Washington's AI Ban and Reversal Exposed the Bigger Problem: It Can't Measure Cyber Risk in the Real World - Orion Policy Institute
Skip to content
Search
Search
X-twitter
Cyber Security & Info Technologies
Washington’s AI Ban and Reversal Exposed the Bigger Problem: It Can’t Measure Cyber Risk in the Real World
Jul 9 , 2026
Policy Brief
Home<br>Orion Forum<br>Washington’s AI Ban and Reversal Exposed the Bigger Problem: It Can’t Measure Cyber Risk in…
Anthropic’s Mythos/Fable model ban showed Washington acting on a lab signal it could measure while flying blind on the one it can’t.
On June 12, the Commerce Department ordered Anthropic to cut off foreign-national access to its two most capable models, Fable 5 and Mythos 5. The reason, according to reporting, was a jailbreak that could unlock the model’s highly capable offensive cyber capabilities, though that account remains contested. In response, the company disabled the models for every customer on earth in order to comply and noted, after complying, that comparable capabilities exist in rival models, and those models were not affected by this order. Over the next eighteen days the government reversed itself in stages, first restoring Mythos to a set of approved partners, then lifting the controls entirely, a walk-back as unstandardized as the original ban. By July 1, Fable was back online worldwide. Whether any step along the way was justified is difficult to know, because none of it could be checked against a systematic public record of what AI actually does in real cyber intrusions. Building that record is the focus of this article. The fix is small, four questions added to a reporting rule the government is already finalizing, and the benefit is direct: the first standing federal record of AI’s role in real attacks, so the next decision like June’s can rest on evidence instead of guesswork.
The reason it is not verifiable today is that the federal government is limited in what it can and cannot effectively measure. Today, the federal government and model providers can measure and record what Mythos does in a test. For example, Anthropic said back in April 2026 that its Mythos model found thousands of high-severity zero-day vulnerabilities on its own, a claim not fully consistent with some independent testing performed subsequently. Any model that can discover serious flaws at scale like Anthropic claims would be a real proliferation risk in the face of a jailbreak that can be leveraged by capable non-state cyber actors or nation states. What Washington cannot measure in a reliable way today is what role AI plays in the kill chain of any real attack, and whether that laboratory capability is being weaponized in the wild, by whom, at what rate, to what effect.
Given this state of affairs, when the Trump administration felt it had a reason to act, it reached for the one lever backed by the evidence it could see and swung it as hard as the lever goes: a global kill switch on a commercial product, on a contested signal, with no standard for when a capability crosses into danger or against whom the response should fall. In national security, the government rarely has the luxury of waiting out uncertainty; when a threat cannot be verified or bounded, the protective option usually wins, and on those terms the ban may have been a defensible one-time call. But forced caution is not a substitute for a consistent policy, and the decision may be indicative of other considerations given the recent legal history between Anthropic and the Trump Administration. Acting on the meter that you can read (capability during testing) while blind on the one that’s missing (use in the wild) is not a stable way to govern a fast-moving technology.
This failure is not a one-off. Much of the architecture Washington built in the last year overlooked the same missing measurement. A February 2026 NIST standards initiative, a March 2026 national cyber strategy, a June 2026 executive order, and a House draft bill all proceed from the premise that AI has changed the way malign actors conduct attacks, all without a reliable data-driven way to tell how much of any real intrusion AI made newly possible versus just made faster and cheaper. Those are different aspects of the AI cyber threat demanding different responses, and the gulf between them is a well-established complaint: in February 2026, the International AI Safety Report conceded that incident data "rarely allow for confident attribution," and analysts have warned the government has no systematic way to tell a genuinely AI-enabled attack apart from a conventional one.
The ambiguity is real in either direction and that is why just assuming or guessing won’t do. A randomized trial by RAND for the UK’s AI Security Institute in a May 2026 report found "generally statistically insignificant" gains when people used frontier models to run end-to-end attacks. Yet the capability side just moved: in...