- within Technology, Wealth Management and Employment and HR topic(s)
- with Senior Company Executives, HR and Inhouse Counsel
- with readers working within the Law Firm industries
Putting aside its earlier permissive, innovation-fostering position on AI, the US government has pivoted hard toward building up a national security framework for regulating advanced AI. Under this new approach, the US government seeks unfettered access to and control over AI for its own use, including for warfare and all other “lawful government purposes,” while curtailing access to the most advanced frontier models for businesses, governments and individuals abroad. The developments expose all businesses that make or use AI inside and outside the US not only to legal risks, as exemplified by Anthropic’s recent well-publicized experience, but also to the real operational risk that they may lose access to the most advanced versions of AI tools from the US, which may be mission-critical for many international companies.
The national security paradigm shift
The US government first moved to exercise more control over its own use of AI tools when it designated Anthropic as a supply-chain risk in response to Anthropic’s efforts to impose guardrails on how its technology is used. Litigation about this designation is ongoing, with resolutions likely in the late summer or fall. At around the same time, the US government proposed new contract terms that would give it free rein over use of all government-procured AI tools and impose other conditions on its unfettered use of AI tools, which are still in the proposal stage but could take effect later this summer or early fall. We’ve covered both these topics previously and will continue to track them.1
The government recently continued its enforcement efforts. When in April 2026 Anthropic released its most powerful model to date, Mythos 5, Anthropic deemed it too dangerous for public release and instead allowed only a few dozen trusted cybersecurity vendors, major technology companies and the US government to test it under a project called Glasswing. For example, Mythos reportedly discovered cybersecurity exploits in widely used IT systems that had gone undiscovered by human researchers for decades.2
In June 2026, in keeping with Anthropic’s public stance in its ongoing legal battle to prohibit the Department of War from using its models for “all lawful purposes,” including fully automated killing and mass domestic surveillance, Anthropic’s CEO issued an open letter calling for more government regulation to block unsafe deployment to the public of powerful frontier models like Mythos.3 Shortly after, Anthropic issued to the public a revised version of this model, Fable 5, which is essentially Mythos with certain safety guardrails built in for public use.
Within days of Fables public release, citing reports that Fable’s guardrails could be overridden and used to generate cybersecurity threats, the US Commerce Department issued a cease-and-desist directive to Anthropic under its export control powers to prevent any foreign national from accessing Fable 5. The Commerce Department gave Anthropic 90 minutes to comply, and Anthropic responded by disabling access to the most powerful version of Fable.
Almost simultaneously, the US government reacted by setting up a voluntary pre-release review framework for advanced AI systems to allow the US government a first peek at any new powerful frontier AI models. Reports have also surfaced claiming the government is intervening in the release of the latest OpenAI frontier models.
These developments represent a sudden and significant policy shift from fostering AI innovation and reducing government intervention to restricting and monitoring frontier models on the basis of national security. In this article, we examine the government’s efforts to restrict access to frontier AI under the “voluntary” framework backed by the threat of immediate imposition of export controls.
The not-so ‘voluntary’ pre-release review
On June 2, 2026, the White House issued an executive order titled Promoting Advanced Artificial Intelligence Innovation and Security (Executive Order). The Executive Order established a voluntary framework through which developers of certain advanced AI systems may provide the federal government with access to models before public release for cybersecurity and national-security review. The framework contemplates government review of up to 30 days and focuses on advanced cyber capabilities and other national-security concerns. The Executive Order expressly states that it does not create mandatory licensing, pre-clearance or permitting requirements.4
The administration has emphasized that the framework is voluntary and intended to balance continued US AI leadership with growing concerns regarding cybersecurity and critical-infrastructure protection. The Executive Order also contemplates development of benchmarking criteria for identifying certain “covered frontier models” that may present heightened cybersecurity risks.5 To date, the procedures, standards and definitions that will apply to this voluntary framework have not been publicly released.
Recent reporting also indicates that the Trump administration requested that OpenAI stagger its release of GPT5.6 and initially limit access to a smaller group of approved organizations while certain security concerns were evaluated. Reports indicate that discussions involved government officials responsible for cybersecurity and technology policy.6
Although details remain limited, the reports suggest increasing government engagement with frontier AI developers before the broad deployment of highly capable systems. If accurate, they provide another indication that oversight is increasingly occurring through existing legal authorities and informal coordination rather than through dedicated AI-specific legislation.7
This is consistent with the Bureau of Industry and Security’s (BIS) increasing use of “is informed” letters, which are an informal tool that BIS uses to impose and communicate supplemental license requirements to specific exporters, with respect to particular products. In past guidance, BIS has highlighted its use of “is informed” letters as one of several mechanisms by which it may notify companies regarding diversion risks. BIS has issued such letters to NVIDIA as recently as last year regarding the export of certain of its products to the People’s Republic of China.
The real question facing industry, however, is how voluntary this pre-release review process really is, given the subsequent application of export controls to Anthropic’s latest frontier model.8
Made in America — and just for America?
Shortly after the Executive Order, Anthropic gave the government a pre-release preview of the model and cooperated with the government to mitigate risks. Despite those efforts at collaboration and self-regulation, on June 12, the government imposed export controls on Fable 5 and Mythos 5. This move was a shift from historical uses of export controls, which often focused on technologies related to semiconductors, advanced computing hardware and access to compute resources.9 It is the first time that export controls have been used to restrict foreign access to frontier AI models.
Given that Anthropic was unable to restrict Fable 5 access to only US citizens, based on its then-current access control measures, the company disabled access to the affected models worldwide while it worked to address the government’s concerns. On June 26, the government authorized Anthropic to grant access to Mythos 5 to a limited set of vetted users. Rather than challenge the export controls in court, Anthropic chose to work cooperatively with the government to address its concerns. On June 30, the Department of Commerce lifted the export controls on Fable 5 and Mythos 5, allowing Anthropic to begin restoring global access.10 In the interim, Anthropic updated its online privacy policy to indicate that it may collect citizenship and nationality personal data, presumably in an effort to comply with the directive.
The rapid deployment of impactful export controls to cut off global access to powerful, widely used AI tools raises real concerns about how and whether businesses outside the US should rely on US-sourced AI technologies, considering they may suddenly become unavailable based on abrupt US policy changes. There are also practical operational challenges for multinational teams that have access to these tools in the US but may not be authorized to share those resources with foreign nationals in the US or outside the US.
A recently filed lawsuit by Legion, a legal technology company with offices and employees in Canada, further illustrates the effect these export controls can have on businesses around the world. Legion challenges the federal government’s directive restricting access to certain Anthropic models, alleging that the loss of access for its Canadian teams significantly impacted its business.Although the Legion matter arises in a different factual context, both disputes reflect the growing likelihood that courts will be asked to address how export-control authorities, procurement rules and other national-security controls apply to advanced AI systems.11
Key takeaways
Several themes are emerging from these developments:
- The US government is to a greater degree approaching advanced AI through a national-security and cybersecurity lens.12
- BIS is increasingly using company-specific and informal mechanisms to communicate with exporters, such as “is informed” letters, which it may continue to use in the context of new model releases. This approach makes requirements in this area more volatile and subject to short-term reversals and changes.
- Export-control concepts may be applied more frequently to advanced AI models themselves, not merely to the hardware and infrastructure used to develop them.13
- The Executive Order establishes a framework for pre-release government engagement with developers of certain frontier AI systems. Although the framework may be voluntary on its face, the threat of last-minute and impactful export controls places significant risk around nonparticipation.14
- Recent developments suggest greater government involvement in the deployment of highly capable AI systems, even where formal licensing requirements do not exist.15
- Businesses developing, deploying or relying on advanced AI systems should begin evaluating the implications for AI governance, cybersecurity, export-control compliance, customer access controls and cross-border operations. They should also review their supply chain and vendor contracts, as well as contingency plans, to assess and mitigate any risk of suddenly losing access to business-critical AI models.
- Anthropic’s experience illustrates that cooperative engagement with the government — rather than direct legal challenge — may prove to be an effective strategy for navigating export controls on frontier AI. Businesses facing similar regulatory actions should consider whether negotiation and collaboration with regulators may yield faster and more favorable outcomes than litigation.
Author’s note
This article reflects information publicly available as of late June 2026. Future guidance, litigation outcomes or additional governmental action may affect the analysis provided herein.
Footnotes
1 HSF Kramer,‘All Lawful Uses’: Precautions AI Businesses Need to Take After Anthropic v. US DoW,HSF Kramer Insights(Mar. 2026), https://www.hsfkramer.com/insights/2026-03/all-lawful-uses-precautions-ai-businesses-need-to-take-after-anthropic-versus-us-dow.
2 SeeAnthropic’s Mythos model found vulnerabilities in classified US government systems, AP reports, Reuters (June 24, 2026), https://www.reuters.com/business/anthropics-mythos-model-found-vulnerabilities-classified-us-government-systems-2026-06-24/; Anthropic’s Mythos sends US banks rushing to plug cyber holes, Reuters (May 12, 2026), https://www.reuters.com/business/finance/anthropics-mythos-sends-us-banks-rushing-plug-cyber-holes-2026-05-12/.
3 See Dario Amodei, Policy on the AI Exponential, darioamodei.com(2026), https://darioamodei.com/post/policy-on-the-ai-exponential.
4 Executive Order 14409 (June 2, 2026); White House Fact Sheet (June 2, 2026).
5 White House Fact Sheet (June 2, 2026).
6Cheyenne Haslett, Trump administration steps in to limit OpenAI’s latest model launch, Politico (June 25, 2026); Lockridge Okoth, OpenAI Will Reportedly Stagger GPT‑5.6 Release at US Government Request, Yahoo News / BeInCrypto (June 25, 2026).
7 Id.
8 Ari Hawkins, Trump’s Anthropic Restrictions May Be Illegal, Politico (June 18, 2026); Executive Order 14409 (June 2, 2026).
9 See US Dep’t of Commerce, Bureau of Industry and Security, 87 Fed. Reg. 62,186 (Oct. 13, 2022); US Dep’t of Commerce, Bureau of Industry and Security, 88 Fed. Reg. 73,424 (Oct. 25, 2023); US Dep’t of Commerce, Bureau of Industry and Security, Framework for Artificial Intelligence Diffusion, 90 Fed. Reg. 4,544 (Jan. 15, 2025).
10 See Anthropic, Redeploying Fable 5, anthropic.com (June 30, 2026), https://www.anthropic.com/news/redeploying-fable-5.
11 Legal Tech Co. Sues US Over Anthropic AI Shutdown Order, Law360 (June 24, 2026).
12 Executive Order 14409 (June 2, 2026); White House Fact Sheet (June 2, 2026).
13 Ari Hawkins, Trump’s Anthropic Restrictions May Be Illegal, Politico (June 18, 2026).
14 Executive Order 14409 (June 2, 2026); White House Fact Sheet (June 2, 2026).
15 Politico, Trump administration steps in to limit OpenAI’s latest model launch, Politico (June 5, 2026); Ari Hawkins, Trump’s Anthropic Restrictions May Be Illegal, Politico (June 18, 2026).
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
[View Source]