A Kill Switch for Frontier AI

On Friday, June 12, at 5:21 p.m. Eastern Time, Anthropic received a letter from the U.S. Commerce Department. Citing national-security authorities, the government ordered the company, as Anthropic describes it, "to suspend all access to Fable 5 and Mythos 5 by any foreign national, whether inside or outside the United States, including foreign national Anthropic employees." Because Anthropic cannot reliably sort its users by nationality, the practical effect was a global kill switch: Within hours, the company pulled both of its newest and most powerful models for everyone.

Unlike the government's legally dubious attempt to brand Anthropic a "supply chain risk" earlier this year, there is at least a facially plausible legal framework in this case. Although the legal basis for the order has not been made public, Commerce is most likely relying on the Export Administration Regulations (EAR), which its Bureau of Industry and Security (BIS) administers under the Export Control Reform Act of 2018. In addition to physical goods, the EAR covers intangible "technology," and its deemed-export rule treats releasing controlled technology to a foreign person inside the United States as an export to that person's home country. To avoid the delay of notice-and-comment rulemaking, BIS can send a company an "is informed" letter that imposes a license requirement immediately, with no notice-and-comment rulemaking—a tool it has previously used to block advanced-chip sales to China.

These regulations around the chip markets have been nearly the whole of export control law's application to AI. The Biden administration's AI Diffusion Rule briefly put model weights—the billions of numbers that make up a model and allow anyone with enough computing power to run their own copy—on the control list, but President Donald Trump immediately rescinded the rule on retaking office. The current situation thus marks the first time that export controls have been enforced to control access to an AI model. The applicability of such controls depends on how far they purport to reach: to the model's weights alone, to the potentially dangerous content the model can produce, or (as Anthropic's broad description of the directive suggests) to any access to the running model at all.

The model weights are the cleanest fit for the export control authorities, since they are the actual technology item itself. But, for a model served over an API, the weights never leave Anthropic's servers, so a control on them would not reach ordinary users. Those it would reach are those employees at Anthropic who are neither U.S. citizens nor lawful permanent residents. In the short term, such a control might counterproductively bar model access to some of the very researchers needed to fix the problems the government is worried about. In the long term, it would make it very difficult for Anthropic and other frontier AI companies to secure the foreign talent that is key to AI's development, thus threatening America's position as the leading AI power.

Beyond the weights themselves, the government is clearly seeking to control specific categories of dangerous outputs from Fable and Mythos as exports—for example, outputs that might enable adversary cyberattacks. Because the EAR defines "technology" as any "information necessary" for the "development" or "use" of items otherwise covered by the EAR (e.g., equipment and software for conducting cyberattacks), this arguably sweeps in outputs from AI models.

Whether concern over specific categories of output justifies a blanket ban on all foreign access to the models depends on whether Anthropic's query filters work—because it is far from clear that remote use of a model is itself an "export" under the EAR. Export controls have not traditionally applied to foreign access to U.S. software as a service (SaaS), which is why, in January, the House felt it necessary to pass the Remote Access Security Act, which would extend export jurisdiction to foreign remote access of controlled U.S. technology.

If, as Anthropic's public statement suggests, Commerce has ordered it to disable all foreign access to Fable and Mythos, Commerce would need to justify that blanket ban on prophylactic grounds—that Anthropic's current guardrails are insufficient, a factual point on which the two sides disagree.

The government's position, as described by David Sacks, the former White House AI czar, is that a "highly credible trusted partner of both Anthropic and the USG" (reportedly Amazon, which is both a major investor in and compute provider for Anthropic) demonstrated a jailbreak of Fable's guardrails, leading the administration to ask Anthropic to fix the vulnerability or pull the model, a request Anthropic refused. The vulnerability, on this account, is grave—Sacks describes the jailbreak as enabling the "operability of a cyber weapon"—and the export control is a reluctant last resort against a company that "prioritized the continued offering of the consumer model over safety."

Anthropic's position, by contrast, is that a tester found a narrow jailbreak that surfaced a handful of minor vulnerabilities—ones both previously known to the government before Fable's release and present in other public models, including OpenAI's flagship GPT-5.5. From this perspective the government's action looks at best like an overreaction and at worst like another chapter in a vindictive campaign to punish Anthropic. The government reportedly has no plans to apply similar export controls to other models with comparable cyber capabilities, and Secretary of Defense Pete Hegseth celebrated the export control, writing that "every passing day proves why that was the right move" for the Pentagon to have "kicked [Anthropic] out of our building—forever."

Both sides have signaled that they want to resolve the dispute quickly—Anthropic for obvious reasons, and the government because a prolonged ban on a frontier model could shake confidence in the U.S. AI industry as a whole. But even if Anthropic persuades the government to lift the control, the deeper question will remain: whether there should be, and if so under what circumstances, a licensing regime for frontier AI. If Washington is going to treat frontier models as national-security assets it can switch on and off, Congress will have to step in and establish a proper framework with meaningful standards and a defined process.

It is a framework, as it happens, that Anthropic's own CEO called for days before the letter arrived. In an essay on AI policy this month, Dario Amodei argued that "the government should have the power to block or deter deployment" of a frontier model found, "in light of third-party assessment, to present unacceptable risks." But Amodei also stressed the need for "protective measures against political favoritism or arbitrary decisions," and the current crisis—a standardless export letter based on contested technical facts and personality conflicts, against the backdrop of a Pentagon blacklisting that his company is still fighting in court—is presumably not what he had in mind.