Last Friday, the White House ordered Anthropic to restrict the export of its powerful AI models Fable and Mythos to foreign nationals outside and within the United States, citing unspecified national security concerns. Shortly after, the AI giant hastily pulled the plug on both models, and they have now been unavailable to anyone for a week.
This episode is the first real test of whether export controls can be used to contain frontier AI in the same way the US government has previously tried to contain encryption and spyware, with very uneven results. As dramatic as it may sound, how this conflict is resolved could shape not only Anthropic’s access to overseas markets, but also the rulebook other AI labs must build upon.
First some context. Ever since Anthropic announced Mythos in April, the company has been touting it as some kind of doomsday cyber machine that could wreak havoc on the Internet if released too widely. So before the ban, only about 150 vetted companies and government agencies had access to it. The goal was to allow defenders to protect software and services before the bad guys get to features like Mythos.
So what prompted the ban? Two things reportedly happened after that. First, Anthropic granted South Korean carriers access to Mythos through a limited partner program, but U.S. authorities became alarmed after identifying the company as a company with suspected ties to China. (The company widely reported to be SK Telecom denies any ties to China.) Amazon CEO Andy Jassy also reportedly alerted the government after Amazon’s own researchers discovered a way to circumvent Fable 5’s security measures. Anthropic disputes the “jailbreak” label, arguing that this is not a wholesale failure of the model’s security measures, but rather a narrow issue that has already been patched.
The result was the same. The Department of Commerce issued an export control directive, and Anthropic had to scramble to immediately restrict access to its products within about 90 minutes of receiving the notice, according to some accounts.
However, none of this is new. For decades, governments have used export controls to try to limit the proliferation of cyber technologies deemed dangerous, but their track record has been middling at best.
In the early to mid-1990s, the U.S. government was behind perhaps the most spectacular failure of this approach in history. At the time, computer scientists were developing encryption techniques to protect data traveling over the Internet. One of those encryption products is called Pretty Good Privacy (PGP), a popular piece of software that can encrypt data and make it virtually impossible to unscramble it even if it is intercepted while being sent over the Internet to its intended recipient.
The U.S. government initially viewed PGP as a dangerous weapon, fearing it would prevent intelligence agencies from snooping on emails during communications. In an effort to stop the distribution of PGP, US Customs has launched a criminal investigation against PGP founder Phil Zimmerman for allegedly violating arms export regulations. He fought back by publishing PGP’s source code as a printed book, sparking what is known today as the “Crypto Wars.”
Mr. Zimmerman later won an important battle when the investigation concluded, paving the way for important end-to-end encryption algorithms such as those used by billions of Signal and WhatsApp users.
Then, in the early 2010s, researchers began discovering Western-made spyware used against dissidents in the Middle East. In response, several governments agreed to expand the Wassenaar Agreement, an international treaty restricting the export of dual-use software and technology used for both civilian and military purposes.
The idea was to classify surveillance and hacking software as dual-use and force spyware makers to obtain export licenses to sell their products abroad.
inquiry
Want more information about Mythos Ban? You can contact Lorenzo Franceschi-Bicchierai securely from any non-work device or network on Signal (+1 917 257 1382), Telegram and Keybase @lorenzofb, or email.
But Wassenaar always had two inherent weaknesses. Several countries have not complied with the agreement, including Israel, home to the world’s most active spyware makers.
The agreement also depends on whether each country applies the agreement to companies within its borders at its own discretion. The Italian government at one point granted Hacking Team, one of the country’s top spyware makers at the time, a license to export its tools around the world, despite the company’s track record of selling spyware to oppressive governments that used it to hack journalists and human rights activists.
Since then, other countries in Europe have become more tolerant of spyware makers like Italy. Despite numerous scandals, Europe, home to many spyware and hacking tool makers, has failed to curb the export of spyware to authoritarian regimes. Critics say recent new efforts across the 27-member bloc to tackle the growing problem of spyware exports to authoritarian states “do not go far enough.”
Some spyware makers, such as Intellexa, a licensed consortium of spyware companies, have simply moved their operations to countries with weaker export controls. Other spyware makers have sought to move their operations to Saudi Arabia for similar reasons.
There were some wins too. Germany-based spyware maker FinFisher shut down in 2022 following a multi-year investigation by German prosecutors into the company for allegedly selling spyware to Turkey without an export license. Investigators had previously found FinFisher spyware installed on the cellphones of people who criticized the Turkish government.
As of this writing, the impasse between Anthropic and the Trump administration remains. There’s a good chance the administration will roll back that restriction to keep U.S. AI companies globally competitive. This move amounts to a tacit acknowledgment that AI labs elsewhere, including China, are likely to reach similar capabilities, regardless of what the United States limits. Alternatively, U.S. AI companies may need government approval before offering services to foreign customers, and the burden of compliance will always weigh on profits.
Given past experience with world governments attempting to control the reach of software, government-mandated export controls are unlikely to be an appropriate approach to deter malicious parties from exploiting powerful dual-use cyber technologies.
If you buy through links in our articles, we may earn a small commission. This does not affect editorial independence.
