From PGP to Mythos: A Brief History of Export Controls

For the last 30 years, attempts to stop the flow of cybersecurity-related software have proven ineffective. From PGP to present day, the effectiveness of these controls is being questioned. In this context, the introduction of Anthropic’s new cybersecurity model, Mythos, raises the question: why would we expect these controls to work now?

Cyber export control policies have historically emerged from security concerns held by governments. However, in practice, there is little evidence that these controls have been effective. In the realm of software development, numerous applications that could potentially harm personal data or national security remain readily accessible. The emergence of new technologies like Mythos prompts us to reevaluate the significance of such controls.

As cybersecurity threats and responses evolve rapidly today, the relevance of software export controls continues to wane. This serves as a reminder that the relationship between technology and policy needs reconsideration.