For creators and artists relying on frontier models to generate audio, music, or complex media, the sudden ban on Anthropic‘s Mythos and Fable models signals a volatile new era. What began as a tool for defenders to secure their digital infrastructure has abruptly become a restricted commodity, unavailable to anyone outside the US for at least a week. This crackdown, driven by national security concerns, forces makers to navigate a landscape where access to powerful generative tools is no longer guaranteed by market demand but dictated by geopolitical friction.
The Mythos Containment Experiment
Since its launch in April, Anthropic positioned Mythos as a high-stakes cyber instrument capable of significant internet disruption if deployed without strict oversight. To mitigate this risk, access was initially limited to approximately 150 vetted entities, including government bodies and security firms, aiming to ensure only defenders could harness such capabilities.
The decision to halt exports and restrict domestic access followed two specific incidents. First, Anthropic granted a South Korean telecom operator, widely reported as SK Telecom, access through its partner program. US officials subsequently flagged the company for suspected ties to China, though SK Telecom denies any such connection. Second, Amazon CEO Andy Jassy reportedly alerted the administration after his researchers identified a method to bypass Fable 5’s safety protocols. Anthropic disputes the severity of this finding, describing it as a narrow, already-patched vulnerability rather than a systemic failure.
In response, the Commerce Department issued a directive requiring immediate action. Anthropic scrambled to restrict access to both models within roughly 90 minutes of notification. This rapid response marks the first genuine test of whether the US government can effectively use export controls to contain frontier AI, a strategy that has yielded uneven results when applied to encryption and spyware in the past.
A History of Failed Containment
Attempts to regulate dangerous cyber technology through export restrictions have a long and often unsuccessful track record. One of the most notable failures occurred in the early to mid-1990s involving Pretty Good Privacy (PGP). US authorities viewed PGP, a software tool designed to encrypt data securely, as a threat to intelligence gathering operations.
To curb its distribution, the US Customs Service launched a criminal investigation against PGP’s creator, Phil Zimmermann, alleging violations of arms export controls. Zimmermann countered by publishing the source code as a printed book, sparking what became known as the “Crypto Wars.” The investigation was eventually closed, paving the way for the end-to-end encryption algorithms now used by billions of users on platforms like Signal and WhatsApp.
The Wassenaar Arrangement and Spyware
During the early 2010s, governments expanded the Wassenaar Arrangement, an international treaty limiting the export of dual-use technologies. The aim was to classify surveillance and hacking software as dual-use, requiring export licenses for international sales. However, the agreement has inherent weaknesses.
- Several nations, including Israel, do not adhere to the agreement, despite housing some of the world’s most active spyware developers.
- Implementation relies on member states applying the rules at their own discretion. For example, the Italian government once licensed Hacking Team to export tools globally, despite the firm’s history of selling to oppressive regimes targeting journalists and activists.
Europe has struggled to curb these exports effectively. While a recent effort by the bloc of 27 member states aims to address spyware exports to authoritarian states, critics argue the measures do not go far enough. Consequently, companies like Intellexa have relocated operations to jurisdictions with lax controls, while others have moved to Saudi Arabia for similar reasons.
There have been isolated successes. In 2022, German prosecutors shut down FinFisher after a multi-year investigation revealed the company sold spyware to Turkey without a license, with evidence showing the tools were deployed on the phones of Turkish government critics.
The Path Forward for US AI
As the standoff between Anthropic and the current administration continues, two outcomes seem likely. The government may eventually lift the restrictions to preserve the global competitiveness of American AI firms, effectively acknowledging that rivals in China and elsewhere will develop similar capabilities regardless of US limits. Alternatively, US companies may face a future where serving foreign customers requires explicit government approval, a compliance burden that would inevitably damage their profitability.
Given the historical precedents with encryption and spyware, government-mandated export controls are unlikely to be the effective solution for preventing malicious actors from abusing powerful dual-use cyber technologies.
Key takeaways
- The ban on Anthropic’s Mythos and Fable models marks a critical test of whether US export controls can successfully contain frontier AI development.
- Historical attempts to restrict encryption and spyware via export controls have largely failed, as seen in the PGP/Crypto Wars and the Wassenaar Arrangement.
- Enforcement weaknesses, including non-participating nations and lax domestic compliance, allow dangerous technologies to proliferate globally.
- US AI companies face a stark choice: accept regulatory restrictions that may erode their global competitiveness or navigate a complex compliance landscape that threatens their bottom line.
Stay ahead of AI. Get the most important stories delivered to your inbox — no spam, no noise.
