内容来源：https://techcrunch.com/2026/06/19/encryption-spyware-and-now-mythos-history-shows-why-cyber-export-control-doesnt-work/

内容总结：

美政府以“国家安全”为由限制AI模型出口，Anthropic紧急下架两款大模型

上周五，白宫以“未指明的国家安全担忧”为由，下令人工智能公司Anthropic限制其两款强大AI模型“Fable”与“Mythos”对美国境内外的外国个人及实体出口。随后，这家AI巨头迅速下架了这两款模型，目前二者已对所有人关闭访问权限长达一周。

这一事件成为美国政府是否能够像此前管控加密技术及间谍软件那样（效果参差不齐），利用出口管制来遏制前沿AI发展的首次真正考验。这一僵局如何解决，不仅将影响Anthropic的海外市场准入，更可能为其他AI实验室制定必须遵守的“游戏规则”。

事件背景：曾被严格管控的“末日机器”

自今年4月推出“Mythos”以来，Anthropic一直将其宣传为某种“末日网络武器”，称若不加限制地广泛发布，可能对互联网造成严重破坏。正因如此，在禁令出台前，全球仅有约150家经过严格审核的企业和政府机构有权使用它。其初衷是帮助防御方在恶意行为者掌握类似能力之前，先加固其软件和服务安全。

禁令导火索：韩国电信合作与“越狱”漏洞

据报道，此次禁令由两件事触发。其一，Anthropic通过其有限合作伙伴计划，向一家韩国电信公司提供了“Mythos”访问权限。美方官员在认定这家公司涉嫌与中国有联系后感到警觉。（这家被广泛报道为SK Telecom的公司已否认与中国有关联。）其二，亚马逊CEO安迪·贾西向美国政府报告称，亚马逊研究人员发现了绕过“Fable 5”安全防护的途径。尽管Anthropic否认“越狱”说法，称其为已被修复的特定漏洞而非模型安全措施的全面失效，但结果已然注定：美国商务部随即发布出口管制指令，Anthropic在接到通知后约90分钟内，便仓促限制了其产品的访问权限。

历史教训：出口管制效果有限，曾引发“加密战争”

事实上，美国政府试图通过出口管制限制危险网络技术扩散的做法古已有之，但成效平平。

上世纪90年代初，美国将加密软件PGP视为“危险武器”，担心其阻碍情报机构监控电子邮件，并因此对PGP创始人展开刑事调查。后者通过将源代码出版成书的方式反击，引发了著名的“加密战争”。最终调查终止，为如今Signal、WhatsApp等应用普遍使用的端到端加密技术铺平了道路。

2010年代初，针对间谍软件被用于监控异见人士的现象，多国政府通过《瓦森纳协定》将监控和黑客软件列为军民两用物项实施管制。但该协议存在先天缺陷：以色列等未签署国成为间谍软件制造商的天堂；各国执行力度参差不齐，意大利就曾允许知名间谍软件制造商向压迫性政权出口工具。尽管丑闻不断，欧洲仍未能有效遏制间谍软件流向威权国家。部分制造商甚至将业务转移至沙特等管制宽松的国家。当然也有成功案例：德国间谍软件公司FinFisher因未经许可向土耳其出售软件，在历经多年调查后于2022年关停。

未来走向：中美AI竞争下的两难选择

截至发稿，Anthropic与美国政府的僵局仍在持续。有分析认为，白宫可能为避免美国AI企业丧失全球竞争力而撤销限制——这等于变相承认，无论美国如何限制，包括中国在内的其他国家的AI实验室终将实现类似能力。另一种可能是，美国AI企业未来向外国客户提供服务均需政府审批，这将给企业带来沉重合规负担，进而影响其盈利能力。

回顾各国政府管控软件传播的历史经验，对于防止恶意行为者滥用强大且具有军民两用性质的网络技术而言，政府强制的出口管制恐怕并非正确的解决之道。

中文翻译：

上周五，白宫以未明确指出的国家安全担忧为由，要求人工智能公司Anthropic限制其强大AI模型Fable和Mythos向美国境外任何人以及境内外国公民出口。随后不久，这家AI巨头迅速关闭了这两个模型，至今已有一周时间无法供任何人使用。
这一事件是对美国政府能否像此前尝试以效果参差不齐的方式限制加密技术和间谍软件那样，利用出口管制来约束前沿AI的首次真正考验。无论听起来多么戏剧性，这场僵局如何化解，不仅将影响Anthropic进入海外市场的渠道，也将决定其他AI实验室必须遵循的规则手册。
首先提供一些背景。自从Anthropic在4月推出Mythos以来，该公司一直将其宣传为某种“末日网络武器”，称如果发布范围过广，可能对互联网造成严重破坏——正因如此，在禁令出台前，全球仅有约150家经过审查的公司和政府机构能够访问它。其目标是帮助防御方在恶意行为者获得类似Mythos的能力之前，保护好自己的软件和服务。
那么，是什么触发了禁令？据报道是随后发生的两件事。第一件：Anthropic通过其有限合作伙伴计划，让一家韩国电信公司获得了Mythos的访问权限，而美国政府官员在认定这家公司疑似与中国有关联后，提高了警惕。（外界普遍报道这家公司是SK电讯，但其否认与中国有任何联系。）另一件是，据报道，亚马逊首席执行官安迪·贾西在亚马逊自己的研究人员找到绕过Fable 5安全防护的方法后，向政府发出了警告。Anthropic对“越狱”这一说法提出异议，称这是一个已被修补的狭窄问题，而非对模型安全措施的全面突破。
结果是一样的：美国商务部发布了出口管制指令，Anthropic不得不紧急行动，立即限制其产品的访问权限——据一些说法，从接到通知到执行时间仅约90分钟。
不过，这一切并非新鲜事。几十年来，各国政府一直试图利用出口管制来限制它们认为危险的网络技术的扩散，但它们的记录充其量只能算平平。
美国政府可能是历史上这一做法最惨痛失败的幕后推手，发生在20世纪90年代初至中期。当时，计算机科学家正在开发加密技术，以保护数据在互联网上传输时的安全。其中一款加密产品名为“优良保密协议”（PGP），这是一种流行的软件，可以加密数据，即便数据在互联网上传输至目标接收者时被截获，也几乎无法破译。
美国政府最初将PGP视为危险武器，担心它会阻止情报机构监听经过其线的电子邮件。为阻止PGP的传播，美国海关总署对PGP的创始人菲尔·齐默尔曼展开刑事调查，指控他涉嫌违反武器出口管制。齐默尔曼通过将PGP的源代码作为印刷书籍出版的方式进行反击，由此引发了今天所称的“加密战争”。
后来，齐默尔曼在调查被撤销时赢得了一场关键胜利，为重要的端到端加密算法铺平了道路，例如Signal和WhatsApp的数十亿用户所使用的算法。
随后，在21世纪10年代初，研究人员开始发现西方制造的间谍软件被用于针对中东地区的异见人士。作为回应，多个国家同意扩大《瓦森纳协定》，该国际条约限制军民两用软件和技术的出口。
其目的是将监视和黑客软件归为两用物品，从而迫使间谍软件制造商在向海外销售产品时获得出口许可证。
请联系我们：如果您有关于Mythos禁令的更多信息，请使用非工作设备和网络，通过Signal安全联系洛伦佐·弗兰切斯基-比基耶拉伊（号码+1 917 257 1382），或通过Telegram和Keybase @lorenzofb，或发送电子邮件至。
但《瓦森纳协定》一直存在两个固有弱点。有几个国家不遵守该协议，包括以色列，该国拥有一些世界上最活跃的间谍软件制造商。
该协议还依赖于各国自行决定是否适用于其境内的公司。曾有一段时间，意大利政府允许该国当时顶尖的间谍软件制造商之一Hacking Team获得出口许可证，向全球销售其工具，尽管该公司有过向压迫性政府出售间谍软件并用于黑客攻击记者和人权活动人士的记录。
自那以后，其他欧洲国家对像意大利这样的间谍软件制造商也一直松懈。尽管丑闻频发，但作为许多间谍软件和黑客工具制造商的所在地，欧洲始终未能遏制向威权政权出口间谍软件的行为。批评人士称，欧盟27个成员国最近为应对向威权国家出口间谍软件日益严重的问题而重新做出的努力“远未到位”。
一些间谍软件制造商，例如被制裁的间谍软件公司联盟Intellexa，干脆将业务转移到出口管制宽松的国家。其他间谍软件制造商也出于类似原因寻求将业务转移到沙特阿拉伯。
当然也有一些成功案例。总部位于德国的间谍软件制造商FinFisher于2022年倒闭，此前德国检方对其进行了多年调查，指控其未经出口许可证向土耳其出售间谍软件。调查人员此前发现，FinFisher的间谍软件曾被部署在土耳其政府批评者的手机上。
截至本文撰写时，Anthropic与特朗普政府之间的僵局仍在持续。有一种合理的可能性是，政府会为了保持美国AI公司在全球的竞争力而做出让步并解除限制——这一举动相当于默示承认，无论美国限制什么，包括中国在内的其他地方的AI实验室都可能达到类似的能力。或者，美国AI公司最终可能需要先获得政府批准，才能为外国客户提供服务，这一合规负担将无可避免地损害其利润。
鉴于世界各国政府过去在尝试控制软件传播方面的经验，政府强制实施的出口管制不太可能是阻止恶意行为者滥用强大两用网络技术的正确方法。

英文来源：

Last Friday, citing unspecified national security concerns, the White House ordered Anthropic to restrict the export of its powerful AI models Fable and Mythos to anyone outside of the United States, as well as foreign nationals inside the country. Shortly after, the AI giant hastily pulled the plug on both models, which have now been unavailable to anyone for a week.
The episode is the first real test of whether the U.S. government can use export controls to contain frontier AI the way it has tried, with very uneven results, to contain encryption and spyware before it. And dramatic as it may sound, how this standoff gets resolved could shape not just Anthropic’s access to foreign markets but the rulebook that other AI labs will have to build around.
Some context first. Ever since Anthropic launched Mythos in April, the company has marketed it as some kind of Doomsday cyber machine that could wreak havoc on the internet if released too widely — which is why, before the ban, only around 150 vetted companies and government organizations had access to it at all. The goal was helping defenders secure their software and services before the bad guys could reach Mythos-like capabilities.
So what triggered the ban? Two subsequent events, reportedly. The first: Anthropic gave a South Korean telecom access to Mythos through its limited partner program, and U.S. officials grew alarmed after identifying the company as one they suspected had ties to China. (The company, widely reported to be SK Telecom, has denied any China connection.) Amazon CEO Andy Jassy also reportedly alerted the administration after Amazon’s own researchers, he said, found a way around Fable 5’s safeguards. Anthropic disputes the “jailbreak” label, calling it a narrow, already-patched issue rather than a wholesale defeat of the model’s safety measures.
The result was the same: the Commerce Department issued an export control directive, and Anthropic had to scramble to immediately limit access to its products — within roughly 90 minutes of being notified, by some accounts.
None of this is new, though. Governments have tried to use export controls to limit the proliferation of what they see as dangerous cyber technology for decades, but their track record has been middling at best.
The U.S. government was behind what is perhaps history’s most spectacular failure of this approach in the early to mid-1990s. At the time, computer scientists were developing encryption technologies to secure data as it traveled over the internet. One of those encryption products was called Pretty Good Privacy, or PGP, a popular software that could encrypt data and make it virtually impossible to unscramble even if intercepted as it traveled to its intended recipient over the internet.
The U.S. government initially saw PGP as a dangerous weapon, fearing it would prevent its intelligence agencies from snooping on emails as they crossed their wires. To stop the distribution of PGP, the U.S. Customs Service opened a criminal investigation against PGP’s creator Phil Zimmermann for allegedly violating arms export controls. He fought back by publishing PGP’s source code as a printed book, igniting what is known today as the “Crypto Wars.”
Zimmermann later won a key battle when the investigation was closed, paving the way for crucial end-to-end encryption algorithms such as the one used by billions of Signal and WhatsApp users.
Later during the early 2010s, researchers began discovering Western-made spyware used against dissidents in the Middle East. In response, several governments agreed to expand the Wassenaar Arrangement, an international treaty that limits the export of dual-use software and technologies that are used in both civilian and military applications.
The idea was to classify surveillance and hacking software as dual-use, thus forcing spyware makers to get export licenses to sell their products abroad.
Contact Us
Do you have more information about the Mythos ban? From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email.But Wassenaar has always had two inherent weaknesses. There are several countries that don’t adhere to the agreement, including Israel, which houses some of the world’s most active spyware makers.
The agreement also depends on countries applying it to companies within their borders at their own discretion. For a time, the Italian government allowed one of the country’s then-top spyware makers, Hacking Team, a license to export its tools around the world, despite the company’s track record of selling spyware to oppressive governments that used it to hack journalists and human rights activists.
Since then, other countries in Europe have been lax with spyware makers like Italy. Despite numerous scandals, Europe, home to many spyware and hacking tools makers, has continually failed to curb the export of spyware to authoritarian regimes. Critics say that a recently renewed effort across the bloc of 27 member states to tackle its growing problem of spyware exports to authoritarian states “does not go far enough.”
Several spyware makers, such as Intellexa, a sanctioned consortium of spyware companies, have simply moved their operations to countries with lax export controls. Other spyware makers sought to move their operations to Saudi Arabia for similar reasons.
There have been some wins. Germany-based spyware maker FinFisher shut down in 2022 after a multi-year investigation by German prosecutors into the company for allegedly selling spyware to Turkey without an export license. Investigators previously found the FinFisher spyware had been deployed on the phones of critics of Turkey’s government.
As of the time of writing, the impasse between Anthropic and the Trump administration remains. There is a reasonable chance the administration will buckle and lift the restriction in the interest of keeping American AI companies competitive worldwide — a move that would amount to tacit acknowledgment that AI labs elsewhere, including in China, will likely reach similar capabilities regardless of what the U.S. restricts. Or, American AI companies could end up needing government approval before serving foreign customers at all, a compliance burden that would invariably dent their bottom line.
Given the past experiences that world governments have had with trying to control the reach of software, government-mandated export controls are unlikely to be the right approach to stop malicious actors from abusing powerful dual-use cyber technologies.