Encryption, spyware, and now Mythos: History shows why cyber export control doesn’t work

2026-06-19 · Source: TechCrunch · Field: Government & Public Sector — Public Policy & Governance, Regulatory & Compliance, Artificial Intelligence & Machine Learning · Depth: Intermediate, short

Summary

The White House recently ordered Anthropic to restrict the export of its powerful AI models, Fable and Mythos, citing national security concerns, leading to their immediate unavailability. This action marks the first significant test of U.S. government export controls on frontier AI, following previous uneven attempts with encryption and spyware. Anthropic had previously marketed Mythos as a "Doomsday cyber machine," limiting access to about 150 vetted organizations. The ban was reportedly triggered by Anthropic granting access to SK Telecom, a company U.S. officials suspected of China ties (denied by SK Telecom), and Amazon CEO Andy Jassy reporting a bypass of Fable 5's safeguards. Historically, efforts to control dual-use cyber technologies like Pretty Good Privacy (PGP) encryption in the 1990s and spyware under the Wassenaar Arrangement in the 2010s have shown limited success, often circumvented by publishing code or relocating operations. The current impasse highlights the challenge of containing advanced software capabilities globally.

Key takeaway

For Policy Makers weighing export controls on advanced AI, recognize that historical precedents with encryption and spyware demonstrate limited effectiveness. Your efforts to restrict powerful dual-use technologies often face circumvention through code publication or relocation of operations. Instead of relying solely on bans, consider strategies that acknowledge global AI development and focus on international collaboration or defensive measures. Unilateral restrictions risk hindering domestic AI competitiveness without preventing global proliferation.

Key insights

Export controls on dual-use cyber technologies, including advanced AI models, have historically proven ineffective due to circumvention and global proliferation.

Principles

• Software export controls face inherent circumvention challenges.
• International agreements require consistent national enforcement.
• Global competition can undermine domestic restrictions.

In practice

• Publishing source code can bypass export restrictions.
• Relocating operations avoids national export controls.
• Vetting partners is crucial for sensitive tech distribution.

Topics

• AI Export Controls
• Dual-Use Technologies
• Anthropic Fable
• Anthropic Mythos
• Wassenaar Arrangement
• Cybersecurity Policy
• Encryption Policy

Best for: CTO, VP of Engineering/Data, Executive, Policy Maker, Director of AI/ML, Legal Professional

Related on AIssential

• White House's export limits on Anthropic linked to concerns about Chinese access — Geopolitical concerns and model safety risks are driving AI export controls and development strategies.
• American Government Takes Down Claude Fable — Abrupt government AI export controls based on minor jailbreaks reveal regulatory immaturity and risk hindering US AI leadership.
• US’ Mythos restrictions heighten EU tech fears — US AI restrictions expose Europe's tech dependency, accelerating its pursuit of digital sovereignty.
• AI, Government Control, and the Beginning of a New Technological Era — Government intervention on frontier AI models signals their reclassification as strategic, dual-use infrastructure.
• The MAGA power struggle that could decide the fate of Anthropic — Government export controls can swiftly halt access to powerful AI models due to perceived security risks, even if guardrails are defended.
• Alex Stamos on Why the US Should Lift Its Fable and Mythos Export Ban — US AI export controls on Anthropic's models are seen as an overreaction, harming US competitiveness.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by TechCrunch.