Introduction: A New Chapter in AI Export Control
Last Friday, citing unspecified national security concerns, the White House ordered Anthropic to restrict the export of its powerful AI models Fable and Mythos to anyone outside the United States, as well as to foreign nationals within the country. Shortly after, the AI giant hastily pulled the plug on both models, which have now been unavailable to anyone for a week.
This episode marks the first real test of whether the U.S. government can use export controls to contain frontier AI—much as it has tried, with mixed results, to contain encryption and spyware before it. Dramatic as it sounds, how this standoff is resolved could shape not only Anthropic’s access to foreign markets but also the rulebook that other AI labs will have to follow.
Background: The Mythos Model and Its Limited Release
Some context first. Ever since Anthropic launched Mythos in April 2026, the company has marketed it as a kind of doomsday cyber machine that could wreak havoc on the internet if released too widely. That’s why, before the ban, only around 150 vetted companies and government organizations had access to it. The goal was to help defenders secure their software and services before malicious actors could achieve Mythos-like capabilities.
What Triggered the Ban?
Two events reportedly triggered the ban. First, Anthropic granted a South Korean telecom access to Mythos through its limited partner program. U.S. officials grew alarmed after identifying the company—widely reported to be SK Telecom—as one they suspected had ties to China (the company has denied any connection to China). Second, Amazon CEO Andy Jassy reportedly alerted the administration after Amazon’s own researchers claimed to have found a way around Fable 5’s safeguards. Anthropic disputes the “jailbreak” label, calling it a narrow, already-patched issue rather than a wholesale defeat of the model’s safety measures.
The result was the same: the Commerce Department issued an export control directive, and Anthropic scrambled to limit access to its products within roughly 90 minutes of notification, according to some accounts.
Historical Precedent: A Long Track Record of Failure
None of this is new. Governments have tried to use export controls to limit the proliferation of what they see as dangerous cyber technology for decades, but their track record has been middling at best.
Perhaps history’s most spectacular failure of this approach occurred in the early to mid-1990s. At that time, computer scientists were developing encryption technologies to secure data as it traveled over the internet. One such product was Pretty Good Privacy (PGP), a popular software that made intercepted data virtually impossible to unscramble.
The U.S. government initially saw PGP as a dangerous weapon, fearing it would prevent intelligence agencies from snooping on emails. To stop its distribution, the U.S. Customs Service opened a criminal investigation into PGP’s creator, Phil Zimmermann. The investigation ultimately failed, but it illustrates a recurring pattern: attempts to suppress powerful cyber tools often backfire, driving development offshore or underground. In the case of PGP, the software spread globally regardless, and encryption is now ubiquitous—proof that export controls can be ineffective against determined dissemination.
Similarly, in the 2010s, U.S. attempts to control spyware exports had limited success, as foreign competitors quickly filled the gap. These historical lessons suggest that controlling frontier AI through export bans alone may be an uphill battle, especially when the technology is already in limited circulation and demand is high.
What’s Next for Anthropic and AI Regulation?
As of 2026, the standoff over Mythos and Fable is a watershed moment. The outcome will likely influence how other countries—particularly China and the EU—shape their own AI export policies. If the U.S. tightens controls, we may see a fragmented global AI market, with some nations developing independent models and others pushing for multilateral agreements. For now, Anthropic’s situation serves as a cautionary tale: even safety-first marketing can trigger unintended regulatory consequences.
via TechCrunch AI