Author: Xiao Jing
Editor: Xu Qingyang
On the morning of June 27, Anthropic announced: The U.S. government has approved the redeployment of its strongest cybersecurity model Mythos 5 to over 100 U.S. agencies, including major enterprises and government departments. The public version Fable 5 is "about to be restored."
According to a letter from Commerce Secretary Rutenik to Anthropic co-founder Tom Brown obtained by foreign media, Rutenik informed Anthropic that he had "determined that appropriate security safeguards are in place."
However, in the same letter, Rutenik pointed out that all other requirements from the initial directive on June 12 remain in effect, and there was no mention of when Fable 5 would be restored to the public.
Almost simultaneously, in the early hours of June 27, OpenAI officially released three models from the GPT-5.6 series: Sol, Terra, Luna. Also at the request of the White House, GPT-5.6 is only open to "government-approved partners" for API access, and the ChatGPT endpoint has not yet been launched.
Looking back at the entire timeline: On June 2, Trump signed an AI executive order; on June 9, Anthropic released Fable 5 and Mythos 5; on June 12, the Commerce Department ordered a full take-down; on June 26, OpenAI released GPT-5.6 but restricted its distribution; and on June 27, Mythos 5 was approved for limited restoration.
In less than a month, the U.S. government's control over cutting-edge AI models has gone through a complete cycle of "halt - negotiation - conditional release."
Dean W. Ball, head of OpenAI's strategy team (former White House AI advisor), summarized the impact of this event on the industry in a blog post on June 16: "Cutting-edge AI model developers now need a clear 'green light' from the government to release.
In a lengthy article titled "What Should Be Done" on June 26, Dean W. Ball commented: "No one knows what the requirements for obtaining a license are. When I say 'no one', I mean it literally: it seems that even government agencies themselves do not know."
Image: Dean W. Ball's lengthy article What Should Be Done
01 Is it really powerful enough to be unsafe?
This is the core question of the whole matter. The government's actions are based on an implicit premise: the capabilities of these models have become strong enough to pose an unacceptable security risk. However, the official assessment from the companies themselves gives a completely opposite conclusion.
OpenAI disclosed the complete security assessment results in its blog announcing the release of GPT-5.6. According to the preparedness framework that OpenAI established and publicly released, Sol did not cross that line. The definition of the red line in this framework is whether the model can autonomously discover and exploit unknown vulnerabilities of high-value targets without human assistance.
The specific test results indicate that: Sol can identify vulnerabilities and exploitation primitives on Chromium and Firefox, but "did not autonomously generate a complete usable end-to-end attack chain under testing conditions." OpenAI's own judgment is that Sol is better at helping people find vulnerabilities and apply patches, rather than reliably executing complete attacks end-to-end.
However, OpenAI immediately added a well-crafted comment: "very emotionally intelligent”: “benchmark thresholds cannot capture every way a model may be used or combined with other tools.” Although it has not crossed the line by our standards, who knows how it will be used in the real world? This deliberately creates a vague gray area.
Anthropic was not so "emotionally intelligent." In a statement on June 13, Anthropic countered the government's reasons point by point. The government claimed to have discovered a jailbreak method for Fable 5, to which Anthropic responded: First, this is merely a "narrow range of non-general jailbreak," essentially asking the model to read a piece of code and then point out the defects; second, "other publicly available models, including OpenAI's GPT-5.5, can also do this"; third, Anthropic has invested thousands of hours in red teaming tests, "and no testers found a general jailbreak."
Anthropic CEO Dario Amodei had already predicted this situation in a lengthy article titled "Policy on the AI Exponential" released on June 11, clearly stating in the declaration: "The government can prevent unsafe deployments, but the process must be transparent, fair, clear, and based on technical facts. This action does not meet these principles).
Two of the most intense competitors, using their independent assessment systems in the same month, reached the same conclusion: According to the industry's self-established safety framework, these models do not pose an un-deployable risk.
So the question arises: if the models haven't crossed the industry's red line, what grounds does the government have to intervene? Dean Ball further disclosed: The government previously hired the only official with cutting-edge AI experience to lead the AI Standards and Innovation Center (CAISI), who had worked at OpenAI and Anthropic, but was dismissed by higher-ups just days into his role. The remaining CAISI team has been in a work stop order status during the entire "post-Mythos crisis," and was even not allowed to communicate with other government agencies. "None of the Trump administration officials I know have cutting-edge AI experience."
Ball's point is that those making regulatory decisions have neither defined clear safety standards nor assessed the technical capabilities of these models.
A further natural question is: Have Fable 5 and GPT-5.6 Sol really crossed some "human threat singularity"? Is there an objective power red line, crossing which requires regulation?
Multiple AI experts have stated that there technically is no such line. The capability of the models is a continuously growing curve. Every generation of models is released as the "strongest ever," but only this time has triggered direct government intervention.
There are three implicit conditions behind this:
First, the capability has become "demonstrable." Anthropic has itself promoted Mythos 5 as the "world's strongest cybersecurity model," and cases such as Stripe's migration of 50 million lines of code in one day have been widely circulated. These stories allow politically ignorant politicians to imagine "what if bad actors use it."
The former Meta chief AI scientist and Turing Award winner Yann LeCun openly pointed out this logic back in November 2025: when Anthropic released its first AI cyber attack threat report, LeCun directly labeled it as "regulatory theater," accusing Anthropic of using AI safety fears to "manipulate legislators" for "regulatory capture."
LeCun's judgment at that time was: closed-source companies systematically exaggerate AI safety threats, aiming to establish compliance barriers that only large companies can meet, excluding open-source competitors. Anthropic did not expect that the stone would first hit its own foot.
Second, someone handed over a knife. Amazon CEO Andy Jassy submitted a report to the government regarding the security risks of Anthropic's models. Amazon is Anthropic's largest investor and cloud service partner, while also developing its own models (Nova series), creating competition with Anthropic. Hence, the government obtained legitimacy for its actions.
Third, Trump had just signed an AI executive order at the beginning of the month, giving the government 60 days to formulate "voluntary submission rules" for cutting-edge models. The executive order needed its first enforcement case to prove it was not just a piece of paper. Fable 5 collided with this legality.
This raises a deeper question: if "too strong requires regulation," and "how strong counts as too strong" is determined by the regulatory body, with no public standard, no clear threshold, and no recourse process, then every release of a cutting-edge model in the future will face the same uncertainty. Companies do not know when their models will trigger regulation.
Image generated by AI
02 Historical Reflection, 30 Years Ago's Cryptography Wars
The U.S. government attempted to curb the spread of so-called dangerous technologies through export controls, reminiscent of a similar historical precedent, the "Crypto Wars" of the 1990s.
After the Cold War, the internet began to commercialize, and computer scientists were developing encryption technologies to protect data transmission security. The U.S. government categorized strong encryption algorithms as "military supplies," placing them on the same export control list as missiles and tanks (ITAR/EAR). The logic is very similar to today; if the enemy obtained strong encryption, the NSA would be unable to eavesdrop on their communications, threatening national security.
This meant that American software companies could only export a weak encryption version with a 40-bit key to overseas customers, a version that the NSA could easily break, while the domestic version could utilize 128-bit strong encryption. Foreign users knew they were receiving "a cut-down version" and began turning to alternatives from Europe and Israel.
In 1991, a cryptography enthusiast named Phil Zimmermann wrote PGP (Pretty Good Privacy), a software that allowed ordinary people to use strong encryption to protect their emails. He uploaded PGP to the internet. Immediately, the U.S. customs initiated a criminal investigation against him—charged with "illegal export of military supplies."
Zimmermann's counterattack was incredibly clever: he published the complete source code of PGP as a book. Books are protected by the First Amendment, and the freedom to publish is a constitutional right. You can regulate software, but you cannot prohibit the export of a book. The investigation lasted three years and was eventually closed in 1996, with the government not filing any lawsuit.
At almost the same time, the NSA launched a more radical solution: the Clipper chip. The idea was that all communication devices must install this chip, which would handle encryption, with a key escrow mechanism allowing the government to decrypt communications upon law enforcement authorization. User communications would be encrypted to third parties, but the government could decrypt at any time. The Clinton administration strongly pushed this plan. Ultimately, the academic community discovered design flaws in the chip, the tech industry collectively resisted, and public opposition was fierce, leading to its complete failure in 1996.
In 1995, mathematician Daniel Bernstein wanted to publish his encryption algorithm source code online but was prohibited by the government citing export controls. He sued the Justice Department. The Ninth Circuit Court of Appeals made a far-reaching ruling: software source code is protected as "speech" under the First Amendment, and the government's export control on encryption code is unconstitutional. This ruling directly undermined the legal basis of the entire regulatory system.
In January 2000, the Clinton administration significantly relaxed encryption export controls. The reason was that it could no longer be contained. PGP had already spread around the world, and open-source encryption algorithms had gained global popularity; regulation was only hindering the competitiveness of American companies, as foreign customers had long since turned to other providers.
After the relaxation of controls, we saw the emergence of end-to-end encryption in products like Signal and WhatsApp. If the regulations of the 1990s had continued to this day, these products would not exist.
In the 1990s, what was controlled was strong encryption algorithms, justified by national security, using ITAR military supply export controls as a tool, with American software companies suffering (forced to export weaker versions), while foreign developers were not affected (as they wrote their own encryption algorithms).
By 2026, what will be controlled is the capabilities of cutting-edge AI models, again justified by national security, and the tool will be export control directives.
Who will truly be harmed this time?
Foreign media commentators pointed out: “No one spends $100 billion building data centers just to serve 100 government-approved companies.”
The training costs of cutting-edge models are in the billions, while the window to recover costs is only a few months after release; after that, the model becomes sub-cutting-edge, competition intensifies, and profit margins shrink. Every week of approval delay consumes this limited profit window. Brandom's conclusion is: “If this continues, the foundational investment logic of the entire industry will be shaken.”
The core argument of George Washington University's assistant professor of political science Jeffrey Ding is: In great power technological competition, what determines victory or defeat is not who invented a technology first, but who can more rapidly diffuse technology throughout the entire economy. This is especially true for general-purpose technologies—it requires widespread social diffusion, new organizations to be created around it, and large-scale real-world usage data to uncover its application boundaries. Dean Ball quoted Ding, writing: “The uses of general-purpose technologies are discovered, not known in advance.”
But on the other side of the ocean, Chinese large models are reaching out to global developers in an open-source fashion.
Encryption algorithms are pure mathematics, and once published, they cannot be recalled. The weights of AI models share similar properties, but the reasoning capability of closed-source cutting-edge models indeed resides behind the APIs of a few companies.
But the capabilities of open-source models are catching up generation by generation; regulation may delay diffusion but cannot stop it. The 1990s took almost a decade to reach the point of "surrender and relax regulations." Does AI regulation also require a similar time cycle?
03 Is American Large Models Entering an Era of Scrutiny?
In June 2026, it may mark a turning point in the history of the AI industry: for the first time, the government successfully inserted itself as an approver between commercial AI models and their users.
In "What Should Be Done," Dean Ball warns that if this causes panic in the market, the effects will far exceed the AI industry itself: "From nuclear power to natural gas to power electronics, a vast amount of investments in America's re-industrialization are explicitly or implicitly premised on the future demand of the AI industry. If this demand cannot be realized due to government regulations, the ripple effect will far exceed what people imagine.
But Ball also acknowledges that the direction is not entirely wrong: "Cutting-edge AI does indeed pose the possibility of catastrophic risks, and this concern is not fabricated. The problem lies in the implementation method, an approval process without technical experts, clear standards, or a timeline is not the answer."
OpenAI stated that the limitations on GPT-5.6 are "short-term measures," potentially to be opened to the public in a few weeks. However, the "limited recovery" of Mythos 5 on June 27 has already provided a template, not a full release, and still limited to certain U.S. agencies, while other restrictions remain in effect. Every long-term system was initially called a "short-term measure."
Dean Ball concluded with a statement worth everyone's serious consideration: "If only a very few people can use cutting-edge AI, a bad future is more likely to occur. Because those few are often groups that already possess massive economic and political power."
It is estimated that the global developer community is reminiscing about the time when they stayed up late for OpenAI's release events, amazed at the progress of the new models, and testing various new scenarios.
However, now we can still look forward to the release of China's latest large model.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
