Encryption, spyware, and now Mythos: History shows why cyber export control doesn’t work

The United States government's attempts to control the export of cybersecurity technology have historically proven ineffective, a pattern that raises doubts about the efficacy of current efforts to restrict access to Anthropic's new cybersecurity model, Mythos. For the past three decades, regulations designed to prevent sensitive software from reaching adversarial nations or malicious actors have faced significant challenges in enforcement and often failed to achieve their intended goals. This long history suggests that the dynamic nature of technology development and the global interconnectedness of the digital landscape make such controls difficult to maintain. The emergence of advanced AI models like Mythos, which are designed to detect and counter cyber threats, presents a new frontier in this ongoing struggle, with policymakers and industry leaders grappling with how to balance innovation with national security concerns. The core issue remains that once a technology is developed, its diffusion, whether intentional or unintentional, is hard to contain, especially in the rapidly evolving field of artificial intelligence and cybersecurity.