The U.S. government's three-decade effort to restrict cybersecurity software exports has consistently failed to prevent their global spread. Anthropic's new cybersecurity model Mythos may face the same fate as previous export control attempts.
The history demonstrates a pattern. Pretty Good Privacy, or PGP, became the canonical example. Phil Zimmermann created PGP in 1991 as encryption software. The U.S. classified it as a munition and restricted its export. Within months, Zimmermann posted the source code online. It spread globally within weeks. Export controls became unenforceable.
Similar dynamics repeating with each generation of security tools. Once software exists and its underlying principles are public, physical borders cannot contain it. Open-source code published anywhere becomes accessible everywhere. Developers outside the U.S. rebuild restricted tools from first principles.
Mythos represents the modern iteration. Anthropic trained this model specifically for cybersecurity tasks, identifying vulnerabilities and analyzing attack patterns. The concern is that it could aid malicious actors. So restrictions followed.
But the structural problem remains unchanged. Export controls work only when technology is proprietary, complex to reverse-engineer, and requires sustained supply chain support. None of these conditions apply to AI models or software. A model's weights can be copied instantly. Source code is infinitely reproducible. No ongoing dependency exists.
Anthropic faces a choice similar to Zimmermann's. Restrict the tool and watch it get leaked, recreated, or simply developed elsewhere. Or accept that containment fails and focus on detection instead. European labs, Chinese research groups, and open-source developers will produce similar models regardless of U.S. policy.
The historical record suggests export controls on dual-use technology reflect policy theater more than effective security. They impose costs on legitimate researchers and companies while barely slowing determined adversaries. With Mythos