Did the US Government Just Set An AI Export Precedent by Blocking Mythos?

On June 12, the Commerce Department’s Bureau of Industry and Security issued an export control directive to Anthropic to suspend access to its Fable 5 and Mythos 5 models for any foreign national, whether located abroad or inside the United States, citing national security concerns. Because the company could not reliably screen users by nationality, it disabled both models entirely.

In the immediate coverage of these events, so far, most of the attention has been paid to questions about the models, the reported jailbreak that prompted the action, the White House’s deliberations, and the company’s response. What’s needed now is policy analysis. And from that perspective, it’s clear that the novel development here isn’t another intrigue about a Anthropic and its large language models. It’s the legal instrument the White House deployed to force Anthropic’s hand, and the precedent it sets going forward.

Export controls have long reached more than physical goods. Software, source code, and electronic transmissions of non-public technical data all fall within the Export Administration Regulations, and the policy debates post-encryption suits of the 1990s settled that intangible code can be controlled. So the surprise in this scenario isn’t that software can be export-controlled at all. It’s that these authorities, built around discrete transfers of an identifiable item from one party to another, are being applied to a continuously available frontier model reached by API. When the controlled thing is a service that anyone can call from anywhere at any time, the familiar questions get harder. What exactly is the export? The model weights, the act of inference, the capability itself? The regulations have answers for releasing a file or transmitting a dataset. A model that responds to a prompt in real time fits those categories awkwardly, and that friction is now being worked out through enforcement rather than rulemaking.

That's worth dwelling on, because there's a real difference between AI policy that takes shape through a public regulatory process, with notice and comment and the chance for affected parties to weigh in, and AI policy that takes shape through ad hoc actions over time. With a technology this new and moving this fast, the second path is often where things start, simply because events outrun the rulemaking process. But it has a quiet consequence: each enforcement decision becomes precedent, the accumulated precedents begin to function like a rule, and a framework can end up assembled before anyone has stepped back to define it as one. That's not unique to this case or this administration. It's a recurring feature of governing at the frontier, and it's worth recognizing for what it is.

Much remains unclear about this specific situation. Almost everything in the public record is secondhand, much of it from parties with something riding on how this is understood. The directive arrived by letter, which has not been made public, so the precise scope and rationale are known mostly secondhand, as well. The trigger itself is contested. The government acted after another company reported jailbreaking Mythos in a way that alarmed officials. Anthropic characterizes the episode as a narrow misunderstanding and says the behavior at issue is widely available from other deployed models, and at least one security researcher who saw the underlying work disputes the "jailbreak" framing altogether, describing it instead as defensive research. Further, reporting has since suggested the controls were prompted partly by concern that a China-linked group had accessed Mythos, with the worry being that an adversary could reverse-engineer or distill the model, though that account is single-sourced and Anthropic says the issue was never raised. That factual uncertainty isn't a side issue. It's central, because when the determination is made privately and the facts are this contested, it becomes genuinely hard to tell which theory of control the government is even applying.

And underneath all of it sits the question that actually determines how broad this gets: how does a government decide when a frontier model crosses the line into something that warrants control? There are two basic approaches, and they lead to very different worlds.

The first is an incremental-risk approach, where the question is whether a given model materially expands what an adversary could do beyond what's already available to them elsewhere. If similar capability is already widespread, controlling one more instance of it accomplishes little, so this approach tends to focus attention on genuinely novel capabilities and exceptional cases, and it keeps controls relatively rare.

The second is a capability-based approach, where the mere presence of a sensitive capability is the trigger, regardless of whether comparable capability already exists in the wild. This one is potentially far broader, because nearly every frontier model possesses some capability that could be characterized as sensitive, and once you adopt that framing the universe of models potentially subject to control expands dramatically.

Strip away the mechanics and a real question is whether the government is regulating net-new capabilities or regulating capabilities period, and that's the distinction that will determine how expansive this approach ultimately becomes. The current case sits right on that fault line. Anthropic's defense is essentially an incremental-risk argument: whatever Mythos can do, comparable models can already do, so controlling it denies little.This view seems to inform the perspective of a group of cybersecurity experts who penned a letter urging the government to reverse its position. A capability-based view would find that beside the point, because the sensitive capability is present regardless of what else exists.

Both have a serious argument behind them. The case for incremental risk is that controlling capability already available everywhere imposes real costs on US firms and their allies while doing little to deny anything to a determined adversary. The case for the capability-based view is harder to dismiss than its critics admit, because you can't un-export a capability once it has proliferated. Waiting for proof that a model is truly net-new may mean acting too late to matter. If the goal is preventing irreversible harm, a government may reasonably decide it can't afford to wait for certainty.

That tension doesn't resolve neatly, and pretending otherwise would oversimplify things. But the choice between the two framings is the actual policy decision, and right now it's being made implicitly, buried inside discrete enforcement actions that read like one-offs. This isn't for lack of institutional machinery. The Center for AI Standards and Innovation already runs pre-deployment evaluations of frontier models under agreements with the major labs, and has examined what those models can do with their safeguards stripped away. The capacity to assess capability exists. What's missing is a published standard linking those assessments to consequences: which findings trigger which restrictions.

Which raises a further problem policymakers haven't fully grappled with: do the agencies making these calls even have the technical capacity to make incremental-risk determinations at the frontier? Judging whether a model materially expands an adversary's options requires deep, current knowledge of what already exists across the global landscape, and that's a demanding analytical task. A capability-based approach is, among other things, far easier to administer, which creates a quiet institutional gravity pulling toward the broader framework whether or not it's the right one.

None of this is an argument that frontier models should never be controlled. Some capabilities will warrant serious restriction, and governments have a legitimate role in drawing those lines. The point is narrower: the question of which theory of control applies is a big one, and it's worth resolving deliberately rather than letting it settle case by case. Export authorities built for physical goods and an earlier kind of technology are being asked to do something genuinely new, and that's uncharted ground for any administration.

So the real question isn't what happens to one model. It's which theory of control takes hold, and whether it is set deliberately or emerges over time from the accumulation of individual actions. Much of the necessary infrastructure is already in place. The remaining step is a deliberate one: to define the standard that ties it together before the answer settles by default.