The Trump administration’s decision to classify Anthropic’s Mythos and Fable models as munitions — restricting access to anyone outside the United States and foreign nationals within it — is not a novel strategy. It is the third act of a playbook the US government has been running since the 1990s, and the results have been the same each time: the technology gets out anyway, the companies get hurt, and the adversaries find workarounds within months.
🔍 THE BOTTOM LINE
As TechCrunch’s Lorenzo Franceschi-Bicchierai documents, the history of US export controls on dual-use software — from PGP encryption through the Wassenaar Arrangement on spyware to now frontier AI models — is a decades-long catalogue of failure. The controls restrict legitimate users. They do not stop the targets. And for New Zealand, a Five Eyes member that follows US export controls by default, the pattern means our AI companies get caught in the same net without any of the discretion.
What Changed: Three Decades, Same Playbook
In the early 1990s, the US government treated Pretty Good Privacy (PGP) — Phil Zimmermann’s encryption software — as a weapon. The Customs Service opened a criminal investigation into Zimmermann for allegedly violating arms export controls, because PGP was strong enough to prevent US intelligence agencies from reading intercepted emails. Zimmermann fought back by publishing PGP’s source code as a printed book, exploiting the constitutional protection of printed matter. The investigation was closed. PGP went on to underpin the end-to-end encryption used by billions of Signal and WhatsApp users today.
Two decades later, researchers discovered Western-made spyware being used against dissidents in the Middle East. The response was the Wassenaar Arrangement — an international treaty expanding export controls to cover surveillance and hacking tools. But as TechCrunch notes, Wassenaar had two inherent weaknesses: several countries (including Israel, home to major spyware makers) never joined, and member countries applied the rules at their own discretion. Italy allowed Hacking Team to export spyware to oppressive governments. Intellexa simply moved operations to countries with lax controls. FinFisher shut down in 2022 — but only after a multi-year German prosecution, not because the export controls themselves worked.
Now the focus has shifted to AI. The Commerce Department’s directive against Anthropic was triggered by two events: the company gave South Korean telecom SK Telecom access to Mythos through its limited partner program (US officials reportedly suspected Chinese ties, which SK Telecom has denied), and Amazon CEO Andy Jassy alerted the administration after Amazon researchers found a way around Fable 5’s safeguards. Anthropic had roughly 90 minutes to comply.
Context: Classifying Capability, Not Application
The core problem, as the PGP precedent shows, is defining “dual-use” for a general-purpose technology. PGP was not designed as a weapon — it was designed to protect privacy. But the US government classified strong encryption as a munition because it could be used by adversaries to hide communications. The same logic is now being applied to AI models: Anthropic’s Fable and Mythos are general-purpose tools, but the administration has classified the underlying capability itself as a controlled good.
This is a regulatory stretch that has historically proven brittle. The EFF has already called the Anthropic export controls unconstitutional, arguing that code is speech — the same argument that won the Crypto Wars. And the G7 summit in Paris made clear that America’s closest allies are not aligned with the approach. Europe wants Anthropic’s models available, not walled off.
NZ Angle: Five Eyes Means We Follow, Not Lead
New Zealand operates within the Five Eyes intelligence-sharing framework, which means we effectively inherit US export control decisions for dual-use technology. When the US classifies an AI model as a munition, NZ companies relying on that model lose access — not because Wellington made that decision, but because the supply chain runs through US jurisdiction.
The Brookings analysis of the Anthropic case frames this as a sovereignty question: if your AI infrastructure depends entirely on models controlled by a foreign government, your digital economy is subject to that government’s policy whims. For NZ, which has no domestic frontier model capability, the answer has been to import. The export control precedent means import is no longer guaranteed.
The Other Side: The Controls Are Not Pointless
The argument for export controls is not absurd. Mythos was reportedly capable of autonomous cyber operations that could cause real damage — Anthropic itself marketed it as a near-apocalyptic tool. The 150 companies and government organisations that had pre-ban access were vetted specifically because the model was dangerous. The SK Telecom incident suggests the vetting process had gaps.
But as Bruce Schneier argued when the ban landed, the controls do not prevent the capability from existing — they only prevent one specific company from distributing it. The capability to train a Mythos-class model is not unique to Anthropic. Chinese labs, European labs, and open-source collectives are all converging on similar thresholds. The controls buy time, not safety.
The Bigger Picture: The Compliance Burden Is the Real Cost
The most likely outcome, as TechCrunch suggests, is that the administration buckles and lifts the restriction to keep American AI companies competitive — a tacit admission that the controls cannot outlast the commercial pressure. The alternative — requiring all US AI companies to get government approval before serving foreign customers — would impose a compliance burden that Chinese and European competitors do not face.
For New Zealand, the lesson is structural, not tactical. If we depend on US frontier models, we are subject to US export control decisions made without our input. The fix is not to build a domestic Anthropic — we cannot — but to ensure that critical AI infrastructure has redundancy: open-source alternatives, multi-jurisdictional suppliers, and a policy framework that treats AI model access as a supply chain risk, not a procurement decision.
❓ FAQ
Q: Has the US ever successfully export-controlled software? A: No. PGP encryption spread globally despite criminal investigations. Spyware exports continued under Wassenaar through regulatory loopholes and non-signatory countries. The pattern is consistent: controls delay proliferation by months, not years.
Q: Why was Anthropic given only 90 minutes to comply? A: The Commerce Department directive was issued as an immediate order, likely because the administration believed ongoing foreign access to Mythos constituted an active national security risk. The compressed timeline suggests officials were concerned about further distribution, not deliberate non-compliance.
Q: What does this mean for NZ AI companies using Claude or Fable? A: If your business depends on Anthropic models, the export control precedent means access can be cut off by a US policy decision at any time. Diversifying model suppliers — including open-source alternatives — is now a risk management requirement, not a preference.
Q: Could the controls be extended to other AI companies? A: Yes. The legal framework used against Anthropic — export control law — is not company-specific. If the administration determines that OpenAI, Google, or Meta models meet the same threshold, the same directive mechanism applies.
🔍 THE BOTTOM LINE
The PGP precedent took five years to resolve and ended with the government backing down. The spyware controls under Wassenaar are still failing a decade later. The Anthropic ban is one week old and already facing legal challenge from the EFF and diplomatic resistance from the G7. The history is unambiguous: export controls on software do not stop the people they target. They stop the people who comply. And New Zealand, by default, is one of the people who complies.
