In October 2022, the U.S. Biden administration, through the Department of Commerce’s Bureau of Industry and Security (BIS), released a slate of export controls to prevent Chinese firms from accessing sensitive computing technologies – principally, computer “chips” (e.g., Graphics Processing Units) – that enable the training and deployment of artificial intelligence (AI) models. Some think tank commentators characterized the move at the time as a means of “choking off” Chinese access to advanced AI development; a redux of the U.S.’s Cold War “containment” strategy vis-à-vis the Soviet Union, updated for U.S.-China Great Power Competition. As then-National Security Advisor Jake Sullivan noted in an October 2023 Foreign Affairs essay, the Biden administration’s approach to AI policy, in this respect, was to use export controls on a subset of AI’s most advanced enabling technologies in a targeted manner such that China – acting as both competitor and trading partner – could not access them for its own military purposes; an ostensible “small yard and a high fence” approach that would permit broader trade to continue.
I noted shortly after the imposition of the October 2022 export controls that the move came “with remarkably little media attention.” This is not terribly surprising: in a time before “ChatGPT” was a household name, AI remained largely the intrigue of researchers and specialist policy analysts, only occasionally breaking into the mainstream.
Within a dramatically different political milieu, AI firm Anthropic released a statement on the night of June 12, noting that the U.S. government had issued an
export control directive to suspend all access to Fable 5 and Mythos 5 by any foreign national, whether inside or outside the United States, including foreign national Anthropic employees. The net effect of this order is that we must abruptly disable Fable 5 and Mythos 5 for all our customers to ensure compliance (emphasis in original).
The statement goes on to note that the government’s directive was based on information it received on the possibility that the Fable 5 model – a Mythos-class model of cybersecurity intrigue, as written about previously – was vulnerable to a “potential narrow, non-universal jailbreak.” In simple terms: some U.S. officials believed that Fable 5 could be abused by bad actors in ways that accesses its offensive cyber capabilities, bypassing the guardrails imposed by Anthropic on the system’s use.
Details are limited. However, subsequent reporting by the Wall Street Journal indicates that the security flaw was brought to the attention of U.S. officials by Amazon CEO Andy Jassy (himself informed by a security researcher at Amazon). Politico also reports that U.S. Treasury Secretary Bessent and White House Cyber Director Cairncross, in calls with Anthropic CEO Dario Amodei, indicated that the potential jailbreak was verified by the National Security Agency and therefore took this as “proof” that the model should be pulled from public access. Most conspicuously, Semafor reports that the directive was imposed “partly over suspicions that a China-linked group had accessed it,” citing a source familiar with the situation. This latter reporting is curious in that such information would plausibly have been shared with Anthropic, who did not mention it in their statement.
Anthropic tends to be at the center of unprecedented U.S. government actions, previously having been subject to the (still in force) designation by the U.S. Department of Defense of a “supply chain risk.” There is, to be blunt, bad blood here. The actors involved in both the supply chain risk designation as well as this export control directive – both public and private – are not each other’s biggest fans.
Will the Directive Be Rescinded?
There are (at least) two reasons to doubt the export control directive will remain in force, both dependent on an assumption that Anthropic would challenge the directive in court. First, the authority invoked by the directive was done on a relatively ad hoc basis. As Shakeel Hashim notes, it was “not based on any formal testing process or agreed-upon thresholds for what makes a model too dangerous to release” and, in effect, “[creates] a new statutory authority for regulating AI.”
Second, we may add to this that the AI Executive Order signed by President Trump on June 2 instructs the Secretaries of Treasury, War, and Commerce (in consultation with other officials) within 60 days to
develop and maintain a classified benchmarking process to assess the advanced cyber capabilities of AI models and determine the threshold at which an AI model should be designed a “covered frontier model” for the purposes of this order…
This benchmarking process is almost certainly not complete, thereby indicating that the export control directive given to Anthropic is at least somewhat inconsistent with the administration’s stated means of determining relevant “thresholds” on which to make determinations as sensitive as that underpinning this directive.
That said, there are (at least) an additional two reasons to doubt that these challenges will prove successful for Anthropic. First, Anthropic’s own CEO Dario Amodei has laid a foundation on which even excessive concern about the national security implications of AI models may seem reasonable. In a blog post published this month (before the export control directive), Amodei writes:
The government should have the power to block or deter deployment of the model if it is determined, in light of third-party assessment, to present unacceptable risks. This power must be scoped to the above four specific risks [cybersecurity, biological weapons, loss of control of AI systems, and automated R&D that could accelerate these other risks] and there must be protective measures against political favoritism or arbitrary decisions.
The U.S. government, if the known facts hold, made its judgment on one of the four areas – cybersecurity – and ostensibly took its cue from an Amazon researcher specifically – a third-party assessment. Of course, Amodei’s blog post does not make the use of export controls legal or illegal, though it may hamper Anthropic’s case, should it bring one.
Second, recall that Anthropic’s supply chain risk designation remains in force. More specifically, note that it was potentially misleading in March to find legal commentators stating, for example, that the designation “Won’t Survive First Contact with Legal System.” That court fight instead continues. Thus, one should be at least somewhat cautious about assuming the government’s defense in this case would be straightforwardly rejected by courts. (This is more pronounced when one considers the relative leeway given to the federal government by courts on matters of national security, even ostensible in nature.)
How Are Defense Contractors Affected?
One might be tempted to suggest that U.S. Defense Department contractors will be impacted by this export control directive on Anthropic, but defense contractors are already prohibited from using Anthropic’s products specifically for Defense Department work. This is the result of the supply chain risk designation.
That said, restricting frontier Large Language Models (LLMs) from public use – directly through government regulations, or indirectly through bans on foreign national access – has knock-on effects regardless of one’s citizenship.
Frontier LLMs are now used in professional workflows in ways that were merely hypothetical in October 2022, with significant leaps in functionality occurring over the past year in particular. Anthropic’s own offerings are widely considered to be at the top of the pack. Restricted access to such models are therefore worth pricing in for non-U.S. defense-related work, including (and especially) those countries for which access to state-of-the-art LLMs is dependent on the American ecosystem. One will, to be sure, read exaggerations about the implications of this dependency in the context of this export control directive, though some impacts of this nature are nevertheless worth considering. (Those who receive Forecast International’s Market Recap will know France has taken pains to produce indigenous versions of, so-called, “AI” defense systems comparable to the U.S.’s Maven Smart System.)
Defense contractors working directly for the U.S. Defense Department will, at least for now, have to live with the uncertainty of Anthropic’s official status within both this department and the wider U.S. government. For now, Anthropic will be off-limits for defense-specific work. Close-to-frontier models from OpenAI and Google remain accessible, as well as from other labs, though the ease with which one might integrate various models into their professional workflow is a rather messy and idiosyncratic affair.
How Much Does This Actually Matter?
The export control directive on Anthropic is significant, though how significant depends on several, as-yet uncertain dynamics playing out. It is nevertheless worthwhile to observe that, unlike the October 2022 export controls on the flow of chips to Chinese firms, this month’s directive to Anthropic operates in a different framework: this time, all eyes are on it. “AI” is a fully mainstream topic (perhaps too mainstream, if one can forgive this author’s on-and-off wariness). Common wisdom might indeed hold that the significance of the October 2022 export controls and U.S.-China Great Power Competition is delimited relative to this month’s directive. This reasoning turns on the increasingly prevalent idea that LLMs will eat the world, changing the structure and distribution of power itself.
I suggest some sobriety. Not for nothing, reasons for actions matter. If this export control directive is a result principally of bad blood between Anthropic and actors within the U.S. government, then we may adjust our sensitivities to familiar political dynamics rather than the nature of power itself. Indeed, unlike in October 2022, personalities are now involved whose roles are something of a historical rhyme. In the 1990s, then-Microsoft CEO Bill Gates was known to have, let us say, strong feelings – “utter contempt” – for the government’s anti-trust investigation of the company’s Windows operating system, which Gates did not hide during depositions. Anthropic CEO Amodei, in this author’s view, may be entering a similar role today.
If the U.S. government’s reason for action is indeed cybersecurity, however, then there is cause for adjusting one’s sensitivities to this domain, where LLMs are proving more impactful than many others.
More than this, the truth of the matter – so far as anyone can reasonably determine – is that the extent to which LLMs are re-shaping the character of human labor is simply unknown. Much of the commentary on the export control directive is, as alluded to above, addressing matters well beyond the ostensible cybersecurity flaw on which it was based. Specifically, the implications of the directive are seen to cover the much larger debate about the productivity benefits of using frontier LLMs, and expected gains from such models as time goes on and new models are trained and released.
Given the uncertainty, a closing thought is in order: the acceleration of tasks, even tasks which may be novel to an individual, is not the end-all-and-be-all of technological advancement. What matters more is re-shaping the value of tasks. That frontier LLMs can, for instance, churn out far more lines of code than any human could hope to produce in comparable timeframes (albeit, with some concerns about quality and stability while in production) is a major shift in the character of coding-related work – which includes defense organizations – but the value of this is not self-evident. It will not be until someone changes the purpose to which this capacity, or others, is put that we might suggest a “transformation” of the relevant kind is in effect. This is, to be sure, closer to the expectation that appears to have undergirded the sweeping October 2022 export controls and updates therein throughout the Biden administration’s tenure.
The Trump administration’s export control on Anthropic’s Fable and Mythos models should therefore be viewed in this context, without undue extrapolation or speculation. Defense contractors should remain grounded in conditions as they are found.
Vincent Carchidi has a background in defense and policy analysis, specializing in critical and emerging technologies. He is currently a Defense Industry Analyst with Forecast International. He also maintains a background in cognitive science, with an interest in artificial intelligence.
