Editor’s note: The following is a sponsored blog post from QA.
When a government can remove one of the world’s most advanced AI systems from global circulation in a single evening, something fundamental has changed.
The most interesting thing about the recent Anthropic dispute isn’t whether a jailbreak existed. It’s that a government demonstrated it could effectively switch off access to one of the world’s most advanced AI systems with a single directive. Whether Anthropic was right or the government was right is almost impossible to know from the outside, if it even matters. The directive remains unpublished (at time of writing), some of the key facts are disputed and most of the public debate relies on partial reporting. I’m more interested in the important lessons and historical parallels that point to the direction this will take.
Export control actions
Export controls are designed for one purpose: denying capability to others. Historically they have been used for military technologies, advanced semiconductors, cryptography, aerospace systems and other strategically important technologies, always with the assumption that some tech capabilities are too valuable, too sensitive or too dangerous to be freely available. In my time working in various security roles and throughout my career, strong cryptography occupied a similar position.
The US classified strong encryption as a munition under export law, allowing foreign nationals access to cryptographic source code triggered export-control concerns. When PGP was released back in the early 1990s, it created similar noise to the current frontier AI models, leading to federal investigations and years attempting to keep strong cryptographic capability inside US borders. Ultimately, it lost.
Rightly so, as you can’t create export controls on mathematics, especially when research is published, and competitors rebuild capabilities independently. Sound familiar? By the early 2000s most of the strong encryption restrictions had become increasingly difficult to sustain because of the economic value of strong encryption.
Intelligence capability
Today, the capability under export scrutiny is no longer encryption; it’s intelligence. As frontier AI systems become more capable, governments are increasingly viewing them not as software products but as strategic assets with implications for cybersecurity, intelligence collection, economic competitiveness and national security.
Both cryptography and frontier AI are fundamentally dual-use technologies. In the security context, the same capability that helps defenders can help attackers. The same capability that creates economic value can create security risk, strengthen industrial growth and enable adversaries.
What’s different today is the mechanism of enforcement. During the crypto debates, the question was often whether a technology could be exported. With cloud delivered AI systems, it’s about access and if it can be withdrawn entirely, and this is what makes the Anthropic case so interesting. The directive reportedly applied to foreign nationals rather than foreign locations. A geographic restriction is technically more straightforward than a restriction based on nationality.
For a cloud platform serving hundreds of millions of users, there is no simple way to partition access based on citizenship unless we know the identity of every user. Anthropic’s stated position was that the only practical way to comply was to disable Fable 5 and Mythos 5 globally while leaving its other models operational. As a result, a rule directed at a subset of people became a worldwide shutdown. That alone should force a rethink of how we talk about sovereign AI governance, but I’m not going to dive into that here.
Frontier capability, a matter of national security
AI is already strategically important, and access to frontier capability will become a matter of national security. Export controls are built for national security purposes but the tech itself doesn’t care why it is being used. The same mechanisms that can restrict access to a capability because it may assist an adversary can also be used to protect domestic industries, preserve technological leadership, support industrial policy or create leverage during geopolitical disputes. I’m not suggesting this is what happened in the Anthropic case, even if the directive was explicitly justified on national security grounds.
In my view, once governments establish the authority and operational mechanisms to control access to frontier AI systems, we should consider how broadly they may eventually be applied. This should create an uncomfortable reality for most organizations: that the capabilities that are underpinning your economic growth strategy may also be the capabilities most vulnerable to restriction. It seems obvious to call this out, but a model is only worth controlling because it’s useful.
The more a model improves productivity, decision quality, research output, software development, cyber operations (offensive and defensive) or economic competitiveness, the greater the incentive for governments to influence who gets access to it.
Strategic importance and availability risk
Many organizations outside the United States and China are currently building long-term dependencies on frontier AI systems developed elsewhere. That dependency is rightly viewed as a commercial decision, but often by those lacking geopolitical insight. If access to the most capable models can be influenced by export controls, national security decisions or strategic policy choices, then questions of sovereignty, resilience and diversification will become paramount. We’ve seen this play out with the European Union recently proposing measures to improve its advanced technology sovereignty capability, a sentiment also echoed by the Canadian government, and UK ambitions outlined, if not yet realized. The challenge is that the governance mechanisms required to manage this reality remain immature. I’ll write more about this at another time, but safe to say we are in a global AI governance regulatory vacuum.
In the cryptography equivalent, governments, regulators and enterprises eventually developed confidence through standards, certification schemes, independent testing laboratories and assurance frameworks. Trust became evidence-based rather than dependent on vendor claims. We’re a long way from this when it comes to AI assurance and the frontier models.
Much of today’s debate still relies on provider assurances, disputed evaluations, conflicting expert opinions and incomplete visibility into how systems are tested and secured. Where does this leave us? Governments are being asked to make national security decisions about technologies without full disclosure, while providers are being asked to satisfy safety requirements that are often undefined, unpublished or impossible to prove conclusively. Anthropic announced a path through this dispute, for now. Interestingly, they updated their privacy terms days after the directive, which now includes (amongst other updates) the potential requirement to request your “identity.”
Finding the safest route forward
The history and parallels with cryptography suggests that this period is unlikely to last some time. Will the other frontier model providers, watching in the wings, follow suit learning lessons and building identity export controls into their solutions to avoid commercial disruption? When will strategic technologies eventually become trusted infrastructure? Is it when institutions develop the standards and assurance mechanisms needed to manage them (see my article on AI Governance vs. AI Assurance for context)? My concern is whether AI reaches that point before governments conclude that the only safe route is to treat frontier intelligence as a controlled export capability.