right approach to stop malicious actors from abusing powerful dual-use cyber technologies.
When you purchase through links in our articles, we may earn a small commission. This does not affect our editorial independence.
