{"id":734431,"date":"2026-06-20T03:30:34","date_gmt":"2026-06-20T00:30:34","guid":{"rendered":"https:\/\/buradabiliyorum.com\/en\/encryption-spyware-and-now-mythos-history-shows-why-cyber-export-control-doesnt-work\/"},"modified":"2026-06-20T03:30:34","modified_gmt":"2026-06-20T00:30:34","slug":"encryption-spyware-and-now-mythos-history-shows-why-cyber-export-control-doesnt-work","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/encryption-spyware-and-now-mythos-history-shows-why-cyber-export-control-doesnt-work\/","title":{"rendered":"Encryption, spyware, and now Mythos: History shows why cyber export control doesn&#8217;t work"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a368db29bd97\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a368db29bd97\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/encryption-spyware-and-now-mythos-history-shows-why-cyber-export-control-doesnt-work\/#Contact_Us\" >Contact Us<\/a><\/li><\/ul><\/nav><\/div>\n<div>\n<p id=\"speakable-summary\" class=\"wp-block-paragraph\">Last Friday, citing unspecified national security concerns, the White House ordered Anthropic to restrict the export of its powerful AI models Fable and Mythos to anyone outside of the United States, as well as foreign nationals inside the country. Shortly after, the AI giant hastily pulled the plug on both models, which have now been unavailable to anyone for a week.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">The episode is the first real test of whether the U.S. government can use export controls to contain frontier AI the way it has tried, with very uneven results, to contain encryption and spyware before it. And dramatic as it may sound, how this standoff gets resolved could shape not just Anthropic\u2019s access to foreign markets but the rulebook that other AI labs will have to build around.<\/p>\n<p class=\"wp-block-paragraph\">Some context first. Ever since Anthropic launched Mythos in April, the company has marketed it as some kind of Doomsday cyber machine that could wreak havoc on the internet if released too widely \u2014 which is why, before the ban, only around 150 vetted companies and government organizations had access to it at all. The goal was helping defenders secure their software and services before the bad guys could reach Mythos-like capabilities.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">So what triggered the ban? Two subsequent events, reportedly. The first: Anthropic gave a South Korean telecom access to Mythos through its limited partner program, and U.S. officials grew alarmed after identifying the company as one they suspected had ties to China. (The company, <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/www.wired.com\/story\/sk-telecom-anthropic-mythos-export-controls\/\">widely reported<\/a> to be SK Telecom, has <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/www.chosun.com\/english\/world-en\/2026\/06\/16\/PBE4LOQZQNCNRPQ3WKZTUL6FKI\/\">denied<\/a> any China connection.) Amazon CEO Andy Jassy also reportedly <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/www.wsj.com\/tech\/ai\/amazon-ceos-talks-with-u-s-officials-triggered-crackdown-on-anthropic-models-dcc90578\">alerted the administration<\/a> after Amazon\u2019s own researchers, he said, found a way around Fable 5\u2019s safeguards. Anthropic disputes the \u201cjailbreak\u201d label, calling it a narrow, already-patched issue rather than a wholesale defeat of the model\u2019s safety measures. <\/p>\n<p class=\"wp-block-paragraph\">The result was the same: the Commerce Department issued an export control directive, and Anthropic had to scramble to im<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">media<\/a>tely limit access to its products within roughly 90 minutes of being notified, by some accounts.<\/p>\n<p class=\"wp-block-paragraph\">None of this is new, though. Governments have tried to use export controls to limit the proliferation of what they see as dangerous cyber <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/technology\/\" data-internallinksmanager029f6b8e52c=\"4\" title=\"Technology\" target=\"_blank\" rel=\"noopener\">technology<\/a> for decades, but their track record has been middling at best.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">The U.S. government was behind what is perhaps history\u2019s most spectacular failure of this <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>roach in the early to mid-1990s. At the time, computer scientists were developing encryption technologies to secure data as it <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/trip-and-travel\/\" data-internallinksmanager029f6b8e52c=\"10\" title=\"Trip &amp; Travel\" target=\"_blank\" rel=\"noopener\">travel<\/a>ed over the internet. One of those encryption products was called Pretty Good Privacy, or PGP, a popular software that could encrypt data and make it virtually impossible to unscramble even if intercepted as it traveled to its intended recipient over the internet.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">The U.S. government initially saw PGP as a dangerous weapon, fearing it would prevent its intelligence agencies from snooping on emails as they crossed their wires. To stop the distribution of PGP, the U.S. Customs Service <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/www.wired.com\/1995\/03\/the-continuing-investigation-of-phil-zimmermann\/\">opened a criminal investigation<\/a> against PGP\u2019s creator Phil Zimmermann for allegedly violating arms export controls. He fought back by publishing PGP\u2019s source code <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/archive.org\/details\/pgpsourcecodeint0000zimm\">as a printed book<\/a>, igniting what is known today as the \u201cCrypto Wars.\u201d\u00a0<\/p>\n<p class=\"wp-block-paragraph\">Zimmermann later won a key battle when the investigation was closed, paving the way for crucial end-to-end encryption algorithms such as the one used by billions of Signal and WhatsApp users.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">Later during the early 2010s, researchers began discovering Western-made spyware used against dissidents in the Middle East. In response, several governments agreed to expand <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/www.wassenaar.org\/participating-states\/\">the Wassenaar Arrangement<\/a>, an international treaty that limits the export of dual-use software and technologies that are used in both civilian and military applications.<\/p>\n<p class=\"wp-block-paragraph\">The idea was to classify surveillance and hacking software as dual-use, thus forcing spyware makers to get export licenses to sell their products abroad.\u00a0<\/p>\n<div class=\"article-block block--callout block--right has-green-500-background-color\">\n<h4 class=\"block--callout__title\"><span class=\"ez-toc-section\" id=\"Contact_Us\"><\/span>Contact Us<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>\t\t\tDo you have more information about the Mythos ban? From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email.\t\t<\/p><\/div>\n<p class=\"wp-block-paragraph\">But Wassenaar has always had two inherent weaknesses. There are several countries that don\u2019t adhere to the agreement, including Israel, which houses some of the world\u2019s most active spyware makers.<\/p>\n<p class=\"wp-block-paragraph\">The agreement also depends on countries applying it to companies within their borders at their own discretion. For a time, the Italian government allowed one of the country\u2019s then-top spyware makers, Hacking Team, a license to export its tools around the world, despite the company\u2019s track record of selling spyware to <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/slate.com\/technology\/2012\/08\/moroccan-website-mamfakinch-targeted-by-government-grade-spyware-from-hacking-team.html\">oppressive<\/a> <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/www.vice.com\/en\/article\/ethiopia-allegedly-used-spyware-against-us-based-journalists-again\/\">governments<\/a> that <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/citizenlab.ca\/research\/mapping-hacking-teams-untraceable-spyware\/#3\">used it<\/a> to hack journalists and human rights activists.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">Since then, <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/www.hrw.org\/news\/2026\/06\/18\/bulgaria-licensed-surveillance-exports-to-rights-violators\">other<\/a> <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/balkaninsight.com\/2026\/05\/12\/bulgaria-poland-among-eu-states-accused-of-selling-spy-tech-to-autocracies\/rd\/\">countries<\/a> in Europe have been lax with spyware makers like Italy. Despite numerous scandals, Europe, home to many spyware and hacking tools makers, has <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/www.hrw.org\/report\/2026\/05\/12\/looking-the-other-way\/eu-failure-to-prevent-surveillance-exports-to-rights\">continually failed to curb the export of spyware<\/a> to authoritarian regimes. Critics say that a recently renewed effort across the bloc of 27 member states to tackle its growing problem of spyware exports to authoritarian states \u201cdoes not go far enough.\u201d<\/p>\n<p class=\"wp-block-paragraph\">Several spyware makers, such as Intellexa, a sanctioned consortium of spyware companies,\u00a0 have simply moved their operations to countries with lax export controls. Other spyware makers sought to move their operations to Saudi Arabia for similar reasons.<\/p>\n<p class=\"wp-block-paragraph\">There have been some wins. Germany-based spyware maker FinFisher <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/www.accessnow.org\/press-release\/finfisher-shuts-down\/\">shut down in 2022<\/a> after a multi-year investigation by German prosecutors into the company for <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/netzpolitik.org\/2020\/our-criminal-complaint-german-state-malware-company-finfisher-raided\/\">allegedly selling spyware<\/a> to Turkey without an export license. Investigators previously found the FinFisher spyware had been <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/www.accessnow.org\/wp-content\/uploads\/2018\/05\/FinFisher-changes-tactics-to-hook-critics-AN.pdf\">deployed on the phones<\/a> of critics of Turkey\u2019s government.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">As of the time of writing, the impasse between Anthropic and the Trump administration remains. There is a reasonable chance the administration will buckle and lift the restriction in the interest of keeping American AI companies competitive worldwide \u2014 a move that would amount to tacit acknowledgment that AI labs elsewhere, including in China, will likely reach similar capabilities regardless of what the U.S. restricts. Or, American AI companies could end up needing government approval before serving foreign customers at all, a compliance burden that would invariably dent their bottom line.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">Given the past experiences that world governments have had with trying to control the reach of software, government-mandated export controls are unlikely to be the right approach to stop malicious actors from abusing powerful dual-use cyber technologies.<\/p>\n<\/div>\n<p><em>When you purchase through links in our articles, we may earn a small commission. This doesn\u2019t affect our editorial independence.<\/em><\/p>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMN63nwsw68G3Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/buradabiliyorum.com\/en\/category\/technology\/\" target=\"_blank\" >Technology<\/a><\/span> category.<\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/techcrunch.com\/2026\/06\/19\/encryption-spyware-and-now-mythos-history-shows-why-cyber-export-control-doesnt-work\/\" target=\"_blank\" >Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Last Friday, citing unspecified national security concerns, the White House ordered Anthropic to restrict the export of its powerful AI models Fable and Mythos to anyone outside of the United States, as well as foreign nationals inside the country. Shortly after, the AI giant hastily pulled the plug on both models, which have now been&#8230;<\/p>\n","protected":false},"author":1,"featured_media":734432,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/techcrunch.com\/wp-content\/uploads\/2026\/06\/donald-trump-open-mouth.jpg?resize=1200,800","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[77337,152300,70937,70375,156792,152032,161494,72287,151937],"class_list":["post-734431","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology","tag-ai","tag-anthropic","tag-artificial-intelligence","tag-cybersecurity","tag-export-controls","tag-infosec","tag-mythos","tag-security","tag-spyware"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/734431","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=734431"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/734431\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/734432"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=734431"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=734431"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=734431"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}