The U.S. Is Losing the AI Credibility War—to Itself

Matthew Ferren previously served in the Department of Defense where he developed strategies, policies, and plans for employing military cyberspace operations to advance U.S. national security interests and counter major cyber threats.

On June 11, Anthropic apologized after it emerged that its newest AI model, Fable 5, had been silently limiting responses to users suspected of attempting to replicate its technology. The model had also been criticized for refusing to respond to any cyber-related queries, redirecting users to less capable models instead. Two days later, President Donald Trump’s administration barred foreign nationals from accessing Anthropic’s two newest frontier models, Fable 5 and Mythos 5, citing national security concerns. Unable to screen users by nationality, Anthropic announced it had disabled both models worldwide.

The episode underscored how much both administration officials and frontier model developers now recognize the serious cybersecurity risks posed by advanced AI. For Anthropic’s founders, AI safety and security have long been central to their mission. For the White House, Mythos’s emergence earlier this year produced a remarkable about-face, forcing the administration to shift from an aggressive deregulatory agenda to one that is more risk-conscious.

Although this shared focus on AI and cybersecurity is a positive development, over-indexing on risk and failing to align on a clear way forward could cause the United States to miss out on a generational opportunity to improve national cyber defenses.

Using AI for defensive advantage

The administration’s post-Mythos strategy centered on a cyber window of opportunity. The White House believed that American companies and agencies could leverage advanced AI tools to fix as many software vulnerabilities as possible before adversaries acquired and weaponized similar capabilities. Frontier labs operationalized this approach by providing—and sometimes funding—limited access to models with advanced cybersecurity capabilities.

But two recent developments reportedly drove the White House to abruptly reverse course: first, that restricted models had been accessed by unauthorized parties, and second, that guardrails in public models could be bypassed in limited cases. The restrictions on Anthropic’s models are now causing widespread uncertainty in the cybersecurity market and risk wasting a fleeting opportunity to harden U.S. networks.

AI tools promise to shift the dynamics of cyber defense and exploitation in favor of defenders. Realizing this outcome requires putting these capabilities in the hands of as many defenders as possible, even if malicious actors also gain access along the way. Transparency has long been a foundational principle of information security. Open-source software and bug-bounty programs provide shared resilience, even when they surface vulnerabilities along the way.

Adversaries will eventually obtain their own advanced AI capabilities. That may come from jailbreaking publicly available frontier models, gaining illicit access to controlled U.S. models, or developing their own. Estimates put China’s leading models at roughly three to eight months behind the most advanced U.S. models. Even if U.S. labs preserve their relative advantage, Chinese offensive cyber capabilities will continue to mature.

When China acquires its own Mythos-like capability, the United States will need to be ready. That means maximizing this window of opportunity to expand access to defensive tools and increase the speed and scale of software patching.

Controlled access programs like Project Glasswing are a strong start, but frontier labs aspiring to become publicly traded companies may soon find that their fiduciary obligations undercut their ability to fund cybersecurity uplift at scale. When the cost of providing access to AI models conflicts with corporate profit concerns, the U.S. government should step in by providing targeted funding and facilitating cross-lab coordination and efficiency. The U.S. government should also facilitate cybersecurity testing of widely used open-source projects and critical industrial control systems that receive too little attention today.

As general-purpose models become more capable at cybersecurity functions through improvements in baseline reasoning, they will become a standard part of most organizations’ information technology (IT) posture. The federal government should establish benchmarks for AI cybersecurity tools that allow customers to choose models based on verifiable performance claims and enable healthy competition in the emerging market for AI-powered cybersecurity services.

This does not preclude targeted measures to restrict China’s access to advanced cyber capabilities. The United States has both a national security and commercial interest in preventing China from distilling (i.e., stealing) frontier labs’ intellectual property. The Commerce Department should maximize its existing authorities to curb China’s access to the advanced U.S.-designed semiconductors that Chinese firms are currently able to access through poorly guarded loopholes.

Frontier labs and the U.S. government should be working together—not fighting each other—to determine when to restrict capabilities. But those calls should be made transparently and consistently, not through reactive directives.

Accelerating allied access

This erratic approach to AI risk mitigation is undermining the credibility of the U.S. AI stack abroad. Canadian Prime Minister Mark Carney reportedly warned Group of Seven (G7) leaders that the export ban underscores the dangers of relying on U.S. models. If U.S. policymakers want foreign partners to adopt the U.S. AI stack—and forgo China’s—those countries must be able to trust it. Allies will not adopt a model if its performance can be silently throttled by its developer, or if the U.S. government continues to restrict access without warning or coordination.

The United States has a strong interest in the broad adoption of its frontier AI tools. From a cybersecurity standpoint, the United States should want its allies to harden their critical infrastructure against adversary penetration—particularly in places like Japan, where U.S. military installations depend on local power, water, and communications. More broadly, the Pax Silica initiative—the State Department’s flagship effort on AI and supply chain security—underscores the administration’s vision for a U.S.-led global AI ecosystem underpinned by resilient supply chains.

Realizing this vision will require a transparent and consistent approach to managing serious AI model risks that knits together frontier labs and federal policymakers. Without a coherent strategy that brings allies along, Washington risks closing the cybersecurity window of opportunity that the administration is hoping to keep open.

This work represents the views and opinions solely of the author. The Council on Foreign Relations is an independent, nonpartisan membership organization, think tank, and publisher, and takes no institutional positions on matters of policy.