Lutnick Freezes Global Security Patches to Hoard Federal Leverage

Howard Lutnick freezes global software patches to hoard national-security leverage.

It is true, in the narrow administrative sense in which lawyers usually do, that the Commerce Department holds statutory authority over dual-use technology exports, and that Washington has a legitimate interest in keeping its most advanced cryptanalytic and code-auditing tools out of adversarial intelligence services. The trouble — and here we are obliged to be precise about what “the model” actually is, because the policy debate has the misleading habit of treating AI as an autonomous magic oracle rather than a continually tuned set of weights executing a specific objective function — is that Mythos is a vulnerability scanner. It does not generate cyberweapons; it reads existing source code and identifies the buffer overflows, the race conditions, and the unvalidated input fields that cyberweapons exploit. By classifying a bug-finder as a munition and banning its use by anyone holding a foreign passport — including the foreign-born security researchers at Anthropic who built it — the Commerce Department has not secured the American attack surface. It has simply paused the repair work on the financial grid, the energy sector, and the hospital networks, pending a federal license that will be granted only when the government decides which domestic contractors get to profit from the vulnerability database.

The mechanism here is not security; it is chokepoint capture. The administration spent early 2026 ordering federal agencies off the platform and accusing Anthropic executives of stoking “doomerism,” and then, after a closed-door meeting at the White House, it flipped the dynamic to outright extraction. This is the textbook regulatory play for turning a competitive market into a government-approved consultancy: declare the underlying engineering capability too sensitive for open commercial distribution, restrict supply until only the cleared firms remain, and let the cleared firms bill the public sector at cost-plus rates for work that an open API was already doing at the margin of compute. The guardrails Anthropic installed on the public Fable release — stripping certain dangerous capabilities while leaving the patching logic intact — were dismissed because a user demonstrated a prompt-injection bypass that found a few previously known, minor vulnerabilities. Finding known vulnerabilities is how you verify a scanner actually works. In cybersecurity, a tool that surfaces known bugs during a red-team exercise is performing as designed, not malfunctioning; the standard fix is to tighten the scanner’s own input validation, not to confiscate the scanner. The government’s response was not to ask Anthropic to patch the prompt-injection vector and redeploy the tool to the utility companies waiting for it. The response was to turn the API off for everyone, which conveniently pauses any competitive pressure on legacy defense contractors who sell the same vulnerability-scanning services at a fraction of the speed and a multiple of the standard rate.

There is a structural contradiction in the trade policy that accompanies this ban, which the administration’s own policy proxies will not name out loud. The Commerce Department just spent months actively loosening the export controls on the advanced GPUs required to train these models, blessing shipments of the physical training hardware to the very geopolitical adversaries that the software ban is meant to contain, while simultaneously forbidding the software patch that keeps those adversaries out of the U.S. power grid. The hardware builds the model; the model finds the flaw. You cannot equip the other side’s silicon while disarming your own systems administrators. When the export-control regime is used to pick winners in the domestic vendor queue rather than to interdict actual adversary capabilities, it stops functioning as a national-security instrument and begins functioning as a market-manipulation tool. The documented record shows an executive branch that does not understand the difference between a dual-use offensive capability and a dual-use defensive one, which is an expensive conceptual error to make when the critical infrastructure being protected relies entirely on continuous, automated defensive patching.

Anthropic’s decision to halt all access to Fable 5 rather than attempt to build a software-compliance firewall is the only rational engineering response to a rule that cannot be technically enforced; a language model cannot distinguish between a Canadian cybersecurity consultant and a foreign state-sponsored operator when both inputs are just identical sequences of text tokens. The pause will cost the security industry millions in delayed third-party audits, and it will leave a backlog of unpatched vulnerabilities sitting in the financial and utility sectors, but it will cost the administration nothing in political capital until a grid segment trips offline because the critical patch was still waiting for a procurement signature from a desk at the Bureau of Industry and Security. The administration seems more interested in securing its control over the builder than in securing our systems. When the administrative comment window opens on the proposed rulemaking, submissions must demand the Commerce Department explain why it simultaneously arms adversaries with silicon and disarms defenders with paperwork. The work is to be done.