Anthropic Mythos – The White House ordered Anthropic to restrict exports of its AI models Fable and Mythos, and Anthropic pulled both models offline shortly after. The episode is the latest test of whether U.S. export controls can contain frontier AI—and it echoes earlier, uneve
Last Friday, the moment the White House ordered Anthropic to restrict export of its powerful AI models Fable and Mythos—limiting access to anyone outside the United States and also foreign nationals inside the country—something quickly snapped.
Within roughly 90 minutes of being notified, Anthropic pulled the plug on both models. For a week afterward, Fable and Mythos have been unavailable to anyone.
It’s dramatic, and it’s personal for the people building around these systems. Mythos. launched in April. had been marketed by Anthropic as a kind of “Doomsday cyber machine” that could wreak havoc on the internet if released too widely. Before the ban. access was restricted to only around 150 vetted companies and government organizations—an arrangement designed to give defenders time to secure their software and services before bad actors could reach Mythos-like capabilities.
So when the export control directive landed, it didn’t just create a policy headache. It interrupted an ongoing experiment in controlled rollout.
What triggered the order, at least according to the reported chain of events, was twofold.
First, Anthropic gave a South Korean telecom access to Mythos through its limited partner program. U.S. officials then grew alarmed after identifying that telecom as a company they suspected had ties to China. The telecom has been widely reported to be SK Telecom, and it denied any China connection.
Second. Amazon CEO Andy Jassy reportedly alerted the administration after Amazon’s own researchers. he said. found a way around Fable 5’s safeguards. Anthropic disputes the “jailbreak” label. saying the issue was narrow and already-patched rather than a wholesale defeat of the model’s safety measures.
The result was the same in practice: the Commerce Department issued an export control directive, and Anthropic scrambled to limit access to its products.
This is the first real test, in the modern era, of whether the U.S. government can use export controls to contain frontier AI in the way it has tried—with uneven results—against encryption and spyware.
Those earlier battles are where the tension lives.
In the early to mid-1990s. computer scientists were building encryption technologies meant to secure data as it traveled over the internet. including a popular product called Pretty Good Privacy. or PGP. PGP let data be encrypted and made it virtually impossible to unscramble even if intercepted en route to its intended recipient.
The U.S. government viewed PGP as a dangerous weapon. Officials feared it would prevent intelligence agencies from snooping on emails as they crossed U.S. lines. To stop distribution, the U.S. Customs Service opened a criminal investigation against PGP’s creator Phil Zimmermann for allegedly violating arms export controls. Zimmermann fought back by publishing PGP’s source code as a printed book. igniting what became known as the “Crypto Wars.”.
He later won a key battle when the investigation was closed, clearing the way for crucial end-to-end encryption algorithms used by billions of Signal and WhatsApp users.
Then, in the early 2010s, researchers began discovering Western-made spyware used against dissidents in the Middle East. In response. several governments agreed to expand the Wassenaar Arrangement. an international treaty meant to limit the export of dual-use software and technologies—items used in both civilian and military applications.
The idea was simple: classify surveillance and hacking software as dual-use, forcing spyware makers to get export licenses to sell their products abroad.
But the architecture of these controls has always carried weaknesses.
One is that not all countries adhere to the agreement, including Israel, which houses some of the world’s most active spyware makers. Another is that the agreement depends on countries applying it to companies within their borders at their own discretion.
For a time. the Italian government allowed one of the country’s then-top spyware makers. Hacking Team. to get a license to export its tools around the world—even as the company’s track record included selling spyware to oppressive governments that used it to hack journalists and human rights activists.
Afterward, critics pointed to continued lax enforcement across Europe. They argue that a recently renewed effort across the bloc of 27 member states to tackle spyware exports to authoritarian states “does not go far enough.”
Even when controls exist on paper, some companies find ways around them. Several spyware makers, including Intellexa—a sanctioned consortium of spyware companies—moved operations to countries with lax export controls. Others reportedly sought similar moves to Saudi Arabia.
There have been wins, though. Germany-based spyware maker FinFisher shut down in 2022 after a multi-year investigation by German prosecutors into the company for allegedly selling spyware to Turkey without an export license. Investigators previously found that FinFisher spyware had been deployed on the phones of critics of Turkey’s government.
Now, the U.S.-Anthropic showdown sits in that same landscape of attempted containment versus real-world escape routes.
As of the time of writing, the impasse between Anthropic and the Trump administration remains. There is a reasonable chance the administration will buckle and lift the restriction in the interest of keeping American AI companies competitive worldwide. That would also amount to a tacit acknowledgment that AI labs elsewhere—including in China—will likely reach similar capabilities regardless of what the U.S. restricts.
If that doesn’t happen, U.S. companies could end up needing government approval before serving foreign customers at all, a compliance burden that would dent their bottom line.
The deeper question is whether export controls can actually stop malicious actors from abusing powerful dual-use cyber technologies. Given the past experiences of governments trying to control software reach. government-mandated export controls are unlikely to be the right approach to stop malicious actors.
For now, the policy gamble has a visible cost: models that were marketed as tightly controlled for the sake of defenders are sitting offline, unavailable, while the standoff plays out.
Anthropic Mythos Fable export controls Commerce Department AI models cybersecurity encryption PGP Phil Zimmermann Crypto Wars Wassenaar Arrangement spyware FinFisher Intellexa SK Telecom Andy Jassy
So they just yanked it like a game server? Wild.
Wait, I thought export controls only applied to like chips and weapons, not AI? Sounds like they were trying to stop Americans from using it too… unless that’s not what “foreign nationals inside” means. Also “Doomsday cyber machine” sounds like marketing lol.
Isn’t this just censorship? If it was “vetted companies,” then why not just let them keep using it and tighten the rest. 90 minutes and it’s gone, that’s scary. Feels like we’re treating software like it’s a nuclear button, but I’m sure it’s for safety right?
This is gonna backfire. If you shut Mythos down for a week, people will just use whatever copycat version is already out there in some basement. And “pulled both models offline” makes it sound like they deleted the code or something, but AI doesn’t really disappear like that. I’m confused—are they cutting off other countries or also just punishing the companies that were already allowed?