Opinion: Who determines who is allowed to use a specific software?

      The letter was delivered at 5:21 p.m. Eastern Time on a Friday, marking the point when official Washington typically ceases returning calls and the news cycle begins to relax for the weekend. It originated from the Commerce Department, consisted of a few paragraphs, and achieved something unprecedented in American documentation.

      By the time the East Coast finished dinner, two of the top artificial intelligence models globally had ceased operation. They were not throttled, patched, or subtly degraded; they were completely offline. A researcher in Berlin, who had been engaged with one of the models, found it abruptly unavailable. This was also the case for a financial analyst in Singapore, a software team in Bangalore, and, in an ironic detail, several of Anthropic's engineers who happened to hold the "wrong" passport.

      The directive instructed Anthropic to deny access to Fable 5 and Mythos 5 to any foreign nationals worldwide, including non-citizens in California. Enforcing such a rule on a live product lacked a straightforward approach, so the company resorted to the only alternative available: it shut down both models for everyone, both citizens and foreigners, and expressed regret for the disruption it was forced to implement.

      I aim to differentiate between what constitutes fact and what is my personal opinion, as the two can quickly blur in a narrative like this. The factual elements are clear. Anthropic acknowledged it received the directive, confirmed its scope, and admitted to disabling the models as a response, while its older Claude Opus 4.8 continued to operate.

      Fortune and Al Jazeera reported this event as the first instance of the U.S. employing national-security export controls against a commercial AI model. The official reason provided was related to cybersecurity. Officials informed Anthropic that they had discovered a method to circumvent Fable 5's safeguards and access the raw cyberattack capabilities of Mythos, the underlying model.

      Anthropic referred to it as a “narrow potential jailbreak” and characterized the entire situation as a “misunderstanding.” Al Jazeera, referencing Semafor, mentioned that suspicions concerning access by a group connected to China were partly behind the trigger, though it could not independently verify this detail.

      Now, onto my opinion. Regardless of its validity, the security rationale is not the aspect of this story that should be emphasized. The focus should be on the mechanism, as it is what will be replicated: export controls are an established tool. They have regulated missiles, centrifuges, encryption, and the physical chips that AI relies on.

      What is novel this time is the subject. A frontier model is not tangible hardware that can be intercepted at a port. It is a service accessed via a browser, increasingly integrated into the daily operations of companies and institutions irrelevant to American national security. Al Jazeera highlighted that clients of the ratings agency S&P utilize Claude to query their databases; research labs leverage it; foreign employees within American companies rely on it to perform their roles. When the government can deactivate that service globally overnight, “export control” transitions from describing a border to defining a kill switch.

      This sets a precedent, and precedents do not remain contained. Once a government shows it can compel a company to withdraw a commercial product from millions of users with just hours of notice, this tool is available for future administrations and grievances. The criteria used here, “foreign national,” is so broad that it nearly becomes meaningless.

      Kun Chen, a former engineer at Meta and Microsoft, pointed out that this is impractical to enforce and easily bypassable for anyone with malicious intent while inadvertently impacting millions of regular users and even the staff of American firms. A measure that fails to target its intended audience and instead affects everyone else cannot be described as precise; it merely demonstrates the extent of reach.

      There exists a reasonable counterargument that merits a thoughtful examination rather than being dismissed as a straw man. Governments have historically claimed the authority to prevent dangerous technologies from proliferating, and if a model genuinely poses a risk of being weaponized for bank heists, the government has a rightful interest in regulating that. After all, Anthropic has spent years asserting that its most advanced systems are too hazardous to be freely released.

      It labeled Mythos as too powerful for a wide launch, then constructed Fable with a framework of safeguards that it prominently advertised. If you create something and describe it as dangerous, it is hardly surprising when regulators respond accordingly.

      Cybersecurity researcher Peter Girnus succinctly stated: “If you promote your product as a munition in every press release, eventually, a government will take you at your word.” They essentially drafted their legal rationale and branded it as such.

      I find this argument to be both honest and incomplete. It is honest because the threat is not entirely fabricated, and Anthropic did play a role in shaping the narrative. However, it is incomplete because it addresses a question that isn't at the forefront of the discussion. The crux of the issue is not whether the government