Anthropic fight shows the challenge of governing AI’s cyber outputs

The recent fight over Anthropic’s newest AI models in Washington exposes a problem that is unlikely to be limited to one company, model or regulatory decision. Frontier AI is forcing government and industry to decide how to govern cyber-relevant outputs from tools that can be used for both defense and attack.

That is the central tension CyberScoop editor-in-chief Greg Otto describes in a recent Cyber Focus podcast conversation with Frank Cilluffo of Auburn University’s McCrary Institute for Cyber and Critical Infrastructure Security.

The immediate issue was Anthropic’s Fable-5 and Mythos 5 models, which became the focus of government concern after the company expanded access to powerful cyber-focused capabilities earlier this month. But Otto says the larger question is whether government and industry have a workable way to evaluate what those models produce, who should be allowed to use them and when a cyber output becomes a national security concern.

“The model itself isn’t the problem; it’s the output,” Otto said.

In cyber, traditional export controls have often focused on the transfer of something defined, such as an exploit or zero-day vulnerability. Otto says the Anthropic case is different because the concern appears to be less about moving a specific exploit than about what a model can generate when prompted by a user.

“The model is a bit different,” Otto said. “It’s software in the same way that Microsoft Word is software. And what we are really worked up about right now is the outputs.”

The debate over defense-oriented prompting illustrates the challenge. Otto describes it as giving a model rigid, security-focused instructions similar to the tasking a red teamer or pen tester might use to find vulnerabilities under controlled conditions. It’s a necessary defensive step, but the output can still alarm officials trying to determine whether a model is producing information that could be misused.

Otto says that helps explain why the Anthropic episode has been so difficult for government and industry to interpret.

“I think a lot of it was in the White House not fully understanding what is possible,” he said. “And that’s not necessarily on the White House. This is new technology.”

The policy challenge is less about whether AI belongs in cybersecurity than about how technical findings should be evaluated, what role developers should play in educating government, and how defenders can use powerful tools without creating unmanaged risk.

For defenders, those questions are front and center. Otto says organizations are already struggling with the volume and quality of AI-generated vulnerability findings.

“They are drowning in bug reports because of AI,” Otto said. “And a lot of those bug reports are a mess or they don’t signify anything.”

With those AI bug reports pouring in, organizations still have to validate findings, prioritize what matters and fix systems that may not be easy to take offline.

The lesson from Anthropic may not be that frontier AI is too dangerous to use. It is that cyber governance now has to account for a harder reality: Risk may not sit neatly in the model itself, but in the outputs it can produce, the context in which they are generated and the controls around who gets to act on them.

You can find the full conversation and other Cyber Focus episodes wherever you get podcasts or at McCraryInstitute.com