AI Regulation

Commerce Loosens Export Rules for Anthropic’s Mythos 5 Amid Ongoing Questions

The U.S. Department of Commerce has loosened export restrictions on Anthropic’s latest AI model, Mythos 5, permitting certain trusted partners, including major American companies and government agencies, to access the system without a license. This step follows heightened regulatory scrutiny earlier this month and underscores broader regulatory challenges related to AI export controls and governance.

What Happened

On June 12, 2026, the U.S. Department of Commerce’s Bureau of Industry and Security (BIS) issued export controls targeting Anthropic’s AI models, specifically Fable 5 and Mythos 5, citing concerns over a security vulnerability that could facilitate misuse. This directive initially required licenses for any export, reexport, or in-country transfer of the technology, including “deemed exports” to foreign nationals. However, late on June 23, 2026, Commerce Secretary Howard Lutnick sent a letter to Anthropic indicating a partial relaxation of these restrictions. His letter stated that “appropriate safeguards are in place to permit certain trusted partners to access the Claude Mythos 5 Model” and that licensed export controls would no longer apply to entities listed in an annex to the letter, their foreign national employees, and Anthropic’s own foreign national staff.

Key Facts

The export control action is rooted in the Export Administration Regulations (EAR) under the Export Control Reform Act of 2018, administered by the Department of Commerce’s BIS. The June 12 directive escalated after reports from an Amazon researcher identified a jailbreak vulnerability in Fable 5 that could enable malicious cyber operations. In response, Anthropic temporarily restricted access to both Fable 5 and Mythos 5 models for all users worldwide. The recent easing of restrictions applies only to a specific group of listed entities and their foreign national employees, not the broader public. This development signals a partial resolution of the dispute but leaves substantial uncertainty about the application of export control laws to cloud-hosted AI models.

What This Means

The Commerce Department’s decision illustrates the complex interplay between national security concerns and the rapid innovation inherent in AI development. Unlike traditional technologies, frontier AI models like Mythos 5 reside on U.S.-based servers and are accessed remotely via cloud services, blurring the line of what constitutes an “export” under existing legal frameworks. This relaxation permits selected partners to use the model freely without export licenses, but raises profound governance questions over who should control access to such powerful technologies.

The episode reveals the limitations of current export controls designed for physical goods and software downloads when applied to AI-as-a-service models. It forces policymakers to reckon with whether traditional export controls can effectively govern capabilities that are centrally hosted but globally accessible. For businesses and government users, this signals an evolving regulatory landscape where compliance may increasingly depend on access controls and user monitoring rather than physical transfers alone.

Moreover, the regulatory ambiguity suggests that firms operating frontier AI models will face ongoing scrutiny and potentially shifting compliance obligations depending on how governments interpret “deemed exports” and control regimes in the AI domain.

Background

For years, U.S. export control law has sought to manage dual-use technologies but has struggled to adapt to the nuances of AI deployment. Frontier AI models, unlike traditional software, do not physically cross borders because they are hosted on U.S. soil and accessed remotely. This challenges the assumption underpinning export controls—that a controlled item physically moves across jurisdictions. While encryption and cyber capabilities have presented similar regulatory questions, AI’s scale and accessibility intensify the regulatory dilemma.

The controversy over Anthropic’s models is not isolated; it follows several years of increasingly stringent U.S. controls aimed particularly at restricting advanced technology access by foreign nationals, notably Chinese entities. Nonetheless, the legal basis for applying export controls to AI capabilities accessed via cloud services remains unsettled.

The Bigger Picture

Anthropic’s Mythos incident epitomizes the tension between two competing AI policy goals: managing risk through access control versus promoting innovation through open market competition. This regulatory gray zone highlights how control responsibilities are shifting towards private firms, which act as de facto gatekeepers tasked with balancing innovation, national security, and ethical considerations. Such a system raises substantial questions about accountability, transparency, and legitimacy in AI governance.

Given the rapid advances in AI and the near-impossibility of engineering models that cannot be misused or “jailbroken,” layered approaches involving technical safeguards, user vetting, monitoring, and government oversight are emerging as the most feasible path forward. However, these solutions do not resolve the fundamental legal uncertainties posed by current export laws.

What Remains Unclear

Significant questions endure about the precise scope and legal grounds of export controls on cloud-hosted AI capabilities. It remains uncertain how broadly authorities will interpret “deemed export” rules concerning foreign nationals’ access within the U.S. and what compliance frameworks providers and users must adhere to going forward. The extent to which existing authorities like the International Traffic in Arms Regulations or the International Emergency Economic Powers Act may be invoked also awaits clarification.

What Comes Next

The Commerce Department’s letter did not specify further regulatory actions, nor has it clarified whether broader license exemptions might follow. Stakeholders are likely to await additional official guidance or rulemaking from BIS as well as potential legislative updates to address export controls tailored to AI’s unique characteristics. Meanwhile, AI firms and government agencies must navigate a fluid regulatory environment with evolving definitions of technology transfer and control obligations.

Sources

This article is based on reporting and publicly available information from the following sources:

Read more AI Regulation stories on Goka World News.

Oliver Bennett
About the editor

Oliver Bennett

Oliver Bennett Role: AI Regulation Editor Oliver Bennett covers artificial intelligence regulation, digital policy, privacy rules, and government oversight of AI systems. His work focuses on verified legal updates, regulator statements, official documents, and the impact of AI rules on companies, users, and public institutions.

View all posts by Oliver Bennett