From PGP to Mythos: a brief history of export controls that didn't stop anyone

The landscape of artificial intelligence is moving at an incredible pace, bringing with it both groundbreaking opportunities and complex challenges. One such challenge recently surfaced with the U.S. government's decision to impose export controls on Anthropic's advanced AI models, Claude Fable 5 and Mythos 5. This action, driven by national security concerns, has sparked a significant debate, drawing parallels to the "crypto wars" of the 1990s and the ultimately futile attempts to restrict encryption software like Pretty Good Privacy (PGP).

For decades, the idea of stopping the flow of cybersecurity-related software has proven to be largely ineffective. The current situation with Anthropic’s powerful cybersecurity model, Mythos, raises a critical question: why would these controls work now, when history has shown such restrictions are often circumvented and can even be counterproductive?

The Echoes of PGP: A Historical Precedent

To understand the current dilemma, it's helpful to look back at the "crypto wars" of the 1990s. This period saw intense clashes between governments, particularly the U.S., and privacy advocates over the control of encryption technology. At the heart of this conflict was PGP (Pretty Good Privacy), an encryption program created by Phil Zimmermann in 1991.

PGP was designed to allow individuals to encrypt their emails and files, providing a strong layer of privacy and security. The U.S. government, however, classified robust encryption software as "munitions" under the International Traffic in Arms Regulations (ITAR), effectively making it illegal to export without a license. Zimmermann himself faced a criminal investigation for "exporting munitions" after PGP found its way outside the United States. At the time, cryptosystems using keys larger than 40 bits were considered munitions, and PGP never used keys smaller than 128 bits.

Despite these stringent controls, PGP's source code was famously printed in books and published online, making it widely accessible globally. The argument that "code is speech," protected by the First Amendment, played a significant role in challenging these restrictions. Eventually, the U.S. government relaxed its export controls on encryption software in 1999 and 2000, recognizing the impracticality of controlling information that could be easily disseminated. The efforts to restrict encryption ultimately failed because the technology was too easy to share and too vital for a globalizing digital world.

Enter Anthropic's Mythos: A New Frontier in AI Cybersecurity

Fast forward to today, and a similar debate is unfolding around advanced AI models. Anthropic, a leading AI safety and research company, recently introduced its "Mythos-class" models, Claude Fable 5 and Claude Mythos 5. These models represent a significant leap in AI capabilities, particularly in the realm of cybersecurity.

Claude Mythos 5 is described as having the "strongest cybersecurity capabilities of any model in the world." It excels at discovering and exploiting software vulnerabilities, and in testing, it has found thousands of high-severity vulnerabilities in major operating systems and web browsers. Anthropic initially stated that Mythos was too dangerous for public release, restricting access to a handful of partners through an initiative called Project Glasswing. This project brought together major tech and security organizations like Amazon Web Services, Apple, Google, Microsoft, and the Linux Foundation to use Mythos defensively to secure critical software. The goal was to leverage its power to find and fix vulnerabilities before malicious actors could exploit them.

On June 9, 2026, Anthropic launched Claude Fable 5, a "Mythos-class" model made safe for general use, with safeguards in place. Concurrently, Claude Mythos 5 was launched for a small group of cyberdefenders and infrastructure providers, with some safeguards lifted. Pricing for both models starts at $10 per million input tokens and $50 per million output tokens. However, just three days after their public launch, the U.S. government ordered Anthropic to take down Claude Fable 5 and Mythos 5, citing national security concerns and export control powers.

The Unclear Rationale: Why Controls Now?

The government's decision to impose export controls on Anthropic's models has been met with significant criticism and confusion. Critics, including the Electronic Frontier Foundation (EFF), argue that these controls are a "haphazard decision" and raise constitutional and free speech concerns, much like the encryption debates of the past.

The core argument against these controls is that advanced AI capabilities, particularly in cybersecurity, are rapidly becoming globally distributed. While the U.S. government aims to prevent foreign adversaries from accessing these tools, restricting access to U.S.-developed models might simply encourage other nations to develop their own, or for malicious actors to find alternative, less regulated AI tools. Experts point out that the ability to analyze code and identify weaknesses is already available across multiple AI systems, not just Anthropic's. Furthermore, open-source and open-weight models from other countries are quickly closing the capability gap.

A recent executive order, "Promoting Advanced Artificial Intelligence Innovation and Security," signed by President Donald Trump on June 2, 2026, established a voluntary framework for government review of advanced AI models. This order encourages developers to voluntarily provide access to "covered frontier models" for cybersecurity and national security assessments up to 30 days before public release. However, the subsequent mandatory take-down order for Anthropic's models suggests a more aggressive stance, moving beyond voluntary frameworks.

The Global Nature of AI and Cybersecurity

The interconnectedness of the digital world means that cybersecurity is inherently a global challenge. Restricting access to advanced defensive AI tools could inadvertently weaken global cybersecurity defenses. As security experts and executives highlighted in an open letter, these sanctions prevent developers and security teams from using the best models to find and fix vulnerabilities before adversaries, armed with nearly as capable AI, can exploit them.

The "dual-use" nature of AI—meaning it can be used for both beneficial and harmful purposes—makes regulation particularly complex. While AI models can accelerate threat detection and incident response for defenders, they can also be misused to create sophisticated cyberattacks. However, many argue that focusing on restricting the tools themselves, rather than targeting misuse and bad actors, is an ineffective strategy.

The Wassenaar Arrangement, an international export control regime for conventional weapons and dual-use goods and technologies, has previously attempted to control cyber surveillance technology. However, these efforts have been controversial and faced challenges, partly due to the potential negative impacts on cybersecurity business and research.

Industry Implications and the Path Forward

The government's actions against Anthropic set a significant precedent for intervention in commercially deployed AI. This creates uncertainty for AI developers and could potentially stifle innovation by making companies hesitant to develop powerful models if they face arbitrary restrictions.

Instead of blanket restrictions, many experts advocate for policies that focus on managing misuse, encouraging responsible AI development, and fostering international cooperation. This could involve:

• Targeting bad actors and specific malicious use cases rather than broadly restricting access to tools.
• Allowing security teams to use AI in controlled, observable environments to monitor and improve its application.
• Developing robust AI security standards and frameworks, such as those from NIST, OWASP, and Google.
• Collaborating internationally to establish common understandings and coordinated policies for AI governance.

The history of export controls on software, from PGP to the current debate around Mythos, strongly suggests that attempting to contain rapidly evolving and globally distributed technologies is a difficult, if not impossible, task. The focus should shift from trying to stop the flow of information to ensuring its responsible use and building strong, collaborative defenses in an increasingly AI-driven world.

Frequently Asked Questions

What are export controls on AI models?

Export controls on AI models are government regulations designed to restrict the transfer or dissemination of advanced artificial intelligence technologies to certain countries, entities, or individuals, typically for national security reasons. These controls aim to prevent potentially dangerous AI capabilities from falling into the wrong hands.

How does the situation with Anthropic's Mythos relate to PGP?

The situation with Anthropic's Mythos echoes the "crypto wars" of the 1990s, where the U.S. government attempted to control the export of encryption software like PGP. In both cases, the government sought to restrict access to powerful, dual-use technologies due to national security concerns. However, historical attempts to control encryption proved largely ineffective due to the global and decentralized nature of information sharing, a lesson that many argue applies to AI as well.

What is Anthropic's Mythos model and what are its capabilities?

Anthropic's Claude Mythos 5 is an advanced AI model with state-of-the-art cybersecurity capabilities. It is designed to find and exploit software vulnerabilities, having demonstrated the ability to uncover thousands of high-severity flaws in major operating systems and web browsers during testing. It is part of Anthropic's "Mythos-class" of models, which are more capable than their Opus series.

Why are export controls on AI models controversial?

Export controls on AI models are controversial because critics argue they can hinder defensive cybersecurity efforts globally, stifle innovation, and are difficult to enforce effectively given the rapid development and global distribution of AI technology. There's concern that such restrictions could disadvantage legitimate cybersecurity researchers and defenders, while malicious actors might still access similar capabilities through other means.