For three decades, efforts to restrict the international flow of encryption and cybersecurity software have consistently failed. From the 1990s battle over Pretty Good Privacy (PGP) to modern spyware and now Anthropic's new cybersecurity model Mythos, export controls have proven ineffective. The pattern repeats: technology spreads regardless of legal barriers. It remains unclear why policymakers believe current restrictions on AI security models would succeed where previous controls did not.
History repeats itself. PGP was unstoppable. Spyware too. Now Mythos faces the same fate. Export controls look strong on paper. They crumble in practice. Code is speech. It flows like water. Governments try to dam it. They always fail.
Why? Because security is a global need. Good actors and bad actors both want it. The genie never goes back in the bottle. Anthropic's Mythos will spread. That's not a bug. It's a feature. We should focus on making AI security tools robust and accessible. Not on futile restrictions. Let's learn from history. Or we're doomed to repeat it.