From PGP to Mythos: Why Export Controls Have Never Truly Stopped Technology Proliferation
30 years of history show cybersecurity export controls consistently fail — and AI models face the same fate.
This article traces the history of cybersecurity export controls from the 1990s PGP Crypto Wars through the Wassenaar Arrangement's failed regulation of intrusion software to Anthropic's Mythos model today. It demonstrates that controlling security technology at the source has never worked, and argues for behavior-based governance frameworks rather than technology-based restrictions.
A 30-Year Game of Cat and Mouse
When Anthropic launched Mythos, a cybersecurity-specialized model, and built strict export controls and access restrictions around it, an old question resurfaced: Can export controls on cybersecurity-related software actually prevent technology proliferation?
Looking back at the past 30 years of history, the answer is nearly unanimous — no. From PGP encryption software to various cybersecurity tools, every attempt to restrict technology flow through export controls has ultimately proven ineffective. Today, the same logic is playing out again with AI cybersecurity models.
The PGP Incident: Where the Absurdity of Export Controls Began
A Book That Shattered the Control Barrier
In 1991, Phil Zimmermann released PGP (Pretty Good Privacy) encryption software, giving ordinary people access to military-grade encryption technology. PGP employed a public-key cryptography system, cleverly combining the RSA asymmetric encryption algorithm with the IDEA symmetric encryption algorithm, allowing anyone to conduct end-to-end encrypted communication without pre-exchanging keys. Before PGP, this level of encryption was restricted to military and intelligence agencies. The U.S. government promptly launched an investigation citing violations of the International Traffic in Arms Regulations (ITAR), as strong encryption was classified as "munitions" at the time — under ITAR, encryption products with key lengths exceeding 40 bits were listed alongside missiles and tanks on the munitions list. Zimmermann had originally uploaded PGP to internet BBS systems intending to provide communication protection tools for human rights activists, but faced a three-year federal criminal investigation as a result.
However, the absurdity of the controls was quickly exposed. PGP's complete source code was published as a printed book — and books are protected by the First Amendment of the U.S. Constitution, exempt from export controls. Just like that, a technology classified as a "weapon" legally flowed around the world in paperback form, and anyone could rebuild the entire software simply by scanning the pages. In 1996, the U.S. government was forced to drop its investigation of Zimmermann.
The Lasting Lessons of the Crypto Wars
This confrontation, known as the "Crypto Wars," spanned the entire 1990s. The U.S. government attempted to promote the Clipper chip with a built-in backdoor — an encryption chip developed by the National Security Agency (NSA) in 1993, whose core design was a "key escrow" mechanism: copies of encryption keys were held separately by two government-designated independent agencies, and law enforcement could combine these two key copies to decrypt communications after obtaining court authorization. This proposal drew fierce criticism from the cryptography community. In 1994, Matt Blaze, a researcher at AT&T Bell Labs, discovered a serious security vulnerability in the Clipper chip protocol that allowed users to bypass the key escrow mechanism, effectively declaring the scheme bankrupt on a technical level.
Meanwhile, the government also tried to limit browser encryption strength to 40 bits and even equated the export of encryption algorithms with weapons exports. But ultimately, market demand and technological evolution steamrolled all control intentions. By 2000, the U.S. had significantly relaxed export restrictions on encryption products, effectively acknowledging the failure of its control strategy.
The Wassenaar Arrangement and Exploit Tools: Expanding Scope, Persistent Failure
From Conventional Weapons to "Intrusion Software"
The Wassenaar Arrangement is a multilateral export control framework established after the Cold War, originally targeting conventional weapons and dual-use technologies. Founded in 1996 and headquartered in Vienna, it currently has 42 participating states and is the successor mechanism to the Cold War-era Coordinating Committee for Multilateral Export Controls (COCOM). Unlike COCOM's strategy of blocking specific country blocs, the Wassenaar Arrangement requires member states to implement autonomous controls on exports of dual-use technologies and conventional weapons, maintaining two key lists: the "Munitions List" and the "List of Dual-Use Goods and Technologies."
In 2013, the arrangement added "intrusion software" to its controlled items, attempting to restrict the cross-border flow of cyber attack tools. The technical definition includes "software capable of circumventing protective measures of computers or network devices" and "software capable of extracting data from computers or network devices."
This decision immediately triggered strong pushback from the cybersecurity industry. Security researchers pointed out that the definition of "intrusion software" was overly broad, covering virtually all penetration testing tools and vulnerability research outputs. Widely used open-source security tools like Metasploit and Nmap could technically fall within the controlled scope. Metasploit Framework, created by HD Moore in 2003 and currently maintained by Rapid7, contains over 2,000 documented exploit modules and is the standard tool for authorized penetration testing by security professionals worldwide. Nmap is an infrastructure-level tool for network scanning and security assessment. The source code for both tools is completely open, hosted on platforms like GitHub, and freely available for anyone in the world to download, modify, and distribute. Attempting to impose export controls on such widely disseminated open-source tools is virtually impossible at the enforcement level. More critically, the controls were effectively toothless.
Commercial Spyware Still Proliferated Globally
That said, commercial spyware like NSO Group's Pegasus and Hacking Team's remote control systems still flowed to dozens of countries worldwide under the banner of export controls, including multiple authoritarian regimes. NSO Group is an Israeli cyber intelligence company whose flagship product Pegasus can remotely compromise iPhone and Android devices without any user interaction (i.e., "zero-click" attacks), gaining access to virtually all data including encrypted messages, call records, and location information. In 2021, the "Pegasus Project" — an investigation by a consortium of 17 media organizations — revealed over 50,000 phone numbers of potential surveillance targets, including journalists, human rights activists, and political figures. Hacking Team, an Italian company, was hacked in 2015, and the resulting 400GB data leak revealed that its clients included governments of countries like Sudan and Ethiopia, which have been accused of serious human rights violations. Despite Israel and Italy both being Wassenaar Arrangement participants, exports of these commercial spyware products continued unimpeded until the U.S. Department of Commerce placed NSO Group on the Entity List in 2021, which finally produced substantive impact.
These cases clearly demonstrate: Export controls not only failed to prevent the proliferation of malicious tools but also created unnecessary obstacles for legitimate security research.
Mythos and the Control Dilemma of the AI Era
Anthropic's Cybersecurity AI Model Faces the Same Paradox
Mythos, launched by Anthropic, is an AI model specifically optimized for cybersecurity scenarios, with capabilities in vulnerability analysis, threat detection, and more. Given its potential dual offensive-defensive use, access controls and export restrictions around the model have become an industry focal point.
However, historical lessons clearly show that attempting to limit the proliferation of AI cybersecurity capabilities through controls faces the same fundamental contradictions as 30 years ago:
- The irreversible spread of knowledge: Once core technical principles are public, controls lose their foundation. As of 2025, the open-source large language model ecosystem is highly mature — Meta's Llama series, Mistral AI's models, and numerous community fine-tuned versions are all freely available. AI capabilities related to cybersecurity are not some irreproducible "black technology" — they are essentially the result of fine-tuning large language models on specialized security domain data. Publicly available vulnerability databases (such as CVE, NVD), security research papers, penetration testing reports, and other training data are widely accessible, meaning any team with sufficient computational resources can independently train AI models with similar cybersecurity capabilities. Controlling a specific model product cannot prevent the independent reproduction of underlying capabilities.
- The inseparability of defense and offense: Offensive and defensive tools in cybersecurity are fundamentally two sides of the same coin. Restricting the circulation of defensive tools often simultaneously weakens the security capabilities of those being protected.
- A globalized research ecosystem: Cybersecurity research is a highly internationalized field, and the cross-border flow of talent and knowledge is far beyond what administrative orders can block.
The Real Cost of Export Controls Cannot Be Ignored
More concerning are the "side effects" of export controls. Excessive controls may result in: legitimate security researchers having their work obstructed, defenders having their access to advanced tools cut off, while the actual malicious actors — nation-state hacking groups and cybercrime syndicates — never stop because of a piece of paper.
What Kind of Governance Framework Do We Need
30 years of history have repeatedly proven that export controls on cybersecurity technology are almost entirely ineffective at preventing technology proliferation. From PGP to Mythos, only the technology medium has changed — from encryption algorithms to AI models — while the underlying logic of control failure has never changed.
This does not mean AI cybersecurity capabilities don't need governance. Quite the opposite — we need a more pragmatic governance framework: one that focuses on usage behavior rather than the technology itself, establishes international cooperative threat intelligence sharing mechanisms, and ensures defenders always have access to the most advanced security tools. This approach has precedent in other domains and a solid legal foundation in cybersecurity. The Budapest Convention on Cybercrime, which took effect in 2001, adopted behavior-based governance logic — it does not prohibit the possession and distribution of security tools, but instead defines unauthorized access to computer systems, data theft, and similar behaviors as crimes. Extending this paradigm to AI cybersecurity tools means establishing clear "red line" behavior definitions, robust attribution and accountability mechanisms, and international law enforcement cooperation frameworks, rather than attempting to block technology flow at the source.
Continuing to apply the export control approach that has already been proven to fail will not only fail to solve the problem but may also create new risks during this critical period for AI safety.
Related articles
TechCrunch Founder Summit Boston: Early Bird Pricing Ending Soon — Save Up to $190
TechCrunch Founder Summit comes to Boston in November 2025. Early bird pricing ends June 26 — save up to $190. Learn about the event's founder-first focus and Boston's startup ecosystem.
Sakana AI Enters Defense Intelligence: Partnering with Japanese Think Tank DEEP DIVE to Advance AI-Powered Intelligence Analysis
Sakana AI partners with Japanese think tank DEEP DIVE to apply AI to defense intelligence analysis, combining OSINT data with AI capabilities to overcome human analysis bottlenecks.
NVIDIA XR AI Platform Explained: Full-Stack AI Agent Development for AR Glasses
Deep dive into how NVIDIA's XR AI platform enables AI Agent development for AR glasses through cloud-edge architecture, covering visual perception, voice interaction, and multimodal reasoning.