We witnessed at the end of last week the proof that the senior leadership of the US Government does not have a well-informed policy about how government can or should regulate AI. What happened? After the AI team at Amazon found a way around guardrails on a new model from Anthropic that allowed a user to find cyber vulnerabilities, and Anthropic explained that they cannot really do much about that, Amazon’s CEO panicked and called into the Trump Administration at Cabinet level.
After some apparently ill-informed discussion at senior (i.e. non-expert) levels of the government, the Commerce Department quickly issued emergency export control requirements on the Anthropic software banning any non-US citizen from accessing the model. Anthropic, noting accurately that it was impossible to comply with such a restriction, stopped making the model available to anyone as the only way to ban it from foreign access.
One of the ironies here is that this restriction came from an Administration that, until last month, was saying that it was opposed to any regulation of AI because any regulation would stifle innovation. Only when the Pentagon realized that Mythos posed a potential threat to the security of its networks did senior officials start trying to figure out how to regulate AI.
There are credible reports that while the new Anthropic model was available to the public, a Chinese team (and maybe others) were able to create a “pretty good” copy of it through a process called distillation (in which the model can be reverse engineered by asking it a very large volume of questions).
The Anthropic model that is now unavailable was not dissimilar to a model being offered by OpenAI and was less capable than Anthropic’s Mythos model at finding cyber vulnerabilities in software. Mythos, while it was initially released to a handful of “trusted” companies, is rumored to have been utilized more broadly and likely distilled by hackers. Moreover, Chinese open source models and Small Language Models (SLMs) being developed by many companies around the world will have similar capability to Mythos shortly.
During all of the recent panic in Washington, the experts on AI safety and security in the Commerce Department (an office created by the previous Administration) were apparently sidelined. Indeed, after the Pentagon’s concerns over Mythos and a subsequent off again/on again Executive Order requiring voluntary code review, the Administration began setting up a review mechanism in, of all places, the Treasury Department (apparently because the Secretary of the Treasury is highly interested in the issue).
If one is prone to betting on prediction markets, it is probably a safe bet that the export control on Anthropic’s new model will not survive through July, just as the Pentagon’s ban on Anthropic software withered in the daylight of real-world requirements.
All of this is for me a bit of deja vu from the late 1980s when, as Assistant Secretary of State, I was told that one of my jobs was to prevent the uncontrolled export of publicly available encryption software, which had been placed on the Munitions Control List. I demurred and took the software off the List after pointing out that anyone could carry such code out of the country on a thumb drive. I thought by now experts in the government and industry understood the futility of software export controls.
Since apparently not everyone read that chapter in their homework, here is what the US government has to understand:
1) You cannot realistically control access to an AI model once it leaves the lab.
2) Software which can be downloaded in the US can be accessed anywhere in the world through Virtual Private Network tunnels on to US networks or even by simply placing the code onto easily carried hard drives and flying out on a commercial airline.
3) Most AI model’s guardrails can be “jail broken” to some degree unless the model maker prioritizes those controls and actively monitors use of the model to spot and block jail breaking in real time.
4) Standards for guardrails, red teaming, and jail break prevention need to be internationally agreed, applied, and verified, including Chinese models, or malicious actors will simply go to models that are unrestricted.
Now after this recent debacle with trying to regulate one Anthropic model, can we get the ideology out of this issue and get back to the previous Administration’s agenda on testing, red-teaming, standards setting, and international negotiations? Please?
Richard A. Clarke was a Deputy Assistant Secretary of State for Intelligence (Reagan administration) , Special Assistant to the President (Clinton) , and National Coordinator for Security and Counter-terrorism (Clinton/Bush). He is the CEO of Good Harbor Security Risk Management. (richardaclarke.net)
