History repeats. The White House ordered Anthropic to block foreign access to its advanced AI models Fable and Mythos last week. National security, officials said. The company complied by pulling the models entirely. Users everywhere lost access. Yet this move echoes decades of similar efforts that fell short.
Encryption came first. In the early 1990s, the U.S. classified strong cryptography as a munition. Exporting it required licenses under the Arms Export Control Act. Phil Zimmermann released Pretty Good Privacy anyway. He posted the code online. Copies spread worldwide within days. TechCrunch recounts how the government pursued Zimmermann legally. The case collapsed. Strong encryption became standard. The controls didn’t stop it. They delayed adoption at home and handed market share to foreign competitors.
But governments kept trying. Spyware followed. After the Arab Spring, concerns grew over commercial surveillance tools sold to repressive regimes. The Wassenaar Arrangement added intrusion software and IP surveillance systems to its dual-use list in 2013. The U.S. implemented tighter rules years later. NSO Group’s Pegasus dominated headlines. Despite listing and sanctions, variants and competitors proliferated. A SIPRI report from September 2025 details how five categories of spyware tools entered control lists. Enforcement lagged. Human rights abuses continued.
Fast forward to today. Anthropic’s models now face the same treatment. The company issued a statement confirming the directive. “The US government has issued an export control directive to suspend all access to Fable 5 and Mythos 5 by any foreign national,” it read. (Anthropic). Access vanished for everyone to avoid violations. Critics argue this hurts American innovation more than adversaries. An open letter from Luta Security researchers, published yesterday, warns the controls damage U.S. cyber defense. Foreign and open-weight models will catch up fast. “Nobody expected the US Secretary of Commerce to issue an export control affecting Fable 5 and Mythos,” the post notes. (Luta Security).
The Encryption Wars Set the Pattern
Those battles of the 1990s offer the clearest lesson. Strong crypto threatened law enforcement’s wiretap capabilities. Officials fought hard. Yet math proved portable. Code crossed borders via FTP, Usenet, even printed books. Zimmermann printed PGP source on paper to skirt rules. Courts eventually sided with free speech arguments. By 2000, the Clinton administration relaxed most restrictions. Key lengths no longer dictated licenses for mass-market software. Commerce took over from State. The policy shift acknowledged reality. Technology had outrun regulation.
Recent analysis reinforces this view. A podcast episode from three days ago revisited the era. Strong encryption was once a munition. U.S. firms couldn’t ship it legally abroad. The Freak attack in 2015 exposed weaknesses in export-grade crypto. Researchers factored RSA keys weakened for compliance. (Blue Security Podcast). The pattern? Controls create weak standards that everyone exploits. Adversaries ignore them. Allies develop alternatives. American companies lose ground.
Spyware controls fared little better. The EU and Wassenaar participants added cyber-surveillance items. Implementation varied. The U.S. delayed full adoption until 2021. A Berkeley CLTC white paper from last year examined the effort. It found controversy, especially in Washington. Multilateral lists sparked debate over definitions. What counts as intrusion software? How do you control intangible transfers like source code or training data? The paper concludes that controls on commercial spyware produced mixed results at best. (CLTC Berkeley).
Now AI enters the arena. Frontier models like Mythos can generate code, spot vulnerabilities, or assist in offensive operations. The White House cited unspecified risks. Yet capabilities spread through open research, leaked weights, and foreign labs. A TechBuzz article posted hours ago argues the encryption wars ended not because controls succeeded but because they became irrelevant. “Encryption math doesn’t care about borders,” it states. (TechBuzz).
Industry voices grow louder. Yesterday’s CSIS update questioned what comes next after Commerce restricted Anthropic’s models. Researchers already test similar systems on open codebases with known flaws. Results show capable AIs identify issues regardless of origin. Controls may slow domestic access while foreign actors advance unchecked. And policymakers face a choice. Target the model weights. Or focus on misuse and harm.
Recent regulatory moves add complexity. The Department of Commerce announced an American AI Exports Program in March. It promotes full-stack AI packages including cybersecurity measures. (FD Associates). Contradictions emerge. One hand restricts. The other promotes. Companies must navigate license exceptions, end-user checks, and shifting rules on encryption embedded in AI systems. A TermsFeed analysis from late 2025 explains how software with cryptographic functions triggers EAR requirements. Mass-market encryption over 64 bits still needs registration. (TermsFeed).
So what now? Past failures suggest controls work best when narrow and paired with diplomacy. Broad bans on software categories invite evasion. Code compiles anywhere. Models train on public data. Knowledge disseminates through papers, conferences, and talent flows. The U.S. maintains advantages in compute, data, and talent. Export controls risk squandering those edges.
Critics on X echo the sentiment. One post from today links the TechCrunch piece and calls it a test case for AI containment. Another highlights how 30 years of trying to stop cybersecurity software flow yielded poor results. Why expect success now? Discussions reference the PGP saga. Zimmermann’s defiance. The eventual policy retreat. Spyware’s persistence despite Wassenaar. NSO. Candiru. Circles. New firms emerge. Tools evolve.
Lessons for the AI Era
AI differs in scale. Training requires massive resources. Inference runs on consumer hardware. Open-source communities accelerate progress. Foreign governments pour funds into their labs. China’s efforts. Europe’s regulations. The Middle East’s compute investments. Controls on specific U.S. models may buy months. Not years. And every restriction creates black-market demand.
A June 2026 White House cyber strategy emphasized American leadership. Yet export rules on AI could undermine it. Researchers warn that limiting defensive AI tools leaves U.S. networks exposed. The Luta letter calls for lifting controls on Fable and Mythos. Signatories include security professionals who tested the models on vulnerable code. Their verdict? These systems already help defenders find flaws faster. Denying them to allies weakens collective security.
Enforcement challenges multiply with AI. How do you inspect a model’s weights for “cyber” capabilities? What constitutes a dual-use system when every large language model can write scripts? Intangible transfers defy traditional borders. A researcher in Europe fine-tunes an open model using techniques from a U.S. paper. Does that violate rules?
The record shows mixed outcomes. Encryption controls collapsed under technical and commercial pressure. Spyware rules raised costs and scrutiny but didn’t eliminate the market. Bad actors sourced alternatives. Allies complained of uneven playing fields. Now AI faces the test. Anthropic’s swift compliance buys time for negotiation. Yet the underlying dynamic remains. Technology moves faster than policy. History suggests the controls will shape behavior at the margins. They won’t contain the spread.
Officials insist on safeguards. Companies seek clarity. Researchers push for open innovation. The standoff over Mythos forces a broader conversation. One about balancing security with progress. About whether restricting American AI cedes ground to less scrupulous players. About learning from PGP, from Pegasus, from every prior attempt that promised control but delivered adaptation instead.
Short answer. It doesn’t work. Longer view reveals why. Actors adapt. Markets shift. Innovation continues. The U.S. can lead through superior technology, alliances, and smart rules focused on end-use. Blanket export bans on frontier models risk repeating old mistakes on a larger stage. The next chapter depends on whether Washington recognizes the pattern before writing it again.
WebProNews is an iEntry Publication