Anthropic's Mythos ban exposes AI regulation's fault lines

At the beginning of June, President Donald Trump signed an executive order that promised a light-touch toward AI regulation. Less than two weeks later, the federal government abruptly slapped export controls on Anthropic over security concerns with its latest model Mythos along with its consumer-facing variant Fable 5. Because this order effectively prohibited Anthropic from allowing foreign nationals (including Anthropic employees) to use these models, the company opted to suspend everyone’s access to ensure compliance. 

What did the government actually claim about the Fable 5 jailbreak?

The underlying facts of the issue are currently in dispute. In a public statement, Anthropic noted that they received the export control directive at 5:31 pm (ET) on Friday, June 12. While the paperwork didn’t specify the national security issue that precipitated this response, Anthropic said it understood that the government believed there was a method of bypassing Fable 5’s built-in safeguards (also known as ‘jailbreaking’). However, the company claimed this technique could only be used to identify “a small number of previously known, minor vulnerabilities” that could be discovered without the need for jailbreaking. 

The Trump administration, on the other hand, tells a different story. In a lengthy X post, David Sacks, Co-Chair of the President’s Council of Advisors on Science and Technology, claimed that a “highly credible trusted partner of both Anthropic and the [United States Government]” came forward with a jailbreak for Mythos’ guardrails (it’s been reported by Axios and others that the tipoff came from Amazon CEO Andy Jassy). 

The administration then asked Dario Amodei, Anthropic’s co-founder and CEO, to either fix the issue or rescind access to the model. Sacks claims Amodei refused to do either. He also took issue with Anthropic’s framing of the issue as minor, saying “[i]t’s difficult to fathom how they could claim a jailbreak allowing operability of a cyber weapon could be defined as not ‘serious.’” 

Independent cybersecurity experts have questioned the government’s framing of this vulnerability. Katie Moussouris, the founder and CEO of Luta Security, writes that researchers gave Fable 5, Mythos, and Opus code containing vulnerabilities and asked them to review it for security issues. Fable 5 refused, and so they asked the models to “fix this code.” While the researchers ultimately ended up with test scripts, it was a laborious and labor-intensive process. 

According to Moussouris, “[d]efenders need to be able to ask AI to fix the bugs in a file, explain why the fix matters, and write tests that confirm the patch works. That is not a guardrail bypass. It is the most valuable thing an AI model can do for defensive security: executing the find, fix, and test loop defenders run every day.”

Was Chinese access to Mythos the real reason for the ban?

Muddying the waters even further, Semafor reports that the White House’s decision was motivated in part by concerns that a China-linked entity had accessed Mythos. Previously, Anthropic stated that access to Mythos was limited to a select group of trusted companies due to its potential for misuse. But Semafor also notes that Anthropic says the administration didn’t mention the possibility of Chinese access when discussing export controls. 

How did Anthropic become a supply chain risk in the Pentagon's view?

All of this is happening against a backdrop of tension between the White House and Anthropic. According to Semafor, the company opposed a number of the administration’s AI-related initiatives and irked officials by hiring alumni of the Biden administration. Anthropic’s refusal to allow its products to be used for mass surveillance or autonomous lethal weaponry also led the Pentagon to terminate an agreement with Anthropic. In March, things escalated further when the Pentagon declared Anthropic a supply chain risk, though Anthropic has gone to court to overturn that decision. 

Because of the bad blood between the two sides, some observers see the decision to impose export controls as motivated by pique rather than national security. Dean Ball, who briefly advised the Trump administration on AI-related issues, wondered if the White House was waging lawfare against Anthropic. Meanwhile, reporting from Axios seems to suggest this latest skirmish was at least partially a vibe-based decision ("Anthropic has not done a great job at trying to speak to the administration and appreciate the ideological differences”).

How is Washington's AI policy confusion affecting the broader industry?

This episode doesn’t bode well for the AI industry. The government is clearly having a hard time making up its mind when it comes to the regulatory regime it wants to pursue. At first, it seemed intent on pursuing a hands-off approach, but the advanced capabilities of models like Mythos led to reports the White House might force companies to submit frontier AI models for review by the government until pushback from the laissez-faire camp made the pendulum swing back toward a voluntary approach. 

The administration was so keen to avoid inconveniencing industry that the signing ceremony for President Trump’s executive order was postponed at the last minute over concerns that giving the government 90 days to review models was too burdensome. But other companies might be reluctant to trust the administration’s commitment to light-touch regulation when it’s willing to use the full force of federal power when a company displeases it. 

The ramifications of this dispute could reverberate throughout the wider information ecosystem. 

According to an open letter signed by over 100 experts in the field, the Mythos-class models aren’t uniquely good at finding vulnerabilities. Moreover, they argued that having AI tools that are capable of testing code for weaknesses is a good thing that ultimately makes cyberspace safer for everyone. Imposing export controls on Anthropic “has taken the best models away from defenders, created market uncertainty, and risked America’s AI leadership without any real risk to justify it” they said. 

It will be interesting to see how Congress reacts. Early reporting suggests that the White House’s treatment of Anthropic is causing disquiet on Capitol Hill. If legislators believe the executive branch can’t deliver coherent oversight of AI, they might step up and pass their own regulations. 

What that regulation would look like is anybody’s guess, and passing it before the midterm elections in November would be an uphill battle. Democrats in particular may be tempted to wait and see. Should they regain control of the House and/or the Senate, they will be in a much stronger position to shape any legislation regulating AI.   

What should information ecosystem players watch for after the Anthropic case?

The regulatory landscape has only gotten murkier since President Trump signed his executive order at the beginning of June. Until now, all the signs pointed toward a laissez faire approach to AI regulation, but the Anthropic case shows that stakeholders can’t afford to discount the possibility of aggressive government intervention. 

An ideal regulatory regime is consistent and transparent, but those qualities are in short supply in today’s Washington. For anyone whose business depends on reliable access to AI-powered infrastructure, that uncertainty is the last thing they want.

‍