Zendoric
← Back to the day · June 28, 2026

Mythos and Fable: when the U.S. applies 20th-century export controls to 21st-century AI models

🕒 Published on Zendoric: June 28, 2026 · 09:00

On June 12, the U.S. government ordered Anthropic to cut off access to its Mythos 5 and Fable 5 models for any non-U.S. citizen, anywhere in the world. An analyst at the Bulletin of the Atomic Scientists dismantles why that logic, inherited from physical arms control, clashes with the nature of software.

By Zendoric · June 28, 2026.

On June 12, 2026, Anthropic announced that the United States government had ordered it to suspend access to its two latest large language models —Mythos 5 and Fable 5— for any non-U.S. citizen, regardless of where they reside. The measure is unusually broad in scope: not even Anthropic's own employees who lack U.S. citizenship may interact with those systems. Up to that point, Mythos had been available for several weeks to a select group of users —some of them undisclosed— with the specific aim of scanning digital systems at high speed to detect exploitable vulnerabilities. Fable, its public version labeled 'safe for general use,' had recently been released to the general public.

The government order relied on national security authorities to impose what are functionally export controls, though without providing an explicit justification. Anthropic did offer its own reading: the government had reportedly detected a method to bypass Fable's safeguards through a 'jailbreak'—that is, a prompt designed to circumvent the chat's filters. The company, however, considers that vulnerability to be minor and easily replicable with other public tools that already exist. In an unusual gesture for a company that tries to maintain good relations with Washington, Anthropic stated publicly that it 'does not believe that the discovery of a potentially narrow jailbreak should be grounds for withdrawing a commercial model deployed to hundreds of millions of people.'

The analysis published by Justin Sherman, founder and CEO of Global Cyber Strategies and an adjunct professor, in the Bulletin of the Atomic Scientists dissects why this regulatory logic stands on shaky ground. The central argument is structural: export controls were designed primarily for physical goods —weapons, advanced microelectronics components, radar systems— whose theft or illicit transfer requires operations in the physical world. An adversary who wants to replicate a stealth fighter needs the blueprints, yes, but also the manufacturing capabilities. A stolen copy is just a copy. An AI model, by contrast, can be exfiltrated through cyberspace, copied at virtually zero marginal cost and distributed at a speed no logistical control can intercept.

The paradox of the Fable/Mythos case is especially acute: Fable was already public. To claim that China —with the intelligence apparatus it has— had not accessed it, downloaded it and begun testing its limits before the suspension order was issued is, in Sherman's own words, 'implausible.' The measure may hamper continued access by other actors, but the most sophisticated adversaries would already have completed significant rounds of testing and replication. And for those who have not, the usual route —shell companies, individuals posing as U.S. citizens, insiders under pressure or economic incentives— remains equally open as long as there are U.S. nationals with access to the system.

Herein lies another crack in the approach: restricting access to U.S. nationals does not eliminate the insider threat. U.S. nationals can also pose internal security risks, and in the absence of solid corporate governance regulations —internal access controls, disclosure requirements, pre-release testing policies— the nationality restriction becomes an administrative filter rather than a real security barrier.

The geopolitical cost of the measure is potentially high. The United Kingdom's AI Security Institute —an AI safety evaluation body, with non-U.S. staff— had accessed Mythos Preview in April to assess its cybersecurity capabilities. It would now be excluded. At a time when a growing number of European defense and security professionals —not just digital rights activists— are arguing that Europe needs technological independence from the United States, cutting off the closest allies from access to key AI models reinforces precisely that argument. The long-term consequence Sherman points to is delicate: pushing strategic partners to seek alternative providers that, in the absence of mature European options, could be Chinese. That does not strengthen U.S. national security; it weakens it.

What the analysis proposes is not inaction in the face of real risks. The capability of a model like Mythos —designed to identify vulnerabilities in digital systems at scale— in the hands of hostile actors is a legitimate and serious concern. But the most effective response, according to the argument developed, runs through three paths distinct from export controls. First: raising the cybersecurity bar, including rigorous pre-release testing, strict internal access controls and responsible vulnerability disclosure mechanisms —frameworks the U.S. government already applies in other contexts. Second: comprehensive governance regulation for all AI companies operating in the country, with 'know your customer' requirements to track who uses and who supplies these models. Third: defining a proportional threshold: if any jailbreak, however minor, can trigger an order to withdraw a model, every AI model in the country would be a candidate, because no system is impervious to human error or to the evolution of attack techniques.

This episode matters beyond the specific case of Anthropic. It represents a use of national security authorities to impose export-style controls on a large-scale commercial AI model. The signal it sends to the sector is ambivalent: on one hand, it normalizes direct government intervention over access to specific models; on the other, it does so without the regulatory scaffolding that would give those decisions coherence, proportionality and predictability. Anthropic complied with the order but marked its disagreement publicly. That tension between compliance and dissent reflects something broader: the advanced AI industry and inherited legal frameworks do not yet speak the same language, and the consequences of that gap will continue to be visible.

Sources & references