Encryption, spyware, and now Mythos: History shows why cyber export control doesn’t work
TL;DR
The U.S. government ordered Anthropic on June 12 to restrict Claude Fable 5 and Claude Mythos 5 for non-U.S. persons. Anthropic took both models offline worldwide because the export-control demand was hard to implement cleanly. Mythos is Anthropic's tightly limited cybersecurity model for defensive vulnerability hunting. Project Glasswing started in April with a small partner group and later expanded to about 150 organizations in more than 15 countries.
Nauti's Take
Anthropic helped create this mess with its Mythos narrative: if a company sells a model as nearly too dangerous for broad release, regulators will eventually treat it that way. A blanket export shutdown is still a blunt move.
Defenders lose access, attackers look elsewhere, and U. S.
labs inherit a new platform risk. The better fight is boring and operational: audited access, abuse handling, clear incident thresholds, and rules that do not punish legitimate security research first.
Briefingshow
This is bigger than one Anthropic incident: it tests whether a U. S. export-control letter can force a global AI product offline overnight.
For companies putting AI into security workflows, that turns model access into a sovereignty and continuity risk. The cyber history behind PGP and spyware suggests bans often create compliance drag and relocation games before they create real control.
Sources