Export Controls for AI Models – Practical Implications for Businesses Following the Anthropic Incident

US Government Directive Compels Anthropic to Shut Down Two Advanced AI Models

On June 12, 2026, Anthropic announced that the US government had ordered it to immediately suspend  foreign nationals’ access to its advanced AI models, Fable 5 and Mythos 5, pursuant to an export control directive issued on national security grounds.

As the official order has not yet been published, our analysis of its implications for Israeli technology companies is based on Anthropic’s public statement and media reports.

According to these reports, the directive obligated Anthropic to suspend access to the Fable 5 and Mythos 5 models for any foreign national, whether located inside or outside the United States. While it may have been technically feasible to block users located outside the United States, the requirement to also prevent access by foreign nationals within the United States appears to have led to the complete shutdown.

The shutdown stems from the deemed export doctrine, under which the release of a controlled technology to a foreign national within the United States is treated as an export of that technology to the individual’s country of citizenship. In the absence of a reliable mechanism for verifying users’ citizenship in real time, Anthropic’s only practical means of complying with the directive was to suspend access for all users, including US citizens.

AI Models Classified as Dual-Use Cyber Tools: Significance and Implications

According to Anthropic’s statement, the directive was issued because the models are capable of detecting vulnerabilities in software code, thereby giving them functionalities associated with cybersecurity tools. As a result, the models were classified as dual-use technologies, similar to offensive cybersecurity tools controlled under the Wassenaar Arrangement.

This classification reflects the models’ potential for both defensive and offensive uses. On the one hand, they allow organizations to scan their own code to detect vulnerabilities. On the other, they could potentially be used to exploit vulnerabilities in adversaries’ systems.

This development is not a sudden departure from existing policy. Rather, it represents a consistent US approach, as reflected in Executive Order 14110, issued in October 2023. The Order coined the term “dual-use foundation model” and defined it, inter alia, as a model capable of enabling “powerful offensive cyber operations through automated vulnerability detection and exploitation.”

The Wassenaar Arrangement also includes control over various hardware and software technologies relating to artificial intelligence and cybersecurity, including neural-network hardware and intrusion software. The capabilities attributed to Anthropic’s models appear to fall under the definition of a dual-use foundation model.

The directive also demonstrates that, in the context of technological competition with China, the US government is prepared to act unilaterally and swiftly rather than wait for the slow process of updating international control regimes. In effect, the US government is signaling to the high-tech industry that it will use targeted enforcement measures to prevent strategic technologies – Including AI models with cyber capabilities – from falling into the wrong hands.

More broadly, this move also illustrates the expansion of US export control policy, which thus far has focused primarily on preventing China and other adversaries from gaining access to hardware, software, and AI models.

How Can US Export Laws Create Direct Regulatory Risks for Israeli Companies?

Although the current directive resulted in the complete shutdown of access to Anthropic’s Fable 5 and Mythos 5 models, Anthropic itself noted that comparable capabilities exist in models offered by other AI companies. It is therefore possible that the shutdown represents a temporary, initial measure and that access may later be restored, subject to specific restrictions.

If that occurs, US export control laws – and particularly the doctrine of deemed re-export – may become directly relevant to Israeli companies.

Under this principle, Israeli companies using controlled US technologies may be required to restrict access by employees or entities from countries subject to US export restrictions. Many companies have already encountered this issue, for example, in the context of the US sanctions imposed on Russia.

In practical terms, Israeli companies could, in certain circumstances, face exposure under US export control laws if they allow employees located in Israel who are citizens of restricted jurisdictions to access controlled technologies.

New Trend in AI Regulation

The Anthropic incident is not an isolated regulatory event. Rather, it reflects a new trend in AI regulation and a broad paradigm shift in how advanced AI models are perceived and controlled – as strategic assets that may be subject to export control restrictions.

As AI models become more powerful, more versatile, and more deeply integrated into commercial innovation, regulatory authorities are increasingly likely to view them as dual-use technologies warranting heightened restrictions and even swift and unilateral government intervention.

Even if this remains a unique incident for now, Israeli companies that develop, integrate, or rely on US AI models should recognize that US national security considerations may directly affect the availability of these technologies, the conditions under which they may be used, and the compliance obligations imposed on users.

This emerging reality – where entirely civilian tools may be viewed as posing national security concerns – makes it essential for companies developing and implementing AI systems to adopt comprehensive and proactive risk-management strategies that address both business and regulatory risks, while taking measures to ensure business continuity.

Preparatory Measures to Ensure Business Continuity

Given the current regulatory uncertainty and the potential imposition of similar measures on other AI providers, we recommend that companies consider the following steps:

1. Map risks and manage access controls – Israeli companies that rely on outsourcing, overseas development centers, decentralized teams, or employees holding multiple citizenships may face deemed re-export risks. Such companies should identify employees, subcontractors, and business partners who are not Israeli or US citizens and who may have access to controlled US technologies, including advanced AI models. Clear access policies, citizenship-based filtering, and internal compliance controls should also be implemented to mitigate risk.
2. Create technological redundancy – Companies should avoid reliance on a single AI model provider or a single AI technology. Designing systems that enable rapid migration between commercial vendors or to advanced open-source alternatives is no longer merely a technological consideration but an important strategic and business imperative.
3. Develop an integrated risk-management strategy – Organizations developing or implementing AI models should establish risk-management frameworks that integrate both business and regulatory considerations. This includes assessing alternative technologies, including non-AI solutions, to mitigate regulatory risks.
4. Review service level agreements (SLAs) – Force majeure provisions in agreements with technology providers often protect vendors in the event of a shutdown due to a regulatory directive. Companies should review existing agreements, assess how regulatory risks are allocated, and evaluate their implications for service continuity. Where possible, customers should seek contractual protection mechanisms such as termination rights triggered by material regulatory changes and refund mechanisms for services that cannot be provided.

***

Barnea Jaffa Lande is available to assist in assessing legal exposure, updating commercial agreements, and developing risk-management strategies compatible with the new regulatory reality.

Dr. Avishay Klein is a partner and head of the firm’s Privacy, Cyber and AI Department.

Prof. Amichai Cohen serves as special advisor on international law to the firm.

Dr. Nadine Liv is an associate in the firm’s Privacy, Cyber and AI Department.