A Familiar Battle: Governments vs. Cybersecurity Technology
Every decade or so, governments face a version of the same dilemma: a powerful new cybersecurity technology emerges, concerns about its misuse grow, and policymakers reach for the lever of export controls. It happened with encryption in the 1990s. It happened again with commercial spyware in the 2010s. And now, with the emergence of Anthropic's advanced AI cybersecurity model known as Mythos — currently restricted from public release and made available only to a small number of trusted organizations through Project Glasswing — the cycle appears to be repeating itself.
The uncomfortable truth that three decades of evidence keeps surfacing is simple: cyber export controls rarely work as intended. Understanding why requires a trip through recent history.
The Crypto Wars: Export Controls Meet Their First Major Defeat
In the early 1990s, the United States government classified strong encryption software as a munition. Exporting it required the same kind of license as selling a weapon. The policy was rooted in a legitimate fear: if adversaries could encrypt communications beyond the reach of intelligence agencies, national security would suffer.
The government's approach culminated in the Clipper Chip initiative — a proposal to mandate backdoors in civilian encryption products so that law enforcement could always gain access. Cryptographers, civil liberties advocates, and the technology industry pushed back hard. Meanwhile, the broader problem was already apparent: strong encryption algorithms like PGP (Pretty Good Privacy) were spreading across the early internet faster than any export regime could contain them.
Phil Zimmermann, the creator of PGP, famously exported the software by printing its source code in a book — which, as a printed text, was protected under the First Amendment. The message was clear: in the digital age, information moves in ways that defy the assumptions built into traditional export control frameworks.
By the late 1990s, the Clinton administration largely abandoned the attempt. Encryption was declassified as a munition. Strong cryptography became a global standard. The export controls had delayed adoption in some commercial contexts, but they had not prevented adversaries, criminals, or foreign governments from accessing the technology. They had, however, created friction for legitimate businesses and researchers.
Spyware and the Wassenaar Arrangement: Good Intentions, Mixed Results
The next major chapter came with commercial surveillance software. Tools like FinFisher and NSO Group's Pegasus raised alarming questions about how intrusion software developed by private companies was being sold to authoritarian governments and used to target journalists, dissidents, and human rights workers.
The international community responded by expanding the Wassenaar Arrangement — a multilateral export control regime — to cover intrusion software in 2013. The intent was sensible: stop the proliferation of tools designed to surveil and oppress. The implementation, however, proved deeply problematic.
Security researchers quickly pointed out that the definitions were so broad that legitimate defensive security tools, penetration testing software, and academic research could potentially fall under the controls. The cybersecurity community, which depends on the free flow of vulnerability information and offensive research techniques to build better defenses, found itself tangled in bureaucratic uncertainty.
Meanwhile, the companies actually selling intrusive surveillance tools to authoritarian regimes — often operating through layers of subsidiaries and intermediaries — continued doing business. The controls created compliance headaches for the good actors while the bad actors adapted their structures and continued operating. The pattern was eerily similar to what had happened with encryption twenty years earlier.
What Makes Cybersecurity Technology So Difficult to Control
To understand why these efforts keep stumbling, it helps to look at the structural properties of cybersecurity knowledge and tools:
- Dual-use by nature: Almost every cybersecurity capability has both offensive and defensive applications. Knowing how to exploit a vulnerability is a prerequisite for fixing it. Any framework that tries to restrict offensive knowledge ends up restricting defensive knowledge too.
- Low marginal reproduction cost: Unlike a physical weapon, software can be copied and transmitted globally at essentially zero cost. Controlling a physical artifact is categorically different from controlling information.
- Global talent pools: Cryptographers, malware analysts, and AI researchers are distributed around the world. Restricting one country's researchers from accessing a tool does not prevent researchers elsewhere from developing equivalent capabilities independently.
- Speed of iteration: Cybersecurity technology evolves faster than regulatory frameworks can adapt. By the time a control regime is established, the technology it targets has often already been superseded.
Mythos and the AI Era: A New Tool, an Old Problem
Anthropic's Mythos model represents a genuinely new kind of cybersecurity capability — an advanced AI system designed with security applications in mind, currently withheld from public release through Project Glasswing due to the sensitivity of its capabilities. The caution Anthropic is exercising is understandable and reflects responsible development practices.
But the question of whether formal export control regimes could effectively limit Mythos-like capabilities across the broader AI landscape runs directly into the same walls that stopped similar efforts before. Large language models and AI systems are built on mathematical techniques, training data, and computational infrastructure that are globally distributed. The underlying research is published in academic papers read by engineers on every continent. The architectural concepts are not secret.
Restricting access to a specific model through export controls might slow deployment in certain regulated commercial contexts. It is unlikely to prevent foreign state actors or well-resourced adversaries from developing comparable capabilities through their own research programs. And it may, as history suggests, impose the heaviest costs on legitimate security researchers who need access to advanced tools to study and counter threats.
What Might Actually Work
None of this means that governance of powerful AI security tools is impossible or unimportant. It means that effective governance probably looks different from traditional export control. Approaches worth serious consideration include transparency requirements that make AI system behaviors auditable, international coordination frameworks that establish shared norms among allied nations, and investment in defensive AI capabilities that keep pace with offensive ones.
The lesson of the last thirty years is not that cybersecurity technology should be ungoverned. It is that the specific instrument of export control has a poor track record against technologies that are fundamentally informational, dual-use, and globally reproducible. Policymakers grappling with AI security tools like Mythos would do well to study that history carefully before defaulting to a tool that keeps failing to do the job.
Conclusion: History as a Guide
From the Clipper Chip to the Wassenaar Arrangement, the recurring story of cyber export controls is one of good intentions undermined by the fundamental nature of digital information. As AI-powered cybersecurity tools become more capable and more consequential, the pressure to control their spread will only intensify. But pressure alone does not make a policy effective. The burden of proof rests on those proposing export controls to explain why this time would be different — and thirty years of evidence suggests that is a very heavy burden to meet.