Last Tuesday, Anthropic’s Claude Fable 5 went live as the most powerful model in the world. By Friday it was dark, pulled offline after a private “is-informed” letter from Commerce’s Bureau of Industry and Security restricted foreign access to it, apparently triggered by a jailbreak concern and a phone call from Amazon’s Andy Jassy. An administration that spent two years making fun of the Biden admin for regulatory AI overreach showed they really just caught the AI safety bug.

To make sense of it, we’re joined by Chris McGuire, longtime State Department and White House civil servant who worked AI and chips now at CFR.

We discuss…

• The 5:21 PM letter that took the world’s most powerful model offline in a single day

• Why the ‘let it rip’ admin pivoted to mandatory AI regulation overnight.

• The overseas-subsidiary loophole, the Sunday emergency patch, and the foundry gap still wide open

Listen now on your favorite podcast app.

Live Tuesday, Dark by Friday

Jordan Schneider:

My mayor Muslim

My bagel Jewish.

Fable is fried.

Knicks in five.

Congratulations to the New York Knickerbockers and the city of New York on their first championship in 53 years. And a hearty — perhaps — message of concern for the Trump administration’s Bureau of Industry and Security at Commerce, which has been taking care of America’s lead about as well as De’Aaron Fox took care of the basketball over the past two weeks. To discuss why Trump took Fable offline, what’s going on with chip and AI loopholes, and what this all means for the future of AI development in America and beyond, we’re joined today by native New Yorker and longtime State Department and White House civil servant covering AI, chips, and whatnot. You know him, you love him — Chris McGuire. Welcome back to the show.

Chris McGuire: I’ve been a Knicks fan much longer than I’ve been any of those things, so that’s the most important thing right now. But yeah — at your urging, had to wear the jersey to celebrate. Won’t be taking it off for at least a week, or until it smells.

Jordan Schneider: Just a brief recap. We recorded a ModelTalk episode on Thursday of last week where we were all talking about our Fable impressions — Anthropic’s latest model. Now we have a nice little note when you go to Claude.ai saying Claude Fable 5 is currently unavailable.

Why is that? Still sort of unclear, but the facts we know: at some point on Thursday, Andy Jassy gets on the phone with someone in the Trump administration and says, hey, there’s something fishy about this whole Claude model. We found some jailbreaks which can do something. There was some sort of communication between Anthropic and various corners of the Trump administration. And then at 5:21, we get a new export control — and I hand over the reins of this narration to Chris. So what did Commerce put out, and what were the implications?

Chris McGuire: Yeah, so there was an is-informed letter — some of the details are still not publicly reported, but basically it was a private letter sent to Anthropic that one way or another regulated the export of the model, the remote access of the model, or the ability to access the model via an API from other countries, or from foreign nationals inside the United States. The Commerce Department has regulated the export of models before, in the Biden administration. The Trump administration actually, interestingly, is not enforcing those particular export controls, but has now introduced these. The authority to regulate foreign persons is called a deemed export control. In the Biden administration we actually generally exempted most of the emerging tech controls from deemed export controls, because of concerns over how it would impact business in the United States. But you can say that a foreign national inside the United States requires a license to receive a good that is controlled for export outside the United States. And then it’s a little unclear how all this fits together in a way that actually regulates API access. There are probably ways you could do it, but without seeing the letter, it’s a little hard to tell.

The net result is that it was illegal to export the model, or use the model, by any foreigner — either outside or inside the United States — which obviously made it very hard to serve the model even in the United States, because you’d have to verify who end users were. Presumably they’re actually probably employees at Anthropic who are foreign nationals, who all of a sudden are restricted from accessing the model that they work on. So this obviously put the use of it to a stop. And now it seems like there are discussions going on today to try to resolve this.

Jordan Schneider: So first off — is Andy Jassy the Jeremy Sochan of this story? Jeremy Sochan, of course, drafted by the Spurs, worked there for three years, got cut, shows up to the Knicks and wins a championship by spilling all of their internal workings and secrets.

Chris McGuire: I don’t know what the motivation is. It’ll be interesting to see, on the Knicks side, how much of a behind-the-scenes role Sochan played in the championship, and how much we had all the intel due to a crafty signing mid-year. Underreported part of the series.

Jordan Schneider: Or did the Knicks get access to Mythos during the Glasswing window, use it to hack Wemby’s email, get all the dirt on him in order to whisper disturbing things while he was taking free throws? All right, we’ll stop with this. Sorry.

Chris McGuire: Wouldn’t be the first time a sports team hacked another one for competitive advantage. But yeah, I don’t think it happened here.

Jordan Schneider: So clearly there’s an overlay of bad blood, or at least no love lost, between this administration and Anthropic. But the more remarkable piece of this story from my perspective: you had this administration talking for two years about how they wanted capitalism to run free, that AI shouldn’t be regulated, that this was important to American development and leadership, and that those safety nicks in the Biden administration were really overreacting. And then you go from that to an executive order which was going to be not all that tight — watered down even more when it came out two weeks ago — to all of a sudden, over the course of apparently 24 hours, deciding that the most powerful model in the world, which is an instantiation of America’s lead over the rest of the world, needs to no longer have access. So, Chris, I’m curious for your reflections on that arc, and maybe what it tells you about the future of AI policymaking.

The Sea Change

Chris McGuire: The particulars of this individual incident aside, the administration very clearly has fundamentally changed its policy on AI over the last few months. I think the Mythos release really did cause a sea change in Washington on AI policy. The policy has not been “let the private sector rip” for four months or so. I think you saw the culmination of that in the AI executive order, which put forward a voluntary safety regime — but ultimately it’s obviously kind of mandatory. I think this basically shows that it’s mandatory. So it’s logical. This is a real problem, and the administration is realizing that AI regulation, and the very powerful capabilities these models have, requires regulation. To the administration’s credit, they’ve recognized that and pivoted, at least in a broad philosophical sense. They haven’t pivoted all elements of their policy, and they’re also moving in ways that are very reactive and fairly chaotic.

What’s clearly needed is a policy that’s not just reactive — where there’s a framework set out of, here’s the expectations, here’s how we regulate things domestically, here’s how we regulate them internationally, here’s what people can and can’t do. And it has a degree of durability. I say a degree, because this is regulating at the frontier and it’s hard. We did this in the Biden administration, and there were degrees to which we’d have to update the controls, and then business would yell at us and say, well, this isn’t predictable. And we’d say, we’re doing our best — we’re trying to create as predictable an environment as we can while responding to national security risks. But we did have some degree of a framework out there. The Trump administration needs to do that. They need to be clear about what is and isn’t allowable domestically. There are apparently some standards in the AI EO for how they’d do model evaluation, but they’re classified — probably helpful if those were public. But regardless, you could work with it. There aren’t that many companies.

You also need a corresponding international strategy, of which I think we have none. How are you going to ensure AI infrastructure globally is safe? How are you going to make sure that other countries, when they start making this level of capability — which they will, very soon — are not used against us in the ways the administration is correctly worried that people could inadvertently use current-generation models against us too? There needs to be a comprehensive strategy. We’re just not seeing that. And I feel like that’s a trope in Washington — “we just need a strategy” is what everyone says to anything, so I almost hesitate to say it. But export controls in particular are a powerful, useful tool. A tool that can ensure technology is given to the people you want it given to, and create a kind of international nonproliferation regime to a degree. But instead we have this insane situation where right now Canadians are prevented from accessing these US models, but meanwhile the chips that make the models are free to be sent to China because of loopholes the administration created.

So look, I hope the administration recognizes that AI regulation holistically is important, and that this is an indicator export controls are an important and powerful tool. I hope we actually start moving toward a smart export-control strategy, while also having a domestic regulatory strategy that’s logical and predictable — with good relationships between the companies and the government, where it doesn’t make people feel like the $700 billion in CapEx the hyperscalers are spending is pointless. You do need to make people feel like that investment is going to pay off. But I’m concerned that this chaotic environment right now — even though these are real policy problems the administration is trying to address around fast-evolving national security risks — it’s doing it in a pretty ad hoc way, and the risks of that are tremendous.

Popping the Bubble

Jordan Schneider: Let’s talk about some of those risks. You mentioned it — popping the AI bubble. Stocks are up today because the Iran war ostensibly ended. But if we end up in a situation where models can’t get any better than they are as of — I mean, not even June 2026, but say March 2026 — a lot of that CapEx is kind of for naught, because baked into everyone’s projections is that the models keep having increasing levels of economic utility. So clearly I don’t think that’s what they’re aiming at here. And I, for one, have some lodestar of: even with this action, Trump not wanting to put on a regulatory system that ends up appreciably squeezing American GDP growth. But having models not get any better in America, or significant uncertainty that models can improve at whatever rate the technology would allow over the next few years — that would be a real problem to this entire buildout. All right, let’s go back and forth. What’s your risk of this going wrong?

Chris McGuire: No, that’s exactly right. There are three companies right now relevant in the frontier space. It’s good that we have some competition — it’s not a ton. There’s a real question of how much the market can bear if one of them, two of them, certainly all three of them, are told: sorry, you just can’t release anything more capable. Or even not that — because presumably the government does want to work this out. But if the perception from industry is that there’s no way to release a model without being subject to some kind of insane draconian measure in response, then very rapidly, without an effort to work it out, that causes cascading effects. At what point does that create actual business investment problems? I don’t know.

Some of this might just be — there’s deep personal animosity here between the government and the company. So maybe this just isn’t something that would ever happen with OpenAI or Google. But there are real national security risks here, and there are going to be issues where, whether or not this one was or not, the government has to work with a company to rapidly fix problems, and they need to find ways to collaboratively do it together. Just saying “nope, sorry, we’re going to impose completely draconian controls that shut down the company very quickly” — I mean, if the company was actually acting in a way that was very actively hostile, then obviously yes, that’s warranted. But if it’s not, then it’s really in everyone’s interest to work together to resolve this as quickly as possible, because otherwise the spillover effects are going to be really big. And I’ll bet all the other companies are thinking: well, what if this does happen to us? If we create a model that’s as powerful and as concerning, are we just inevitably going to get hit with an is-informed letter once someone finds some issue somewhere, sometime? It’s a hard dilemma.

You Did Your Homework the Night Before

Chris McGuire: Another angle of this that hasn’t really been explored. There’s the issue of export controls on China and other countries, and whether we should do that for its own purpose — obviously I think we should, and we should be trying to hold them back. But part of the reason this really shows why you want to be holding them back is that domestic regulation is hard. I’ll acknowledge this is a difficult problem, and saying all the administration needs to do is develop a comprehensive AI regulatory regime is kind of unfair and overly simplistic, because this is a really, really difficult thing. Building it in a way that’s smart and robust but predictable — look, in the Biden administration we spent a year talking about the AI diffusion rule. And that’s just one element of the problem. That’s just the international element.

So the point is: you actually want to have a really big lead over China, because you’re going to need time to figure this stuff out. And if you misfire on some of the regulatory measures, it will slow you down. You want the time to be deliberative, to think about it, to come up with the best structured regime that’s actually going to work — and not blow the lead to China. The farther ahead you are, the more you’re able to do that. But if we’re neck-and-neck because we’re actually not doing anything on international controls, you’re going to be forced into the environment we’re in now, where you have this ad hoc, chaotic regulatory regime. It’s going to produce worse regulations, more incidents like this, a spillover impact on business and investment, and ultimately be worse for everyone. So having that time actually creates the more predictable environment and the better regulations at home. That’s one of the key underlying points of all the controls, and it’s a sympathetic point to the government, because this is really difficult. But you need to give yourself time. If you don’t, then you’re also at fault — you did all your homework the night before and your paper was mediocre. Maybe you shouldn’t have started the night before. Give yourself actual time to do a good job.

Jordan Schneider: There is an aspect of this where I’ll give some grace to the administration. You know what a fighter jet can do years before you decide who to sell it to — range, speed, EW system, missiles. But whatever red-teaming 10 or 100 or 1,000 people can do to a model, it’s an entirely different beast once you widen the circle of people with access. So my question is: is the challenge Anthropic is facing — not letting actors improve their AI or generate hacks from creative prompting — ultimately stable and fixable, like Google had in the early days of image generation when people were making those black Nazis? Or is there something deeply structural that more time and research can’t fix, where if you give these powerful models a wide enough access surface, folks are going to be able to do basically whatever they want? It feels like the former. I don’t know.

Chris McGuire: I think it’s the former. It’s a fair question, and one we need to carefully think about. We’ve gotten better over time — it’s harder to jailbreak models now than it was a year or two ago. That seems to indicate this is something we can continually improve on, especially with advances in AI. Will it ever be a completely zeroed-out risk? That’s a little hard to say. But you can certainly get the risk very, very low. And that’s an area where good collaboration between industry and government would be really helpful. If you have the NSA and CISA really doing robust stress tests in cooperation with industry on the models, to make sure they’re as jailbreak-proof as possible — that is good. And then if something else comes up, you work immediately to correct it.

As long as you can get it to a very low level, I feel like we have reason to believe that’s possible. There are technical people who could have more robust thoughts on that than me. But the alternative is that we either live with some crazy risk or just stop development — which also isn’t going to work, because eventually other people are going to get to that level too. So you want to invest in that R&D to make this better. But you have to really incentivize it, and you have to be collaborative.

Less Than Two Weeks of Brunson’s Time

Jordan Schneider: I was just thinking — the Knicks and their coach. This profession, right? You’re pulling from a hundred million people who’ve dribbled a basketball in their life, and there’s such an effective professional winnowing process that the top folks are compensated extraordinarily well for really remarkable elite performance. And then we have CISA, which — look, no disrespect — but your budget is less than two weeks of Jalen Brunson’s time. There’s something not right with it. It’s a big deal.

Chris McGuire: It’s like the Landry Shamet, right? CISA’s on a non-guaranteed contract right now, coming into training camp, and then they’re just hitting three after three after three. Maybe this guy should actually get paid.

Jordan Schneider: Or just not get their top hire fired because their former employer is in the doghouse or something. Anyways. In parallel to this, we started seeing all these blog posts about RSI — recursive self-improvement — and models that have powerful cyber capabilities. Something the world has been seeing on the horizon for, I don’t know, a decade — at least very acutely two or three years. And the Mythos thing in particular, we had four months to process. So I am — I don’t know. I spent a while not believing in this stuff, but the capacity for the American regulatory system to keep up with something moving even faster than what we’ve seen — because basically the regulation hasn’t mattered, really, until Mythos. And now all of a sudden it does. And if the circle of things it starts mattering for continues to expand, even doing the one-off stuff we’re going to see now — I’m getting more pessimistic, Chris, that we’re going to be able to handle this and get through.

Chris McGuire: There are technical questions here that you and I don’t have the robust answers to — like, how problematic was this particular incident? I don’t know, and that’s important. Regardless, even if it’s not problematic, the government and the company should work to resolve even minor things. But it does matter for: okay, is this something that needed an immediate fix within half a day, or something where there could have been a little more time to discuss things? I don’t know. And that matters for the future of this — how prevalent are critical jailbreaks? Which is kind of the key question. If you can get them to a point where they’re not super prevalent, then regulation seems pretty possible. But it has to be collaborative.

It does require all the companies making models of that capability level to be both within the jurisdiction of the US government and to have a good collaborative relationship with it. That is the case for largely the American companies. It’s certainly not the case for anyone developing models outside the US. It’s not the case for Chinese companies. I think this also begs really big questions for what open-source policy will be. If you’re taking this incident at face value, I don’t see how you could possibly permit an open-source Mythos under the way the administration has approached the problem. So what does that mean? Does open source just get told to stop in eight months or whenever it catches up to Mythos? Let’s say they’re a year behind, so around eight months. Maybe that’s what happens. This has, to a degree, been a problem we’ve seen coming for a long time.

If you actually have a big enough regime, where you can make sure the US companies are pretty far ahead — you’re never going to be able to control everyone outside, but if they’re delayed a long time behind the US companies, and you have predictable measures and good relationships between the companies and the government to iron out things quickly whenever they happen — that might actually be pretty good. A lot of this is going to rely on AI actually getting better at fixing the problems. We’re seeing that with RSI too: AI is getting better at making AI, and it’s also going to get better at preventing jailbreaks. So there is a path here to a world that is relatively safe and extremely prosperous and very good for America — but it requires a lot of smart regulatory steps on the domestic and international side to work. And we’re seeing the pitfalls of what happens if you don’t have that. It’s pretty scary.

Whose Wealth Is It

Jordan Schneider: I’m almost thinking more broadly. What other sections of society are going to need their own Project Glasswing, where you get all the adult players to really get on their shit six months, nine months before this stuff is released? For all the hacks we see of corporate America, I have a decent amount of faith in the CISOs of Amazon and Google and Microsoft and financial institutions to use that time wisely. But if we start looking at different corners of society that aren’t as well capitalized, that don’t have as much technical talent — where the earth-shaking impacts of what a new model could bring over the next two years — that breathing time where the good guys have access but malicious actors, be they states or criminals, just can’t outrun whatever’s on the open market from a closed or open model perspective. It just freaks me out a little bit, Chris.

Chris McGuire: You’re going to have to have some normative changes. We’re just going to have to be in a more security-prioritized culture. There’s going to have to be an expectation that basically any product that ships, that consumers use, has gone through some degree of AI-enabled cyber-defensive testing or upgrading — because otherwise you’re just going to be smoked running out of the door. But if you do that and you have that kind of big lead, I actually think in the cyber sense we can get to a place where you almost flip the offense-defense dynamic in cyber. Outside of cyber, I get a lot more concerned.

Jordan Schneider: It’s not just the cyber, though. If you’re expanding the circle to the bio stuff and whatever comes next — yeah.

Chris McGuire: If we do it well, we can address it and actually have really good defensive systems and almost get an advantage. But the problem is you can’t deploy AI-based biodefenses as rapidly as you can AI-based cyber defenses, because those are physical things you’re going to have to get out there. So that’s where we’re just going to have big problems.

Jordan Schneider: Or if there are just models that get good enough to put entire towns out of work because they’ve completely — I know these CEOs, they keep talking about, we want to create more jobs, not eliminate them. But there’s real prospect for radical economic disruption. Even if it’s not the entire economy shutting down, there are presumably corners where ten people can spin up companies that do the job of ten, a hundred, five hundred thousand actuaries. Take your pick.

Chris McGuire: It’s not just the AI labs saying this. Jamie Dimon said anyone who doesn’t think AI is going to cause job loss has got to get their head out of the sand. It’s a lot of people who are following it. Obviously there’s a segment who maybe don’t believe it, or want to push the narrative that it won’t cause job loss because — until the music stops, you keep going as long as possible. But it clearly will. The question is the magnitude, and I don’t think we totally know, and when it will happen. But the idea that it won’t at all is crazy. I think that’s why you’re seeing this be a more bipartisan issue on Capitol Hill. Representatives who are maybe not the most keenly aware on technology issues — when there’s a prospect of massive job loss in their districts, all of them get very keenly aware very quickly. That’s why you’re starting to see AI regulation as something both parties recognize is necessary, because no one wants to be the guy supporting the “let the private sector rip” policy that then replaced entire towns in their district. Maybe that’s just perverse political incentives, but regardless, that’s how it’s being viewed now.

Jordan Schneider: And on the other side of getting the data center built in your town — Saline, Michigan, OpenAI very proudly announced, was getting a $10 million refurbishment of their rec center. Just some peanuts for the masses. Those swimming classes will help you stay out of the underclass.

Chris McGuire: But this is where the federal government should step in. This is where — we don’t want it to stop data centers, in my opinion. That would cause all sorts of — we’d lose our lead, blah blah blah. But we actually need a solution to help the people impacted by this. And the good news, the silver lining, is that regardless of exactly what happens, this technology is going to create very large amounts of wealth. The question is who it’s going to create it for. Is it going to be for three to five people, or for everyone in the country? If it weren’t creating wealth, we wouldn’t even have a path here. But it is.

Jordan Schneider: And relying on corporate largesse and Dario blog posts saying, yeah, we’re really concerned about a future post-economic America and we’re going to try to keep our janitors employed even after we turn them into robots — that’s not necessarily — no, this is a job for legislators, not for CEOs to figure out. You mentioned the Chinese models. DeepSeek put out a press report saying cutting-edge intelligence should belong to not only a few and should not be withdrawn at any time — it should be open, available, extensible, and built to serve every developer. I don’t doubt that the DeepSeek CEO believes this. But I’d also be shocked if, when Mythos-level capabilities start coming out of these Chinese labs, Beijing feels similarly about anyone and their mother having access to them.

Model Access Is the Real Game

Chris McGuire: I also think — we’re having all these conversations about chips in China, which I find frustrating, because this is a debate that was largely settled in 2022 and we’re relitigating it. What that’s doing is taking the oxygen out of some of the more interesting debates people are realizing now need to be addressed. One of them is model access. I actually do think that restrictions on model access are necessary, and probably are necessary right now. The reason the RSI loop is closing is that the models are getting really good at R&D. So you probably don’t want the Chinese AI labs able to use the US AI models to do their R&D — which is what they’re doing. Our labs use their own models to expedite their R&D; Chinese labs use US models to expedite theirs. So we probably should be talking about model access restrictions on China, and on Chinese companies around the world. We have to think about how to do that in a way that’s smart and targeted and isn’t just draconian — resulting in the model going away, which doesn’t achieve the intended effect. But the premise is something that, from a national security threat, we should be thinking about more. We’re only focused on American companies, not our adversarial companies.

Jordan Schneider: Can we talk about — if I’m a Canadian policymaker, a European policymaker, a Japanese policymaker, and I see this happening — they were already sweating about the access they got to Mythos, and then to see this cut off. The irony is there isn’t really another option for them. These companies are not going to — no disrespect to Wemby Mistral over there, but I just don’t think it’s going to get it done. So you’re either stuck being a taker when it comes to American models, or just waiting for China to deliver you something which, as Chris and I both believe, may end up starting to close down once they get powerful enough. How do you see this playing out in other capitals, and to what extent does it actually matter?

Chris McGuire: They definitely should be nervous. The fact that the administration imposed controls on all of our allies would inherently make them nervous. Even this particular situation aside, we are probably moving toward a tiered system of model release in general. I imagine the government and tier-one US companies will be at the top of that list, and then you go down from there — tier-two companies, then maybe close allies. I kind of think that’s how this is going to inevitably play out. That’s basically how every other technology works — that’s how all the most advanced weapons technologies work too. So that isn’t necessarily unusual. We’ve been very slow to build a regime around this. You started to see at the end of the Biden administration some efforts on global infrastructure, putting some restrictions on chips on most countries other than, say, the eighteen.

The fact that that got pulled down was very lucky for allies, but also completely out of sorts with the Trump administration, which generally speaking has been looking to extract leverage over allies and squeeze them. It’s very strange that the one area where they decided to give allies everything they want was in AI — which is nominally the most important area of the future of technology, economy, and military. But inevitably we’re going to be moving toward a more restricted world in models and infrastructure. The next question you asked is how much it matters. It certainly matters for them.

Jordan Schneider: I guess from a US-China perspective — how much does it matter if France gets its —

Chris McGuire: For both of them — allies don’t have a real recourse to this. And it’s still pretty good to be in the US ecosystem, even if you don’t have tier-one-A access. It’s still going to be far more beneficial than being in the Chinese ecosystem, and I think we should make sure of that. You want to make sure no one’s incentivized to actually move to the Chinese ecosystem. But I don’t see allies working with China to build an alternate semiconductor supply chain, an alternate AI model supply chain — all of which is going to be full of Chinese propaganda and ultimately used to undermine them. The US is very dominant in this area, and I think it’s hard for allies to accept that. But it’s true, and there are ways that can manifest in collaborative ways, even if it doesn’t mean we’re sharing everything freely. For most things we don’t share absolutely everything freely, and still it’s far more beneficial to be in our orbit than in Russia’s or China’s. It’s going to be the same way with AI.

Jordan Schneider: Like most things, right? This is a giant commercial technology, as well as the frame Dario likes of nuclear power — nuclear-bomb adjacent. So we’re ending up in some awkward new middle, somewhere between nuclear power and electricity. Insofar as this doesn’t slow down or get completely commoditized, then yeah — that awkward ITAR-but-way-higher-stakes regime, hopefully tuned to keep the rest of the world happy and playing with American models and hyperscalers, while not so frustrated they go looking for another answer from the PRC. Coming back to the beginning: look, I want Jalen Brunson on the case with this, not some bench players. It’s going to be really hard to balance all of that as the sand shifts under you, these technologies developing in a way you can’t predict even six or twelve months out.

Chris McGuire: The only thing you can really predict is that you’re going to have a big lead, and a larger lead is going to be more important in a year than it is now. This is only going up in capability, importance, and complexity. So the value of taking actions to improve security and improve your lead really compounds over time. And we’re paying the price for that now. We’re paying the price for inaction over the last year and a half largely, because now we have very powerful capabilities, no regulations, a chaotic environment, and we’re scrambling to catch up — and meanwhile our adversaries are still freely using our own technology. But there’s also no better time to start fixing all those things than now, because all these problems are going to be twice as hard four months from now.

The Sunday Letter

Jordan Schneider: The motivational Chris McGuire here. So we had the Friday afternoon Anthropic/BIS letter. And I guess it was two weeks before that we had a Sunday letter from BIS trying to close a loophole. Why don’t you give us the context on that and where we stand currently?

Chris McGuire: This is a massive story. The fact that there’s been an export-control story that has leapfrogged this one in a period of twelve days is remarkable, but such are the times we’re in. So effectively, there’s an emergency guidance that was issued two weeks ago by BIS to state that Chinese subsidiaries of Chinese companies located outside of China were not allowed to buy controlled AI chips. The reason they had to issue this guidance is that a loophole had been created by Commerce that was seemingly permitting these orders. China’s been banned from receiving AI chips since 2022; since 2023 that’s been extended to Chinese companies operating anywhere in the world. So obviously, if you’re going to ban them to Tencent, then you don’t want to allow Tencent to buy them with their Malaysian subsidiary. Pretty logical.

But basically what happened — without going into too much of the regulatory gory details — is that in the AI diffusion rule, the Biden administration replaced the explicit part of the regulation that captured Chinese-headquartered companies operating overseas. It replaced that with a global license requirement that applied to anyone, everywhere, for AI chip orders. There were then some exceptions and exemptions. But as a matter of regulatory housekeeping, it struck the provision that captured chip exports to China-headquartered companies, because it was redundant — the global control now captured that. So you didn’t need two different parts of the regulation doing the same thing.

The Trump administration said they were not enforcing the global license requirement. They said they were going to replace the rule. That was over a year ago. They still haven’t. As a result — talking with people in industry, I can attest to this — eventually companies started to say, okay, we’re just going to take the law literally, because if you look at the regulations, there’s not an explicit prohibition against sending to Chinese-headquartered companies overseas. Which means they could receive Blackwell chips, or even forthcoming Rubin chips, without a license. That’s a huge problem. It effectively neuters all of export controls. There was actually a second part to this that meant they could also make chips at TSMC or Samsung without a license. So we were in a very bad situation. I don’t know exactly who took advantage of this or in what magnitude — that information is still yet to be revealed. But what I do know is companies were telling people this was a legally permissible route to take. And there are a lot of rumors that some things were shipped pursuant to this loophole. So Commerce closed this two weeks ago and said, no, you can’t actually ship to Chinese-headquartered companies.

Jordan Schneider: Wait, Chris, let’s stay here. What does the fact that it comes out on a Sunday tell you?

Chris McGuire: That this was a huge problem. BIS doesn’t issue guidance a lot. They issue guidance on Sundays almost never. Obviously it was never the administration’s intention to allow these shipments. The president’s been very clear — no Blackwells. Even the president has this tax system, where — say what you will about the policy to export chips to China, obviously I’m a big critic of it, but there was a system set up to —

Jordan Schneider: At least get our 25%!

Chris McGuire: Right. A system built to set up revenue for it. And this is a way to circumvent that. This in no way is something the administration intended. But the fact that it was happening shows it was a real problem that had to be — once it was brought to the administration’s attention, I think they moved to close it right away. Generally speaking, though, this shows that the way export controls have been administered has been incoherent, and it’s not something that’s really been prioritized. The fact that you could create a loophole that would allow this kind of fundamental undermining of the entire regime, because you said you were not enforcing a rule that then had this cascading effect — it’s crazy. If you look at US export controls, the regulations still say there’s a global license requirement for AI chips everywhere. The AI diffusion rule is still on the books. The administration says they’re not enforcing that. But then if you’re like, okay, what is the policy? — you’d actually have to go hire a law firm to tell you exactly what is and isn’t. Because you can’t even go back to a previous version of the regulations. The diffusion rule didn’t just stick one rule into the regs — it modified things throughout. So when you say “we’re not enforcing,” which provisions are you enforcing, which aren’t you? No layperson could possibly understand that.

So you have this crazy situation where it’s impossible to tell what the export-control regs are, and it’s not surprising that companies find ways to work around them. Regardless of where you are on policy, it’s patently unacceptable for the Department of Commerce’s regulations, for over a year, to not actually reflect the administration’s policy. Just decide what your policy is, and make the regulations reflect that. They actually still reflect the Biden administration policies that the administration said it wouldn’t enforce. So this is what happens. You need to actually take this seriously. And this current episode shows that export controls are super relevant and need to be taken seriously — and the administration just hasn’t been doing that.

Jordan Schneider: When they first said “we’re not enforcing this rule,” I assumed that meant a week later we’d get a new rule. And here we are, reaping what we sow from just not doing anything, or not being able to agree on a thing. And the irony of all this is they’re so worried about doing something that would lead to a new escalation with China — the directive from the top is clearly, don’t do anything that would change the balance we reached as of October of last year. Fair. But that means you don’t go backwards for no reason. This wasn’t part of a grand bargain where, okay, now they’re going to give us a trillion dollars of investment. It was just a bureaucratic screwup that they clearly clued onto on a Friday afternoon and then had to spend the weekend dealing with. The other question is: how many chips had to get sent before they realized this was a problem? How much tape-out happened at TSMC for Huawei or whoever?

Chris McGuire: They wouldn’t know — because there’s no licenses required. No license required is even worse than approving licenses, because the companies didn’t even have to tell the government how much they were shipping or what they were doing. It’s a bad situation. And these controls weren’t even China controls — they were controls on third countries. This is why it’s so perplexing to me that there aren’t more efforts to crack down on these. The China regime is largely in place. But the problem is Chinese smuggling is enabled through third countries. So the solution was mostly to make sure there are license requirements on large numbers of third countries to limit that. That’s very clearly necessary now, and it’s not within the realm of the broader US-China détente. If we’re saying we’re going to impose a license requirement on Malaysia or Singapore because obviously a preposterous number of GPUs are going there illegally to China — China can’t really complain about that. They know they’re illegally smuggling chips through these countries. We’re just preventing this obviously illicit behavior. That would diplomatically be achievable.

I think the reason these haven’t been closed is that this whole issue set has been deprioritized and ignored. But as a result, the situation has degraded much farther than people think, because we’re actually allowing completely open-spigot sales of the most advanced chips to Chinese companies. I should also note there’s one element that hasn’t been fixed. In conjunction with the AI diffusion rule, separately, there was a rule called the foundry due diligence rule, which said anyone sending an AI chip design — or any 14-nanometer chip design — to TSMC has to confirm it’s not an AI chip, through a few ways they could do that, or get a license. Not that many companies are sending really advanced designs to TSMC, so that rule has a whitelist of companies that are all permitted. It’s necessary to prevent third-country cutouts from making chips at TSMC, which we also know China did. Huawei got cut off, but then you can get a cutout in Singapore or Malaysia to send a chip design to TSMC and route through there.

This is actually still permissible. The Chinese company itself cannot send — that’s now restricted since Sunday — but the cutout can. So you get some random company in Malaysia, not Tencent Inc., that can send a chip design to TSMC for a Blackwell-level chip, and TSMC can, unless they have very clear knowledge it’s a Chinese company — which generally, no company imposes really strong enforcement measures on. That’s the lesson we learned. I’m not singling out any company, but in theory they could do that. The whole point of this was to cut down on that, and that loophole was not closed by the guidance. The administration is still not enforcing that rule. We’ll see if they do. I really hope they do, because — I understand the administration wants to do their own thing on the diffusion rule, that’s fine. But they never said they were not enforcing the foundry due diligence rule. The net effect of their actions has been not enforcing it. And absent additional guidance, it will continue to have no practical effect.

Congress Picks Up the Slack

Jordan Schneider: Let’s close on the congressional response to the Trump administration’s — can we even say hot-and-cold? — relationship to semiconductor export control policy. What have you seen bubbling up from the House and Senate, and what’s interesting about it?

Chris McGuire: There’s a ton of movement on a lot of bills, really granular and in the weeds. These are bipartisan bills, but the Republican-controlled House Foreign Affairs Committee has passed eighteen export control bills out of markup in the last couple months — the biggest swath of export control bills ever. There’s a big push to get a bunch of them in the National Defense Authorization Act at the end of this year. The biggest ones are probably the MATCH Act and the AI Overwatch Act. The MATCH Act would be focused on equipment controls and would force the administration to negotiate or impose equivalent controls on allies as they have on us — which would cut off most or all DUV shipments to China and a few other places where allies don’t have the same level of control as we do. The whole point isn’t to impose more controls on US companies, but to make sure allied governments are doing the same as us on control level. Also on servicing and maintenance. The Netherlands and Japan are still allowed to ship items to SMIC South, whereas US companies are completely out. They can also ship relatively advanced things like some DUV machines to basically all fabs in China except a handful. So there’s a lot of advanced allied equipment going to China, and some going to the most concerning facilities — and this would basically stop all that.

The other is AI Overwatch, which would look at GPU exports and basically ban Blackwell exports to China. There are different versions in the House and Senate with different provisions, but it’s building off the GAIN AI Act that almost passed in the NDAA last year — it was in the Senate version, one of the last items being negotiated. That would have said basically a right of first refusal for US customers over Chinese customers for AI chips, which in effect would have been a ban, because demand in the US is far more than the supply. This would just be a straight-up restriction, at least for the next few years, on Blackwell or more advanced chips. So you’re seeing a real push from Congress. I do think there’s going to be some export control bills in the NDAA — this is getting so much attention, and there are so many serious policymakers on both sides getting behind these things. The question is whether it’s some kind of token nod with one of the smaller bills, or one of the bigger ones. There are a few others — the Remote Access Security Act, the Chip Security Act — which would have real impacts but less so than those two. And a slew of smaller, important but more minor ones. That’s the state of play.

Jordan Schneider: The most interesting bit for me here: on US-China economic and tech policy, we’re at a bit of a stalemate, where the Trump administration is scared anything they impose triggers rare earths and hits the US ecosystem. But the dynamic is different when it comes from Congress — this is a great American tradition, hawks in Congress. You saw it in the Carter era with Jackson-Vanik, more recently in Obama-era Iran sanctions. Having it come from Congress changes the dynamic for the executive when they’re doing their bilateral negotiation, because then they get to say, look, our hands are being forced here. The NDAA is not something we’re going to go veto on behalf of China to keep you guys having access. The Biden administration was very anxious about upsetting the Japanese and Dutch and South Koreans. But that changes when it’s the House and Senate doing the squeezing. So it’s interesting to see to what extent that dynamic plays out, where more of the China-hawk stuff comes out of Congress for the remainder of the Trump administration rather than the White House.

Chris McGuire: That is certainly how it’s playing out. It’s why — I’ve heard the Chinese government is lobbying really heavily against the MATCH Act, because they’re concerned about it, which is all the more reason it should go through. The administration could strategically use this. They don’t have to go out and actively, proudly declare their support for MATCH or Overwatch, but they could just quietly let it go forward, give a wink and a nod, and then when it signs, say to China: sorry, our hands are tied — exactly like you said. That’s a totally viable approach, something many administrations have done over the course of history, that would create more negotiating space. But it’s not clear if and how they’ll do it.

The big concern I still have is the approach the administration is taking on export controls. On AI generally, they’re moving at least in a direction that’s directionally correct — toward “this is a serious thing that needs to be taken seriously, it’s big, it’s moving fast, we have to have the adults running it.” There’ve been a lot of missteps, but that’s the general direction of travel, and some good things too. But the fact that the only export-control-related action they’ve taken on AI is this extremely draconian one against an American company says there are some institutional issues on how export controls are being run — at the same time as, two weeks earlier, this unbelievable loophole was created because of an export-enforcement screwup. There’s a big disconnect between how it’s thinking about and applying export controls and how it’s thinking about and applying AI policy. And that’s really problematic, because export controls are so important to AI policy — as the administration discovered over the weekend. We need to fix this, because it’s not working right now.

Jordan Schneider: Maybe you’re too nice to say it, so I will. Lutnick — we’ve currently got him in the prediction markets at like 50% to leave by the end of this year. At the beginning of the administration, Kessler was a pick a lot of people were excited about, because — this was in the context of Matt Gaetz, right? — here’s this lawyer who’s worked adjacent to this stuff and has a totally normal, functional resume you’d see appointed in a Romney administration or whatever. And now the ineffective policymaking is one thing, probably true from a cabinet level on down. But the loophole is just serious bureaucratic malpractice — which isn’t something you can chalk up to Xi-Trump dynamics or managing the broader relationship. It’s just a giant screwup that human beings are responsible for not being on their shit about.

Chris McGuire: And the question is how much it was exploited. I don’t know — but Congress should subpoena all the OEMs and ODMs and figure out who actually shipped. To be clear, Nvidia and AMD almost certainly didn’t ship through the loophole, because for various bureaucratic quirks they were separately restricted by a separate letter. But all the server makers, who are actually the people who ship to the data centers — Supermicro, Dell, ASUS, Gigabyte — all those companies theoretically were unrestricted. I don’t know if any of them did or not. But Congress should subpoena all of them and see what their logs were, who they shipped to, and if any shipped directly to Chinese subsidiaries. We’ve got to get to the bottom of this.

But also, we just need competent enforcement and controls. The Bureau of Industry and Security has not issued a single technology-based control on China since the start of the administration. There’s only one countrywide control on China they’ve put in effect for the duration of this administration — the affiliates rule — which got taken down in conjunction with the rare earth controls. So there have been no countrywide measures on China, and nothing on the broader AI set at all. Keep in mind, the Biden administration actually controlled model weights in AI diffusion, partly because we saw this was something we’d have to think about — the spread of these overseas. The Trump administration is de facto controlling model weights very clearly — Mythos cannot be exported overseas. Even before this letter, there was a tacit agreement about who it could be exported to. Scott Bessent was personally negotiating with Japanese banks over which ones could get access. Okay, fine — it’s basically de facto export control. So let’s put an actual export control on the books, so people can see what’s regulated and what’s not. Everything’s been done via these private letters. Which means most companies don’t know that — those companies are restricted, but most companies who don’t receive those letters are not restricted, and also have no reason to know what the regulations are. That’s how you get big screwups like the subsidiaries loophole, because it was actually completely valid for all these companies to ship to Chinese entities, especially after a year where they said they were going to replace the rule and then didn’t.

So — I’ll say this for the umpteenth time — we really need to take this very important issue set seriously. Maybe this weekend is the opening move on export controls, where now we’re doing AI export controls. Okay, we’re back. Wish it was on Chinese companies and not on American companies, but okay. There’s one element of this that’s good. Now let’s vector it in the right direction and actually use this very powerful tool to support US companies and hurt our adversaries.

Jordan Schneider: All right, I’ll send it there. Chris, congratulations again — thanks so much.

Chris McGuire: Congratulations to you too. We both deserve congratulations, I think.