Opinion: Who determines who is allowed to use a specific piece of software?

      The letter was delivered at 5:21 PM Eastern Time on a Friday, which is typically when official Washington ceases to return calls and the news cycle slows down for the weekend. It originated from the Commerce Department, comprised a few paragraphs, and did something unprecedented for American correspondence.

      By the time dinner was completed on the East Coast, two of the most advanced artificial intelligence models globally had been discontinued. They weren't throttled, patched, or quietly degraded; they were simply turned off. A researcher in Berlin, who was engaged with the model at that moment, noticed it was gone. The same was true for a financial analyst in Singapore, a software team in Bangalore, and, in a detail that could be seen as humorous if it weren't so serious, several engineers from Anthropic who happened to hold the wrong passport.

      The directive instructed Anthropic to deny access to Fable 5 and Mythos 5 for any foreign national, globally, including non-citizens working in California. There was no straightforward way to enforce such a rule on a live product, so the company opted for the only course of action available to it: it shut down both models for all users, citizens and foreigners alike, and apologized for an interruption it didn’t initiate.

      I want to differentiate between established facts and personal opinions, as the two can easily intertwine in such narratives. The facts are undisputed. Anthropic acknowledged it received the directive, recognized its scope, and confirmed that it disabled the models as a result, while keeping an older version, Claude Opus 4.8, operational.

      Both Fortune and Al Jazeera reported that this was the first instance of the U.S. employing national-security export controls on a commercial AI model. The stated justification centers around cybersecurity concerns. Officials informed Anthropic that they had discovered a method to bypass Fable 5’s safeguards and access the raw cyberattack capabilities of Mythos, the underlying model.

      Anthropic referred to this as a “narrow potential jailbreak” and characterized the entire situation as a “misunderstanding.” Al Jazeera, referencing Semafor, noted that suspicions of access by a group linked to China contributed to the decision, although it could not independently verify that detail.

      As for my opinion, the argument surrounding security—regardless of its validity—is not the aspect of this story that should be emphasized. Instead, it is the mechanism at play, as that is what will likely be reused: export controls are an established tool. They have historically regulated missiles, centrifuges, encryption, and the physical chips that power AI.

      What is unprecedented this time is the nature of the object involved. A frontier model is not physical hardware that can be intercepted at a port. It is a service accessible through a web browser, now integrated into the regular operations of companies and institutions that have no connection to American national security. Al Jazeera pointed out that clients of the ratings agency S&P use Claude to search their databases; research facilities utilize it; foreign employees within American corporations rely on it to perform their duties. When a government can disable such services globally overnight, the term "export control" shifts from describing a boundary to indicating a kill switch.

      This sets a precedent, one that is unlikely to remain isolated. Once an administration demonstrates it can force a company to revoke access to a commercial product for millions of users with hours of notice, this tool becomes available for future administrations and grievances. The criteria applied this time, “foreign national,” is so broad that it nearly lacks definition.

      Kun Chen, a former engineer at Meta and Microsoft, pointed out that such enforcement is impractical and easily evaded by anyone with malicious intent, while mistakenly including millions of regular users and even employees at American firms. A measure that fails to target its intended audience while affecting everyone else does not exhibit precision; it showcases the extent of power.

      There is a valid counterargument that deserves serious consideration rather than being dismissed. Governments have historically claimed the right to halt the spread of dangerous technology, and if a model genuinely can become an automated weapon for bank hacking, the state has a legitimate concern. Anthropic has, after all, spent years portraying its most powerful systems as too hazardous for unrestricted release.

      It deemed Mythos too powerful for a broad introduction, subsequently constructing Fable with heavily advertised safeguards. If a company builds something risky and brands it as such, it should not be surprised when regulators respond accordingly.

      Cybersecurity researcher Peter Girnus articulated it succinctly: “If you label your product as a munition in every press release, eventually a government takes you at your word. They established the legal foundation themselves and branded it.”

      I consider that argument to be both honest and incomplete. It is honest because the danger is not entirely fabricated, and Anthropic did help craft the narrative. However, it is incomplete because it addresses a question that is not central to the discussion. The real issue isn’t whether the state can regulate genuinely hazardous capabilities—it