Citing unspecified national security concerns last Friday, the White House Anthropic ordered restricting the export of powerful AI models Fable and Mythos to anyone outside the United States, as well as to foreign nationals within the country. Shortly after, the AI giant hastily pulled the plug on both models, which have now been unavailable to anyone for a week.
The episode is the first real test of whether the U.S. government can use export controls to contain artificial intelligence at the border as it tries to contain encryption and spyware. As dramatic as it sounds, how this conflict is resolved could shape not only Anthropic’s access to foreign markets, but the rulebook around which other AI labs will have to build.
First some context. Since launching Anthropic Mythos in Aprilthe company marketed it as some sort of doomsday cyber machine it could cause havoc on the internet if broadcast too widely – so before the ban, only about 150 audited companies and government organizations generally had access to it. The goal was to help defenders secure their software and services before the bad guys got Miphos-like capabilities.
But what caused the ban? Later, two incidents were reported. First: Anthropic gave a South Korean telecommunications company access to Mythos through a limited partner program, and U.S. officials became concerned after the company was identified as having ties to China, which they suspected. (Company, extensive information is provided Being SK Telecom, there is he denied any Chinese connection.) Amazon CEO Andy Jassy is also reported warned the management After Amazon’s own researchers said they found a way around Fable 5’s safeguards. Anthropic disputes the “jailbreak” label, calling it a narrow, already patched problem rather than a wholesale failure of the model’s security measures.
The result was the same: The Commerce Department issued an export control directive and had to scramble to limit access to Anthropic products immediately — by some accounts within about 90 minutes of being notified.
None of this is new, though. While governments have tried for decades to use export controls to limit the spread of dangerous cyber technology, their track record is mediocre at best.
In the early to mid-1990s, perhaps the most spectacular failure of this approach in history was the US government. At the time, computer scientists were developing encryption technologies to secure data as it traveled over the Internet. One of these encryption products was called Pretty Good Privacy, or PGP, which could encrypt data and make it virtually impossible to decipher, even if it were intercepted en route to the intended recipient over the Internet.
The US government initially saw PGP as a dangerous weapon, fearing that it would prevent intelligence agencies from intercepting emails and tracking them. Stop distribution of PGP, US Customs Service opened a criminal case Phil Zimmermann, founder of PGP, for violating arms export controls. He fought back by publishing PGP’s source code like a printed bookignited what is known today as the “Crypto Wars”.
Zimmermann later won a major battle when the investigation was closed, paving the way for the crucial end-to-end encryption algorithms used by billions of Signal and WhatsApp users.
Then, in the early 2010s, researchers began to discover Western-made spyware being used against dissidents in the Middle East. In response, several governments agreed to expand Wassenaar Packagean international agreement that restricts the export of dual-use software and technologies used in both civilian and military applications.
The idea was to classify surveillance and hacking software as dual use, thus forcing spyware makers to obtain an export license to sell their products abroad.
Contact us
Do you know more about the Mythos ban? You can securely contact Lorenzo Franceschi-Bicchierai from a non-work device and network by calling +1 917 257 1382 or via Telegram and Keybase @lorenzofb. e-mail.
But Wassenaar has always had two inherent weaknesses. There are several countries that have not complied with the treaty, including Israel, home to some of the world’s most active spyware producers.
The agreement also depends on countries applying their discretion to companies within their borders. For a while, the Italian government allowed Hacking Team, one of the country’s top spyware makers at the time, to license its tools to export them around the world, even though the company had a track record of selling spyware. oppressor governments that used hacking journalists and human rights defenders.
Since then, other countries In Europe, like Italy, it has been indifferent to spyware producers. Despite numerous scandals, it hosts Europe many spyware and hack tool makersthere is failed to permanently restrict the export of spyware to authoritarian regimes. Critics say recently renewed efforts to address the growing problem of spyware exports to authoritarian states in the 27-member bloc “do not go far enough.”
A few spyware makers, such as Intellexa, a sanctioned consortium of spyware companies, have simply moved their operations to countries with lax export controls. Other spyware makers have tried to move their operations to Saudi Arabia for similar reasons.
There are some victories. Germany-based spyware maker FinFisher Closed in 2022 After a multi-year investigation of the company by German prosecutors allegedly selling spyware to Turkey without an export license. Investigators previously discovered the presence of FinFisher spyware placed on phones Critics of the Turkish government.
At the time of writing, an impasse remains between Anthropic and the Trump administration. There’s a reasonable chance that the administration will pick up and remove the cap in the interest of keeping American AI companies globally competitive — which would be tantamount to simply acknowledging that AI labs elsewhere, including China, will reach similar capabilities regardless of what the U.S. limits. Or, American AI companies may need government approval before they can serve foreign clients at all, a compliance burden that always hurts their bottom line.
Given the past experience of governments around the world trying to control the scope of software, government-mandated export controls are unlikely to be the right approach to prevent malicious actors from abusing powerful dual-use cyber technologies.
When you purchase through links in our articles, we may earn a small commission. This does not affect our editorial independence.
