\n<\/p>\n
Last Friday, citing unspecified national security concerns, the White House ordered Anthropic<\/a> to restrict the export of its powerful AI models Fable and Mythos to anyone outside of the United States, as well as foreign nationals inside the country. Shortly after, the AI giant hastily pulled the plug on both models, which have now been unavailable to anyone for a week.\u00a0<\/p>\n The episode is the first real test of whether the U.S. government can use export controls to contain frontier AI the way it has tried, with very uneven results, to contain encryption and spyware before it. And dramatic as it may sound, how this standoff gets resolved could shape not just Anthropic\u2019s access to foreign markets but the rulebook that other AI labs will have to build around.<\/p>\n Some context first. Ever since Anthropic launched Mythos in April<\/a>, the company has marketed it as some kind of Doomsday cyber machine<\/a> that could wreak havoc on the internet if released too widely \u2014 which is why, before the ban, only around 150 vetted companies and government organizations<\/a> had access to it at all. The goal was helping defenders secure their software and services before the bad guys could reach Mythos-like capabilities.\u00a0<\/p>\n So what triggered the ban? Two subsequent events, reportedly. The first: Anthropic gave a South Korean telecom access to Mythos through its limited partner program, and U.S. officials grew alarmed after identifying the company as one they suspected had ties to China. (The company, widely reported<\/a> to be SK Telecom, has denied<\/a> any China connection.) Amazon CEO Andy Jassy also reportedly alerted the administration<\/a> after Amazon\u2019s own researchers, he said, found a way around Fable 5\u2019s safeguards. Anthropic disputes the \u201cjailbreak\u201d label, calling it a narrow, already-patched issue rather than a wholesale defeat of the model\u2019s safety measures. <\/p>\n The result was the same: the Commerce Department issued an export control directive, and Anthropic had to scramble to immediately limit access to its products within roughly 90 minutes of being notified, by some accounts.<\/p>\n None of this is new, though. Governments have tried to use export controls to limit the proliferation of what they see as dangerous cyber technology for decades, but their track record has been middling at best.\u00a0<\/p>\n The U.S. government was behind what is perhaps history\u2019s most spectacular failure of this approach in the early to mid-1990s. At the time, computer scientists were developing encryption technologies to secure data as it traveled over the internet. One of those encryption products was called Pretty Good Privacy, or PGP, a popular software that could encrypt data and make it virtually impossible to unscramble even if intercepted as it traveled to its intended recipient over the internet.\u00a0<\/p>\n The U.S. government initially saw PGP as a dangerous weapon, fearing it would prevent its intelligence agencies from snooping on emails as they crossed their wires. To stop the distribution of PGP, the U.S. Customs Service opened a criminal investigation<\/a> against PGP\u2019s creator Phil Zimmermann for allegedly violating arms export controls. He fought back by publishing PGP\u2019s source code as a printed book<\/a>, igniting what is known today as the \u201cCrypto Wars.\u201d\u00a0<\/p>\n Zimmermann later won a key battle when the investigation was closed, paving the way for crucial end-to-end encryption algorithms such as the one used by billions of Signal and WhatsApp users.\u00a0<\/p>\n Later during the early 2010s, researchers began discovering Western-made spyware used against dissidents in the Middle East. In response, several governments agreed to expand the Wassenaar Arrangement<\/a>, an international treaty that limits the export of dual-use software and technologies that are used in both civilian and military applications.<\/p>\n The idea was to classify surveillance and hacking software as dual-use, thus forcing spyware makers to get export licenses to sell their products abroad.\u00a0<\/p>\n \t\t\tDo you have more information about the Mythos ban? From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email<\/a>.<\/a>\t\t<\/div>\n But Wassenaar has always had two inherent weaknesses. There are several countries that don\u2019t adhere to the agreement, including Israel, which houses some of the world\u2019s most active spyware makers.<\/p>\n The agreement also depends on countries applying it to companies within their borders at their own discretion. For a time, the Italian government allowed one of the country\u2019s then-top spyware makers, Hacking Team, a license to export its tools around the world, despite the company\u2019s track record of selling spyware to oppressive<\/a> governments<\/a> that used it<\/a> to hack journalists and human rights activists.\u00a0<\/p>\n Since then, other<\/a> countries<\/a> in Europe have been lax with spyware makers like Italy. Despite numerous scandals, Europe, home to many spyware and hacking tools makers<\/a>, has continually failed to curb the export of spyware<\/a> to authoritarian regimes. Critics say that a recently renewed effort across the bloc of 27 member states to tackle its growing problem of spyware exports to authoritarian states \u201cdoes not go far enough.\u201d<\/p>\n Several spyware makers, such as Intellexa, a sanctioned consortium of spyware companies,\u00a0 have simply moved their operations to countries with lax export controls. Other spyware makers sought to move their operations to Saudi Arabia for similar reasons.<\/p>\n There have been some wins. Germany-based spyware maker FinFisher shut down in 2022<\/a> after a multi-year investigation by German prosecutors into the company for allegedly selling spyware<\/a> to Turkey without an export license. Investigators previously found the FinFisher spyware had been deployed on the phones<\/a> of critics of Turkey\u2019s government.\u00a0<\/p>\n As of the time of writing, the impasse between Anthropic and the Trump administration remains. There is a reasonable chance the administration will buckle and lift the restriction in the interest of keeping American AI companies competitive worldwide \u2014 a move that would amount to tacit acknowledgment that AI labs elsewhere, including in China, will likely reach similar capabilities regardless of what the U.S. restricts. Or, American AI companies could end up needing government approval before serving foreign customers at all, a compliance burden that would invariably dent their bottom line.\u00a0<\/p>\n Given the past experiences that world governments have had with trying to control the reach of software, government-mandated export controls are unlikely to be the right approach to stop malicious actors from abusing powerful dual-use cyber technologies.<\/p>\n<\/div>\n When you purchase through links in our articles, we may earn a small commission<\/a>. This doesn\u2019t affect our editorial independence.<\/em><\/p>\nContact Us<\/h4>\n