The White House recently ordered Anthropic to restrict the export of its powerful AI models, Fable and Mythos, citing national security concerns. This unprecedented directive immediately halted access for foreign entities and nationals, marking a pivotal moment for AI regulation.
This episode is the first major test of the U.S. government’s ability to contain “frontier AI” via export controls. Its mixed track record for encryption and spyware suggests the outcome will shape global AI access and regulatory blueprints.
The Anthropic Ban and Its Triggers
Anthropic launched Mythos in April, marketing it as a potent “Doomsday cyber machine” capable of immense internet disruption. Access was highly limited to only around 150 vetted organizations, aimed at empowering defenders against such threats.
The ban reportedly stemmed from two incidents. U.S. officials grew alarmed when Anthropic shared Mythos with a South Korean telecom, suspected of having China ties; SK Telecom denies any Chinese connection.
Second, Amazon CEO Andy Jassy reportedly alerted the administration after Amazon researchers claimed to have “jailbroken” Fable 5’s safeguards. Anthropic disputes this, but the Commerce Department issued an export control directive, forcing Anthropic to limit access within roughly 90 minutes.
Echoes from the Past: The Crypto Wars
Governments have a challenging history of using export controls on dangerous cyber technology, with inconsistent results. A prime example occurred in the U.S. during the 1990s, in a dramatic clash over encryption.
Computer scientists then developed robust encryption like Pretty Good Privacy (PGP) to secure internet data. The U.S. government viewed PGP as a threat, fearing it would hinder intelligence agencies from monitoring communications.
To stop PGP’s distribution, the U.S. Customs Service investigated its creator, Phil Zimmermann, for alleged arms export control violations. Zimmermann famously retaliated by publishing PGP’s source code as a printed book, sparking the “Crypto Wars” and defending digital privacy.
Zimmermann ultimately won, as the investigation was closed. This victory paved the way for widespread end-to-end encryption, now fundamental to secure apps like Signal and WhatsApp, proving powerful software is difficult to contain.
The Spyware Saga and Wassenaar’s Flaws
In the early 2010s, Western-made spyware targeting dissidents led to an expanded Wassenaar Arrangement, an international treaty. It limits “dual-use” software exports by classifying surveillance tools as such, requiring licenses to prevent misuse.
Despite its intent, Wassenaar has consistently suffered from inherent weaknesses, undermining its effectiveness. These systemic flaws are numerous:
- Many key countries, including Israel—a hub for spyware development—do not participate, creating significant control gaps.
- Enforcement relies heavily on member states’ discretion; Italy, for instance, licensed top spyware maker Hacking Team despite sales to regimes targeting journalists.
- European nations struggle to curb spyware exports to authoritarian regimes; critics argue recent efforts “do not go far enough.”
To bypass controls, many spyware developers, like the sanctioned Intellexa consortium, simply relocate operations to countries with laxer regulations. This adaptability highlights the challenge of global software control.
Still, some successes exist. Germany-based spyware maker FinFisher shut down in 2022 after a multi-year investigation for selling spyware to Turkey without a license, its tools found on the phones of Turkish government critics.
An Uncertain Future for AI Export Controls
The impasse between Anthropic and the administration continues, leaving AI export controls uncertain. The government might lift restrictions, potentially acknowledging AI’s global development and that other labs will likely achieve similar capabilities regardless of U.S. limitations.
Alternatively, American AI companies could face a future burdened by government approvals for foreign customers, impacting competitiveness and bottom line. Given history, export controls alone are unlikely to stop malicious actors abusing powerful dual-use cyber technologies.
Source: TechCrunch – AI
