The Trump administration’s approach to AI safety, particularly the generative AI models that regularly grab headlines, has been haphazard at best. At worst, it’s unconstitutional. As EFF and our allies explained in an amicus brief, the Pentagon’s actions against one company, Anthropic, violate the First Amendment because they were motivated by the administration’s desire to punish an uncooperative company, not legitimate concerns about national security.
By and large, the Trump administration’s AI strategy has minimized regulation in the name of “winning” the global “race” to develop leading frontier models. It has pared back regulations intended to address even the most serious AI threats—like AI-enabled cyberattacks on government systems—to protect AI innovation.
Yet it has repeatedly singled out one AI company for arbitrary, heavy-handed rules and sanctions. For years, the federal government relied on Anthropic’s models for use in its classified systems. But after Anthropic resisted the government’s demands to use Anthropic’s models to autonomously kill people or spy on Americans, the government declared war on the “woke” company. It designated the company a “supply chain risk,” effectively banning agencies and government contractors from doing business with the company.
A court issued a preliminary injunction preventing these sanctions from taking effect, as EFF and other civil liberties organizations urged it to do in an amicus brief filed earlier this year. But absent judicial action, these sanctions would’ve cost the company hundreds of millions of dollars. Either way, it sent a clear signal that companies must adhere to the government’s wishes or face similar consequences.
As we explained in our brief filed today, these sanctions were clear retaliation for the company’s public refusal to allow the Pentagon to use its models to develop fully autonomous weapons and spy on Americans. This kind of retaliation is unconstitutional.
In a recent executive order, the Trump administration took its war on Anthropic even further, by imposing “export controls” that ban any foreign nationals from using Anthropic’s new Mythos and Fable models. To comply with this order, Anthropic shut down the models altogether.
These extreme measures were purportedly justified by security concerns. The administration said it feared that Anthropic’s Mythos-class models could be used to find and exploit existing vulnerabilities in software code—hardly a new feat for an LLM. Anthropic itself has contributed to public anxieties about its Mythos-class models, initially claiming that Mythos was too dangerous for public release and restricting access to a handful of partners. The company’s CEO called for a pause on AI development, citing fears that the technology was becoming too powerful.
But regulators should be cutting through the hype, not feeding it. Even if Mythos’s capabilities were a modest improvement over existing technology, others are already closing the gap. In other words, nothing about Mythos is so uniquely dangerous that it warrants exceptional export controls to protect the public. Yet other LLMs with similar offensive cybersecurity capabilities are not subject to export controls. Instead, the government has embraced a voluntary system in which companies are encouraged to submit models to the government for cybersecurity testing 30 days before releasing them to the public.
AI policy should be reasonably responsive to real-world risk, grounded in the realities of the technology, and no more burdensome than necessary to protect the public. But the government’s haphazard decision to impose export controls on Mythos-class models, while subjecting other AI models to nothing more than a voluntary, light-touch framework, meets none of these criteria. As leading cybersecurity experts and executives recently explained in an open letter, these sanctions prevent developers and security teams from using the best models to find and fix vulnerabilities before adversaries, armed with nearly as capable AI, can exploit them.
Decades Later, Code Is Still Speech
More importantly, export controls on important software tools like LLMs can undermine the free flow of digital communications and technologies that activists, innovators, and ordinary users desperately need. Freedom of expression requires access to these tools. Depriving the public of the best AI threatens our rights without making us any safer.
EFF has long opposed government efforts to restrict the publication of non-classified software to the general public. In the 1990s, EFF challenged export controls on encryption software, helping establish the principle that “code is speech,” protected by the First Amendment. Courts recognized that software is not just a functional tool—it’s a means of ideas, knowledge, and technical know-how. And they recognized that the government was overreaching in trying to restrict private developers from sharing their improvements in computer security with the public.
While AI models raise new questions, efforts to restrict access to them implicate the same constitutional and speech concerns as older efforts to restrict encryption. Export controls are uniquely susceptible to abuse. And they are especially suspect when they are unilaterally imposed without clear and fair standards.
Whether these export controls were another attempt to punish Anthropic or simply a misguided security measure, the public loses. The real cybersecurity risks of advanced AI may ultimately justify limited regulations to protect the public from legitimate threats. But whether the government ultimately chooses to heavily regulate the technology or hold off to promote innovation, its rules must be rational and evenhanded.
