内容来源：https://aiweekly.co/issues/washington-blocked-one-ai-lab-china-blacklisted-56-companies

内容总结：

AI出口管制战全面升级：北京反制拉黑56家美企，华盛顿禁令遭盟友质疑

华盛顿对Anthropic顶级模型实施出口禁令仅10天后，中方迅速打出反制牌。本周，北京将56家美国企业列入黑名单，其中10家被实施全面两用出口管制，46家国防承包商被禁止参与政府采购。此举直接回应美国五角大楼最新实体清单更新，标志着AI领域的出口管制已从单向施压转向双向博弈。

禁令根基动摇：触发事由被指“技术乌龙”

Anthropic在提交法庭的文件中披露，触发美国政府出口禁令的所谓“越狱”行为，本质上只是要求模型读取代码库并修复软件缺陷——这一能力“其他模型（包括OpenAI的GPT-5.5）广泛具备”。该公司强调，至今未收到任何有害结果的报告。法国总统马克龙更直指美国AI出口管制是“狭隘民族主义”，呼吁民主国家携手合作监管，而非“圈地自萌”。

行业巨头预警：AI集中化难以为继

微软CEO纳德拉发出警告：“如果所有价值仅由少数几个模型攫取，政治经济体系绝不会容忍。”他明确指出，“社会不会允许一个掏空整个行业的AI未来。”这一表态来自持有OpenAI重要股份的微软掌门人，分量不言自明。

供应链安全告急：朝鲜黑客与漏洞利用双线夹击

供应链安全警报频传：朝鲜国家背景黑客组织Sapphire Sleet通过恶意npm包攻击AI代理框架Mastra，后续统计受影响包超140个。同时，Langflow平台漏洞（CVE-2026-5027，评分8.8）正遭大规模利用，约7000台服务器暴露风险，多数位于北美。

深度分析：开关一旦按下，双向皆受影响

当华盛顿于6月12日切断海外对Anthropic顶级模型访问时，其诉求是“封堵”——防止最危险模型落入对手之手。但10天后的现实是：围堵从两端漏气。禁令本意展示美国杠杆力量，却在不断暴露其边界。中国反制、盟友批评、行业巨头警告——这场围绕AI的出口管制战争，已不再是单向压制。

中文翻译：

华盛顿从外国手中撤回Anthropic顶级模型十天后，账单到期了。本周，北京将56家美国公司列入黑名单，Anthropic自己的文件承认，触发原因是竞争对手模型也能处理的常规编码请求，微软CEO警告称，让“少数模型吞噬一切”在政治上无法持续。出口战不再是单向的——以下是让这场战争变得对等的这一周。

赞助商
无需构建自己的测试基础设施即可验证AI智能体。
Spec27帮助团队将预期的智能体行为转化为可复用的规范，然后运行可重复的评估，以在故障、边缘案例和回归问题到达用户之前捕获它们。

快讯
DeepSeek的悄然接管

• 中国以AI禁令回应，将56家美国公司列入黑名单——北京商务部对10家美国公司——稀土矿商MP Materials和USA Rare Earth、无人机厂商Teal Drones和Jaia Robotics——实施全面两用出口管制，而财政部禁止46家主要为国防承包商的公司在政府采购中参与。总打击目标：56家公司，直接回应五角大楼最新的实体清单更新。[日经亚洲]
• 字节跳动搁置IPO，估值逼近1万亿美元——这家TikTok所有者的灰市估值据报道接近1万亿美元——这将使其成为中国首家跨越这一门槛的公司——然而它并不急于上市。随着二级市场估值已超过6000亿美元，中国投资者情绪转为看涨，耐心是策略。[日经亚洲]

政府认真对待的一年

• Anthropic称其出口禁令背后的“越狱”只是一个代码审查提示——在质疑美国命令的文件中，Anthropic透露，触发“越狱”的行为本质上是要求模型读取代码库并修复任何软件缺陷——它表示这一能力“在其他模型中广泛可用，包括OpenAI的GPT-5.5”。该公司补充说，它“甚至没有收到任何有害结果的披露”。[Anthropic]
• 马克龙称美国AI出口管制“严格民族主义”——法国总统强烈呼吁华盛顿不要将尖端AI据为己有，敦促民主国家在监管上进行合作。他承认前沿模型可能是危险的“是件好事”——但将其隔绝是错误的答案。[SecurityWeek]

实验室角斗士时代

• 纳德拉警告“吞噬一切的少数模型”在政治上无法生存——这位微软CEO——其公司持有OpenAI大量股份——告诉《华尔街日报》，“如果所有价值仅由少数模型积累，政治经济将根本不会容忍这一点”，并补充说“没有社会许可让AI未来掏空整个行业”。来自集中化内部的尖锐警告。[华尔街日报]
• Sakana的新“Fugu”在单一API背后隐藏了一群智能体——并声称达到前沿水平——Sakana AI推出了Fugu和Fugu Ultra，这是一个多智能体系统，行为类似于单个模型：发送一个请求，它决定直接回答还是悄悄协调专家智能体。Sakana表示，Fugu Ultra在最艰难的工程、科学和推理基准上与Fable 5和Mythos“并肩而立”。[Sakana AI]

AI供应链受困

• 微软将上周的Mastra npm攻击归咎于朝鲜——@mastra AI智能体框架中的140多个被投毒包并非普通加密货币窃贼：微软将其归因于Sapphire Sleet (BlueNoroff)，一个朝鲜国家背景组织。该信息窃取程序在Windows、Linux和macOS上搜寻166个钱包扩展——将任何拉取过这些包的构建视为已受损。[BleepingComputer]
• 7000个Langflow服务器正被积极利用——CVE-2026-5027 (CVSS 8.8) 允许攻击者通过Langflow未经清理的文件上传端点走私路径遍历文件名，以将文件放置到磁盘上；VulnCheck已确认存在野外攻击。大约7000个实例处于暴露状态，大部分在北美——VentureBeat指出，同样的“发布快于审查”模式也贯穿于其他流行的智能体框架。[VentureBeat]

关闭开关是双向的
当华盛顿于6月12日阻止外国访问Anthropic的Fable 5和Mythos时，其说法是遏制：将最危险的模型置于对手之手不可及。十天后，遏制正在从两端泄露。
Anthropic本周自己的文件摧毁了这一前提。公司表示，触发该命令的“越狱”是一个读取代码库并修复其缺陷的请求——它能指出其他模型（包括OpenAI的GPT-5.5）也广泛具备这一能力——并且没有人报告过任何有害结果。与此同时，《经济学人》的封面文章将这一命令重新定义为以核技术为蓝本的AI出口管制架构，而法国的埃马纽埃尔·马克龙称其“严格民族主义”，并敦促华盛顿不要囤积前沿技术。
随后，北京以出口管制唯一通晓的语言回应：56家美国公司受到自己的管制和采购禁令打击。本周的教训是，关闭开关并非护城河。撤回一个实验室的模型，需求便会重新路由；将AI视为武器，对手就会以同样方式对待你的公司。旨在投射美国影响力的禁令，正忙于标定其边界。

要点总结

• 出口管制现已成为双向武器。华盛顿可以撤回一个实验室的模型；北京可以在同一周将56家美国公司列入黑名单。脱钩是双向的——代价也落到了美国稀土和国防供应商身上。
• 禁令的基础在公开场合摇摇欲坠。Anthropic称触发因素是一个竞争对手模型也能运行的常规编码提示，盟友称这些管制是“民族主义的”，并且没有报告任何损害——即使先例正在固化。
• 集中化是新的断层线。当微软自己的CEO警告“吞噬一切的少数模型”在政治上不会生存时，斗争已从谁构建了最好的模型转向谁被允许凭借它获胜。
• AI供应链是软目标。国家级团伙（朝鲜的Sapphire Sleet）和大规模利用（Langflow的CVE-2026-5027）正打击开发人员现在构建的智能体框架——速度之快让安全审查难以跟上。

值得阅读

• Claude现在编写了Anthropic自身80%以上的代码——比2025年初Claude Code发布前的个位数百分比有所上升。Anthropic称这是一个刻意保守的数字。[Anthropic]
• Apple的Core AI将30亿至700亿参数模型放在设备上——在WWDC 26上发布的Core ML继任者，在iPhone、iPad、Mac和Vision Pro上运行高达700亿参数的大语言模型，无需服务器往返。[InfoQ]
• 《经济学人》：“美国的AI权力攫取”——封面文章认为，华盛顿正在构建一个以核技术为蓝本的前沿AI出口管制架构——并设定了一个盟国政府将不得不接受的先例。[经济学人]
• AI已在侵蚀医生的技能——依赖AI息肉检测工具六个月后，19名资深内镜医师的无辅助检测率从28.4%降至22.4%——这是首个显示AI削弱临床有意义技能的试验。[自然]
• 特德·姜：称AI“有意识”让其制造者逃脱责任——这位小说家对行业资助AI福利研究的新热潮表示异议。[大西洋月刊]

等等，什么？

• 聊天机器人不断编造同一个虚构的灯塔看守人——康奈尔大学的Sil Hamilton和David Mimno分析了2万个AI生成的故事，发现相同的11个词——像Elias和Mara这样的名字，灯塔看守人和钟表匠这样的职业——出现在超过88%的故事中，涵盖ChatGPT、Gemini和Claude。模型都在做着同一个梦。[404 Media]
• 谷歌想把数据中心建在太空——因为地球电网已满——轨道计算成本大约是地面设置的4倍，所以为什么还要费劲？因为电力而非硅是限制因素：北弗吉尼亚州的电网接入队列现在长达七年。在轨道上，太阳永不落山。[CNBC]

值得观看
AI从业者正在传阅的视频——由AI TV策划。
| Ed Zitron解释OpenAI泄露的财务状况 《科技报告》 |
| 即将崩溃：Ed Zitron称AI估值完全是骗局 Breaking Points |
| AI繁荣即将崩溃吗？ MS NOW |

本周投票
华盛顿封锁了一个实验室；北京以56家公司列黑名单回应。AI出口战将何去何从？
上周，195位读者投票：
如果AI能比你国家当前的人类治理者运行得更好——更少腐败、更少浪费、更少战争——你会让它做吗？
本周投票：
华盛顿封锁了一个实验室；北京以56家公司列黑名单回应。AI出口战将何去何从？
——亚历克西斯

英文来源：

Ten days after Washington pulled Anthropic's top models from foreign hands, the bill came due. This week Beijing blacklisted 56 American firms, Anthropic's own filing admitted the trigger was a routine coding request rival models can run, and Microsoft's CEO warned that letting "a few models eat everything" won't survive politically. The export war just stopped being one-directional — here's the week that made it mutual.
Sponsor
Validate AI agents without building your own test infrastructure.
Spec27 helps teams turn expected agent behaviour into reusable specs, then run repeatable evals to catch failures, edge cases, and regressions before they reach users.Quick Hits
DeepSeek's Quiet Takeover

• China answered the AI ban by blacklisting 56 US companies — Beijing's Commerce Ministry put 10 American firms — rare-earth miners MP Materials and USA Rare Earth, drone makers Teal Drones and Jaia Robotics — under full dual-use export controls, while the Finance Ministry barred 46 mostly-defense contractors from government procurement. Total hit: 56 companies, in direct response to the Pentagon's latest entity-list update. [Nikkei Asia]
• ByteDance sidelines its IPO as its valuation closes on $1 trillion — The TikTok owner's gray-market valuation is reportedly nearing $1 trillion — which would make it China's first company to cross that line — yet it's in no rush to list. With secondary-market value already past $600B and Chinese investor sentiment turning bullish, patience is the play. [Nikkei Asia]
  The Year Governments Got Serious
• Anthropic says the "jailbreak" behind its export ban was just a code-review prompt — In its filing contesting the US order, Anthropic reveals the triggering "jailbreak" was essentially asking the model to read a codebase and fix any software flaws — a capability it says is "widely available from other models, including OpenAI's GPT-5.5." The company adds it has "not even received a disclosure" of any harmful result. [Anthropic]
• Macron calls the US AI export controls "strictly nationalist" — France's president made a forceful plea for Washington not to keep cutting-edge AI to itself, urging democracies to cooperate on regulation instead. Recognizing that frontier models can be dangerous is "a good thing," he allowed — but walling them off is the wrong answer. [SecurityWeek]
  The Lab Gladiator Era
• Nadella warns "a few models that eat everything" won't survive politically — The Microsoft CEO — whose company holds a major OpenAI stake — told the WSJ that "if all the value is accrued by only a few models, the political economy will simply not tolerate it," adding there's "no societal permission for an AI future that hollows out entire industries." A pointed warning from inside the concentration. [WSJ]
• Sakana's new "Fugu" hides a swarm of agents behind one API — and claims frontier parity — Sakana AI launched Fugu and Fugu Ultra, a multi-agent system that behaves like a single model: send one request and it decides whether to answer directly or quietly coordinate expert agents. Sakana says Fugu Ultra stands "shoulder-to-shoulder" with Fable 5 and Mythos on the toughest engineering, science, and reasoning benchmarks. [Sakana AI]
  AI Supply Chain Under Siege
• Microsoft pins last week's Mastra npm attack on North Korea — The 140-plus poisoned packages in the @mastra AI-agent framework weren't ordinary crypto thieves: Microsoft attributes them to Sapphire Sleet (BlueNoroff), a North Korean state group. The info-stealer hunts 166 wallet extensions across Windows, Linux, and macOS — treat any build that pulled them as compromised. [BleepingComputer]
• 7,000 Langflow servers are under active exploitation — CVE-2026-5027 (CVSS 8.8) lets attackers smuggle path-traversal filenames through Langflow's unsanitized file-upload endpoint to drop files on disk; VulnCheck has confirmed in-the-wild hits. Roughly 7,000 instances sit exposed, most in North America — and VentureBeat notes the same shipped-faster-than-reviewed pattern runs through other popular agent frameworks. [VentureBeat]
  The Off Switch Cuts Both Ways
  When Washington blocked foreign access to Anthropic's Fable 5 and Mythos on June 12, the pitch was containment: keep the most dangerous models out of adversaries' hands. Ten days in, the containment is leaking from both ends.
  Anthropic's own filing this week gutted the premise. The "jailbreak" that triggered the order, the company says, was a request to read a codebase and fix its flaws — a capability it notes is "widely available from other models, including OpenAI's GPT-5.5" — and no one has reported a single harmful result. The Economist's cover, meanwhile, recasts the order as an export-control architecture for AI modeled on nuclear technology, while France's Emmanuel Macron called it "strictly nationalist" and urged Washington not to hoard the frontier.
  Then Beijing answered in the only language export controls speak: 56 US firms hit with their own controls and procurement bans. The week's lesson is that a kill switch is not a moat. Pull one lab's models and demand reroutes; treat AI like a weapon and rivals treat your companies the same way. The ban meant to project American leverage is busy mapping its limits.
  Key Takeaways
• Export controls are now a two-way weapon. Washington can pull a lab's models; Beijing can blacklist 56 US firms the same week. Decoupling cuts in both directions — and the cost lands on American rare-earth and defense suppliers, too.
• The ban's foundation is wobbling in public. Anthropic says the trigger was a routine coding prompt that rivals' models can run, allies are calling the controls "nationalist," and no harm has been reported — even as the precedent hardens.
• Concentration is the new fault line. When Microsoft's own CEO warns that "a few models eating everything" won't survive politically, the fight has shifted from who builds the best model to who's allowed to win with it.
• The AI supply chain is the soft target. Nation-state crews (North Korea's Sapphire Sleet) and mass exploits (Langflow's CVE-2026-5027) are hitting the agent frameworks developers now build on — faster than security review can keep up.
  Worth Reading
• Claude now writes more than 80% of Anthropic's own code — Up from the low single digits before Claude Code shipped in early 2025. Anthropic calls it a deliberately conservative count. [Anthropic]
• Apple's Core AI puts 3B–70B models on-device — The Core ML successor, unveiled at WWDC 26, runs LLMs up to 70B parameters across iPhone, iPad, Mac, and Vision Pro with no server round-trip. [InfoQ]
• The Economist: "America's AI Power Grab" — The cover argues Washington is building an export-control architecture for frontier AI modeled on nuclear technology — and setting a precedent allied governments will have to live with. [The Economist]
• AI is already eroding doctors' skills — After six months leaning on an AI polyp-detection tool, 19 veteran endoscopists' unaided detection rate fell from 28.4% to 22.4% — the first trial to show AI degrading a clinically meaningful skill. [Nature]
• Ted Chiang: calling AI "conscious" lets its makers off the hook — The novelist's dissent against the industry's new rush to fund AI-welfare research. [The Atlantic]
  Wait, What?
• Chatbots keep inventing the same fictional lighthouse keeper — Cornell's Sil Hamilton and David Mimno analyzed 20,000 AI-generated stories and found the same 11 words — names like Elias and Mara, jobs like lighthouse keeper and clockmaker — in more than 88% of them, across ChatGPT, Gemini, and Claude alike. The models are all dreaming the same dream. [404 Media]
• Google wants to put data centers in space — because Earth's grid is full — Orbital compute runs roughly 4x the cost of a ground setup, so why bother? Because power, not silicon, is the binding constraint: grid-connection queues in Northern Virginia now stretch seven years. In orbit, the sun never sets. [CNBC]
  Worth Watching
  The videos AI practitioners are passing around right now — curated on AI TV.
  | Ed Zitron explains OpenAI’s leaked financials The Tech Report | |
  | CRASH IMMINENT: Ed Zitron Says AI Valuations Are Complete FRAUDS Breaking Points | |
  | Is the AI Boom About to COLLAPSE? MS NOW |
  This week's poll
  Washington blocked one lab; Beijing blacklisted 56 firms in reply. Where does the AI export war go from here?
  Last week, 195 of you voted:
  If an AI could run your country measurably better than the humans currently do — less corruption, less waste, fewer wars — would you let it?
  Washington blocked one lab; Beijing blacklisted 56 firms in reply. Where does the AI export war go from here?
  — Alexis