The U.S. Large Model is going to be closed in the name of safety

Author:Xiao Jing

Editor: Seo Cyangyang

 

Early on 27 June, Anthropic announced that the United States Government had approved the redeployment of its strongest cybersecurity model, Mythos 5, to over 100 United States agencies, including large businesses and government departments. A public-oriented version of Fable 5 "Recovers on the way."。

According to correspondence from Foreign Minister Lutnik to Tom Brown, co-founder of Anthropic, Luttnik informed Anthropic that he had “established that appropriate safeguards were in place”。

In the same letter, however, Lutnik pointed out that all other requirements of the initial directive of 12 June were still in forceAnd there is no mention of when Fable 5 will be restored to the public。

At almost the same time, in the early hours of 27 June, OpenAI officially released three modules of the GPT-5.6 series: Sol, Terra and Luna. Also at the request of the White House, GPS-5.6 is open to API visits only to “partners approved on a case-by-case basis by the Government”, and ChatGPT is not on line。

Looking back at the entire timeline: On 2 June, Trump signed AI Executive Orders, on 9 June, Anthropic issued Fable 5 and Mythos 5, on 12 June, on 12 June, the Ministry of Commerce ordered a full layoff, on 26 June, OpenAI issued GPS-5.6 but was restricted for distribution, and on 27 June, Mythos 5 was allowed limited recovery。

LESS THAN A MONTH LATER, THE UNITED STATES GOVERNMENT'S CONTROL OF THE FRONT-LINE AI MODEL WENT THROUGH A FULL “STOP-NEGOTIATION-CONDITIONAL RELEASE” CYCLE。

Dean W. Ball (former White House AI consultant), head of the OpenAI strategy team, summarized the impact of this on industry in his blog on June 16:FRONT-LINE AI MODEL DEVELOPERS NOW NEED GOVERNMENT-DEFINED `GREEN LIGHTS' TO RELEASE.”。

Dean W. Ball, in a long article entitled "What Should Be Done" dated 26 June, commented: “No one knows exactly what is required to obtain permission. Here I say "no one," which literally means:Even the government doesn't know about itI don't know

Figure:DeanWall'sLongWhat should Be Done

Is it really strong enough to be unsafe

This is the central question of the whole thing. Government action is based on an implicit premise: The capabilities of these models are strong enough to pose unacceptable security risks. However, the company ' s own official assessment gave the exact opposite conclusion。

OpenAI published a complete security assessment in the GPT-5.6 blog, and Sol did not cross this line, according to the preparatory framework that OpenAI itself had established and publicly released. The Red Line definition of the framework is whether the model can autonomously identify and exploit unknown loopholes in high-value targets without human assistance。

The results of the test were that Sol was able to identify loopholes on Chromium and Firefox and to use the original language (exploitation techniques), but that “the whole available end-to-end attack chain was not generated autonomously under the conditions of the test”. OpenAI's own judgement is that Sol is better at helping people find holes and patches, and that he is not responsible for the complete attack。

But OpenAI then wrote:Very emotional"benchmarks cannot capture every way a model may be used or compined with other tools." but who knows how it works in the real world? a grey area of ambiguity was deliberately created。

Anthropic is not so "intellectual." In its statement of 13 June, Anthropic refuted the Government ' s arguments, one by one. The Government claimed to have discovered Fable 5's escape method, and Anthropic responded: first, it was a “simple, non-universal escape” that essentially allowed models to read a code and then point out deficiencies; second, “other publicly available models, including OpenAI's GPS-5/5, could do it”; and third, Anthropic spent thousands of hoursRed team testing“No tester found General Escape”。

Anthropic CEO Dario Amodei, in a long paper published on 11 June, Polity on the AI Express, had prejudged the situation, stating clearly that “Governments can prevent unsafe deployments, provided the process is transparent, fair, clear and based on technical facts. This operation does not conform to these principles.”

The two most intense competitors, in the same month, used their own independent assessment systems to arrive at the same conclusion: these models do not pose a non-deployable risk under an industry-built safety framework。

So the question arises, if the model does not cross the industry red line, how can the Government intervene? Dean Ball further disclosed that the Government had previously engaged the sole officer with leading AI experience to chair the AISI Centre for Standards and Innovation (CAISI), who had served in OpenAI and Anthropic but had been dismissed at a senior level for a few days. The remaining CAISI team is in a state of lockout throughout the “post-Mythos crisis” and is not even allowed to communicate with other government agencies。“NO ONE OF THE GOVERNMENT OFFICIALS I KNOW IN TRUMP HAS A FRONT-LINE AI EXPERIENCE”。

Ball means that the person making the regulatory decision has neither defined security standards nor the technical capacity to assess the models。

To go further, the natural question is, is Fable 5 and GPT-5.6 Sol really crossing some kind of “human threat singularity”? Is there an objective red line of capabilities that must be controlled when crossed

SEVERAL AI EXPERTS INDICATED THAT SUCH A LINE WAS NOT TECHNICALLY AVAILABLE. MODEL CAPABILITIES ARE CURVES OF CONTINUOUS GROWTH. EACH GENERATION OF MODELS IS “HIGHEST IN HISTORY”, BUT ONLY THIS TIME TRIGGERED DIRECT GOVERNMENT INTERVENTION。

There are three implicit conditions behind this:

First, capabilities have become “demonstrable”. Anthropic himself promoted Mythos 5 as “the world's strongest cybersecurity model”, and the case of Stripe moving 50 million lines a day was widely disseminated. These stories allow statesmen who do not understand technology to imagine “what if bad people use them”。

Former chief AI scientist, Turing Prize winner, MetaYann LeCunThis logic was made public as early as November 2025: when Anthropic published its first report on the threat of cyber attacks, LeCun directly called it “regulatory after”, accusing Anthropic of using the AI security fear of “manipulate legislators” to “regulatory capture”。

LeCun then judged:Closed-source companies systematically exaggerate AI security threats, with the aim of creating compliance barriers that only large companies can pass and excluding open-source competitors. Antropic didn't think that the stone had hit itself first。

Second, someone handed over a knife. The Amazon CEO Andy Jassi presented the Government with a security risk report for the Anthropic model. The Amazon is the largest investor in Anthropic and its cloud service partner, with competition for self-study models (Nova series) and Anthropic. As a result, the Government acquired a source of legitimacy for its actions。

Thirdly, Trump just signed an AI Executive Order early this month to give the Government 60 days to develop the “voluntary submission rules” of the frontier model. The executive order requires the first enforcement case to prove that it is not waste paper. Fable 5 hit the gun。

This leads to a deeper problem, where “too strong to take care of” and “too strong” by the regulator, standards are not open, thresholds are not clear and recourse procedures are not available, and each forward model release in the future will face the same uncertainty. Businesses do not know when their models will trigger controls。

PICTURE GENERATED BY AI

02 History Mirror, 30 years agoPassword War

The attempt by the United States Government to use export controls to curb the so-called proliferation of dangerous technologies is reminiscent of a similar historical precedent, the "Crypto Wars" of the 1990s。

After the end of the cold war, the Internet began to commercialize and computer scientists were developing encryption techniques to protect the security of data transmissions. The U.S. governmentForce decryptionCategorized as “military items”, placed on the same export control list as missiles, tanks (ITAR/EAR). The logic is very similar to today's, if the enemy gets imposedNSATheir communications cannot be monitored (United States National Security Agency) and national security is threatened。

THIS MEANS THAT AMERICAN SOFTWARE COMPANIES CAN ONLY EXPORT A WEAK ENCRYPTED VERSION OF 40 KEYS TO OVERSEAS CUSTOMERS, THAT NSA CAN EASILY BREAK THROUGH THE VERSION, AND THAT THE DOMESTIC VERSION CAN USE 128 SECRETES. FOREIGN USERS KNEW THAT THEY WERE GETTING CASTRATION VERSIONS AND BEGAN TO SWITCH TO ALTERNATIVE PRODUCTS IN EUROPE AND ISRAEL。

In 1991, a password lover named Phil Zimmermann wrote the PGP (Pretty Good Privacy), a software that allowed ordinary people to use the mandatory security of mail. He uploaded PGP to the Internet. The United States Customs Service then opened a criminal investigation against him for “illegal export of military supplies”。

Zimmermann's counter-attack was extremely clever: he printed the full source code of the PGP into a book. Books are protected by the First Amendment and freedom of publication is a constitutional right. You can control software, but you can't ban a book from export. The investigation lasted three years and ended in 1996 when the Government did not initiate proceedings。

At almost the same time, NSA launched a more radical programme: the Clipper chip. The design idea is that all communication equipment must be equipped with this chip, which is for encrypted communications, a key hosting mechanism for inside the chip, and that, with the authorization of law enforcement, the Government can decrypt communications through the hosting key. Inter-user communications are encrypted to third parties, but Governments can decrypt them at any time. The Clinton administration pushed the scheme. As a result, the academic community discovered the design defects of the chip, the collective resistance of the scientific and technological industries, and the strong public opposition, which led to its total death in 1996。

In 1995, a mathematician, Daniel Bernstein, wanted to post his own encrypted algorithmic source code online, which was banned by the Government on export control grounds. He sued the Ministry of Justice. The Ninth Circuit Court of Appeals issued a far-reaching decision: the software source code was a “speech” protected by the First Amendment and the Government's export control of encryption codes was unconstitutional. This decision directly undermines the legal basis of the entire control system。

IN JANUARY 2000, THE CLINTON ADMINISTRATION SIGNIFICANTLY EASED ITS ENCRYPTED EXPORT CONTROLS. IT'S BECAUSE IT'S OUT OF CONTROL. THE PGP HAS LONG SPREAD AROUND THE WORLD, OPEN-SOURCE ENCRYPTION ALGORITHMS ARE WIDESPREAD WORLDWIDE, CONTROLS ARE MERELY IMPEDING THE COMPETITIVENESS OF UNITED STATES COMPANIES, AND FOREIGN CLIENTS HAVE ALREADY SHIFTED TO OTHER SUPPLIERS。

The end-to-end encryption of today's Signal and WhatsApp was created after deregulation. These products would not have existed if the controls of the 1990s had continued to date。

IN THE 1990S, WHAT WAS REGULATED WAS THE IMPOSITION OF SECRET ALGORITHMS ON THE GROUNDS OF NATIONAL SECURITY, THE TOOL BEING THE CONTROL OF THE EXPORT OF ITAR MILITARY SUPPLIES, THE INJURY TO UNITED STATES SOFTWARE COMPANIES (FORCED TO EXPORT WEAK VERSIONS), AND THE INJURY TO FOREIGN DEVELOPERS (SELF-ENCRYPTED ALGORITHMS)。

IN 2026, IT WAS THE FRONT-LINE AI MODEL CAPABILITY THAT WAS REGULATED FOR REASONS OR NATIONAL SECURITY, AND THE TOOL WAS THE EXPORT CONTROL DIRECTIVE。

Who's really gonna get hurt this time

Foreign media comments that:No one has spent $100 billion on a data centre, serving 100 companies approved by the Government”。

The training costs of the front-line model were set at billions of dollars, while the cost-recovery window was only a few months after the release, after which the model became a sub-frontier, with increased competition and reduced profitability. Each week of delays in approval is eating up this limited profit window. Brandom concludes:“If sustained, the underlying investment logic of the whole industry will be shaken”。

The central argument of Jeffrey Ding, Assistant Professor of Political Science at George Washington University, is that, in technological competition in large countries, it is not who invented a technology first, but who can spread it more quickly across the economy. This is particularly true of generic technologies — which require widespread social proliferation, new organizations around which they have been created and large-scale real-world use of data to discover its application boundaries. Dean Ball, citing Ding, wrote: “The use of general-purpose technology has been discovered and not previously known”。

But on the other side of the ocean, China's big model is heading towards global developers in an open-source fashion。

ENCRYPTION ALGORITHMS ARE PURE MATHEMATICS AND CANNOT BE RETRIEVED ONCE PUBLISHED. WHILE AI MODEL WEIGHTS HAVE SIMILAR PROPERTIES, THE REASONING OF THE CLOSED-SOURCE FRONTIER MODEL DOES CONCENTRATE BEHIND THE API OF A FEW COMPANIES。

HOWEVER, THE CAPABILITY OF OPEN SOURCE MODELS IS BEING PURSUED FROM GENERATION TO GENERATION, AND CONTROLS CAN SLOW PROLIFERATION AND CANNOT STOP IT. IT TOOK ALMOST 10 YEARS IN THE 1990S TO REACH THE POINT OF “REGULATING DEREGULATION”. DOES AI CONTROL NEED A SIMILAR TIME CYCLE

The U.S. Big Model is in the era of censorship

IN JUNE 2026, THE HISTORY OF THE AI INDUSTRY COULD MARK A TURNING POINT: FOR THE FIRST TIME, THE GOVERNMENT SUCCEEDED IN INSERTING ITS ROLE AS AN APPROVING AUTHORITY BETWEEN THE BUSINESS AI MODEL AND ITS USERS。

Dean Ball, in What Should Be Done, warned that, if the market were to panic, it would be far more effective than the AI industry itself: “From nuclear energy to gas to electricity and electronics, the massive investment in US re-industrialization is clearly or implicitly premised on the future needs of the AI industry。If this demand is not met by government regulation, the chain reaction will be far greater than one could imagine.”

But Ball also admitted that the direction was not entirely wrong: “The concern that front-line AI does have a potentially catastrophic risk is not forged. The problem is the way of implementationAn approval process without technical experts, without clear criteria and without a timetable is not the answer.”

OpenAI states that GPT-5.6 is a “short-term measure” that may be open to the public in a few weeks. However, the “limited recovery” of 27 June in Mythos 5 has given a template, whether full liberalization or only partial American institutions and other restrictions remain in force. Each long-term system was initially referred to as “short-term measures”。

Dean Ball concludes with a sentence that deserves serious consideration by all: “If only a very small number of people have access to Frontline AI, a bad future is more likely to happen. Because those few, often, are already endowed with great economic and political power”。

It is estimated that the global community of developers is remembering the era of OpenAI launches, with no time lags, surprised by the progress of new models and the overnight testing of new scenarios。

Now, however, we can “crawl” with anticipation the release of China's latest big model。