Anthropic just launched Mythos, a specialized AI model designed for cybersecurity work, and it’s already caught up in the same export control debate that’s plagued the industry for three decades. The company’s decision to restrict the model’s availability outside certain jurisdictions echoes the failed encryption wars of the 1990s and the ongoing struggle to contain spyware tools. Security experts are questioning whether limiting access to AI-powered security tools will protect anyone or simply push adversaries to build their own alternatives.

Anthropic is betting that export controls can contain its latest creation, Mythos, a large language model specifically trained to identify vulnerabilities, analyze malware, and assist security professionals. But if history is any guide, that bet is likely to fail.

The San Francisco-based AI company announced this week it would restrict Mythos access to users in allied countries, citing concerns about the model falling into the hands of state-sponsored hacking groups or cybercriminal organizations. It’s a familiar refrain that echoes back to 1991, when Phil Zimmermann released Pretty Good Privacy (PGP) encryption software and found himself under criminal investigation for violating arms export laws.

Back then, the U.S. government classified strong encryption as a munition, subject to the same controls as missiles and tanks. The result wasn’t containment but chaos. Zimmermann’s code spread globally anyway—activists printed the source code in books protected by First Amendment rights, and foreign developers built their own implementations. By the time the Clinton administration relaxed restrictions in 2000, the damage was done. American companies had lost market share to international competitors, while anyone determined to use encryption already had it.

“We’ve seen this movie before, and it always ends the same way,” says Katie Moussouris, founder of Luta Security and a veteran of Microsoft’s security response team. “You can’t put the genie back in the bottle with software, and you definitely can’t do it with AI models that dozens of research labs are racing to replicate.”

The pattern repeated with offensive security tools. When governments tried to control the export of penetration testing frameworks and exploit development kits, researchers simply published the techniques in academic papers and rebuilt them as open-source projects. Metasploit, now one of the most widely used security testing frameworks, started as an open-source project specifically to democratize capabilities that were previously restricted.

Even commercial spyware, despite aggressive export controls under the Wassenaar Arrangement, proliferated wildly. NSO Group’s Pegasus spyware ended up in the hands of authoritarian regimes from Saudi Arabia to Hungary, despite Israeli export licensing requirements. Citizen Lab researchers have documented Pegasus infections in more than 45 countries, many of them on the restricted list.

Anthropicс’s Mythos presents an even thornier challenge. Unlike compiled software or physical devices, AI models are essentially mathematical weights and architectures. The research papers describing how to build cybersecurity-focused models are already public. Multiple academic teams have published work on using large language models for vulnerability discovery, malware analysis, and exploit generation.

“The fundamental research is out there,” according to Dr. Megan Stifel, chief strategy officer at the Institute for Security and Technology. “Restricting access to one company’s implementation doesn’t stop China, Russia, or North Korea from training their own models on the same publicly available security datasets.”

Anthropicс declined to provide specific details about which countries would be restricted from accessing Mythos, citing ongoing discussions with the Commerce Department’s Bureau of Industry and Security. The company did confirm that the model was trained on a massive corpus of vulnerability databases, malware samples, and security research papers—much of which is already publicly accessible through sources like the National Vulnerability Database and academic repositories.

The timing is particularly awkward given the broader AI arms race. OpenAI, Google, and Microsoft have all demonstrated AI systems capable of finding security vulnerabilities in code. Google’s Project Zero team has used machine learning to discover zero-day exploits faster than human researchers. Restricting Mythos while competitors develop similar tools creates a competitive disadvantage without meaningfully slowing adversary capabilities.

There’s also the question of who these restrictions actually protect. Security teams at universities, startups, and organizations in emerging markets often lack the resources of major tech companies. Denying them access to cutting-edge defensive tools while assuming adversaries won’t develop equivalent capabilities seems like policy based more on precedent than logic.

Some cybersecurity veterans see a different path forward. Rather than restricting the technology itself, they argue for focusing on behavior and outcomes. After all, a vulnerability scanner is just a tool—what matters is whether it’s used to patch systems or exploit them.

“We should be tracking how these tools are used, not trying to prevent their existence,” argues Alex Stamos, former chief security officer at Facebook and now director of the Stanford Internet Observatory. “That means better attribution capabilities, stronger international norms against offensive cyber operations, and consequences for misuse.”

The encryption wars ended not because export controls worked but because they became technologically irrelevant. Encryption math doesn’t care about borders, and neither does AI. Every attempt to restrict cybersecurity tools has followed the same arc: initial optimism, gradual proliferation, eventual acceptance that the technology has spread beyond control.

Anthropicс’s export restrictions on Mythos may satisfy regulatory requirements and create a paper trail for compliance purposes. But the historical record suggests they won’t meaningfully slow the development of AI-powered cybersecurity capabilities by adversaries. The research is public, the datasets are available, and the computational resources needed to train competing models are increasingly accessible.

What’s different this time is the speed. Where PGP took years to spread globally through underground networks and academic channels, AI models can be replicated and deployed in months. The barriers to entry are lower, the research community is more distributed, and the economic incentives to develop offensive capabilities have never been higher.

Anthropicс finds itself in an impossible position—damned if it releases powerful security tools without restrictions, damned if it implements controls that history suggests won’t work. The company has consistently positioned itself as the responsible AI developer, prioritizing safety and security over speed to market. But responsibility in the AI age may require accepting that some capabilities can’t be controlled, only managed through norms, transparency, and collective action.

The Mythos export control debate isn’t really about whether AI can be contained—history has already answered that question with a resounding no. It’s about whether the AI industry will learn from three decades of failed cyber policy or repeat the same mistakes at machine speed. For security teams worldwide, the concern isn’t whether adversaries will get these capabilities, but whether legitimate defenders will be handicapped while waiting for policy to catch up with reality. The tools will spread regardless. The only question is whether we’ll build international norms and accountability frameworks before or after the next major breach proves that export controls were security theater all along.