← Back to news

From PGP to Mythos: a brief history of export controls that didn't stop anyone

Original article
techcrunch.com|104 points|46 comments|by Brajeshwar|Jun 20, 2026

From PGP to Mythos: A Brief History of Export Controls That Didn't Stop Anyone

By Lorenzo Franceschi-Bicchierai | June 19, 2026

US President Donald Trump addresses the media

Last Friday, the White House intervened in the AI sector, citing vague national security risks to order Anthropic to halt the export of its high-end AI models, Fable and Mythos. This restriction applies to all individuals outside the U.S. and foreign nationals residing within the country.

In a rapid response, the AI firm disabled both models, leaving them inaccessible to the entire world for a full week. This clash highlights a recurring theme: the government's attempt to use export controls to leash "frontier AI," mirroring previous—and often unsuccessful—efforts to regulate spyware and encryption.

The resolution of this specific standoff will likely define the operational boundaries for all future AI laboratories.

The "Doomsday" Machine: The Mythos Controversy

Since its April debut, Anthropic has positioned Mythos as a potentially catastrophic tool—a "Doomsday cyber machine" capable of destabilizing the internet. To mitigate this risk, access was strictly limited to approximately 150 vetted government agencies and corporations.

The strategic intent was clear:

"The goal was helping defenders secure their software and services before the bad guys could reach Mythos-like capabilities."

Why the Ban Happened

The sudden crackdown was triggered by two primary events:

  1. The South Korean Connection: Anthropic granted access to a South Korean telecommunications firm (widely believed to be SK Telecom) via its partner program. U.S. officials became concerned over alleged ties between this company and China, though the firm has denied these claims.
  2. The Amazon "Jailbreak": Amazon CEO Andy Jassy informed the administration that Amazon's internal researchers had bypassed the safety protocols of Fable 5.

While Anthropic argues that this was merely a narrow, already-patched issue rather than a total collapse of safety measures, the government's reaction was swift. The Commerce Department issued a directive, and Anthropic restricted access within roughly 90 minutes.

A Legacy of Ineffectiveness

The government's track record with cyber-technology export controls is, at best, mediocre. This can be visualized as a cycle of restriction followed by inevitable bypass:

The "Crypto Wars" of the 90s

One of the most glaring failures occurred in the mid-1990s with the rise of encryption. Computer scientists were building tools to protect internet data, most notably Pretty Good Privacy (PGP).

  • The Threat: The U.S. government viewed PGP as a weapon because it prevented intelligence agencies from intercepting emails.
  • The Conflict: The Customs Service launched a criminal probe into creator Phil Zimmermann for violating arms export laws.
  • The Loophole: In a brilliant move, Zimmermann published the PGP source code as a printed book, utilizing First Amendment protections for free speech.

The government successfully stopped encryption. Instead, Zimmermann won, paving the way for the end-to-end encryption now used by billions on WhatsApp and Signal.

The Spyware Struggle and the Wassenaar Arrangement

In the early 2010s, the focus shifted to Western-made spyware targeting dissidents. Governments expanded the Wassenaar Arrangement, an international treaty governing "dual-use" technologies (tools with both civilian and military applications).

The goal was to force spyware vendors to obtain export licenses. However, the system is riddled with holes:

Failure PointDetail
Non-AdherenceCountries like Israel (a hub for spyware) do not follow the agreement.
Discretionary LicensingItaly previously licensed Hacking Team to sell tools to oppressive regimes.
Jurisdictional HoppingCompanies like Intellexa simply relocate to countries with lax laws.

Despite new efforts by the EU's 27 member states to curb these exports, critics argue the measures are insufficient.

Summary of Control Efficacy

If we were to model the effectiveness of these controls mathematically, it might look like this:

Econtrol=limtRestrictionsInnovation+Global Demand0E_{control} = \lim_{t \to \infty} \frac{\text{Restrictions}}{\text{Innovation} + \text{Global Demand}} \approx 0

Final Checklist of Government Goals:

  • Identify dangerous technology
  • Issue export bans
  • Actually stop the technology from spreading

Lorenzo Franceschi-Bicchierai

Contact Information: If you have tips regarding the Mythos ban, reach out to Lorenzo Franceschi-Bicchierai via:

  • Signal: +1 917 257 1382
  • Telegram/Keybase: @lorenzofb

Event Logo