You Can’t Export-Control the Future: The Case for Defensive AI
Washington keeps looking for the AI equivalent of a locked vault: control the chips, control the models, control the danger. But artificial intelligence is starting to look less like uranium and more like malware—hard to contain, easy to adapt, and most dangerous where people actually use it.
The White House’s new AI executive order is framed around innovation and security. Its clearest signal, however, is concern about frontier AI capabilities themselves: how they are benchmarked, who gets early access to them, and how their release should be coordinated with the federal government. That focus lands squarely in the middle of a growing debate over whether AI policy should target chips, models, or what Anthropic recently described as the “capability layer”—the environment where models are deployed, monitored, secured, and used.
Recent arguments within parts of the AI-policy community—most notably from Anthropic—have emphasized export controls, compute restrictions, and centralized governance as the primary tools for preserving U.S. leadership in frontier artificial intelligence. The concern is understandable. AI systems are likely to accelerate innovation across strategically important sectors, including semiconductors, cybersecurity, biotechnology, advanced manufacturing, and military systems. Maintaining American leadership in those areas is a legitimate national objective.
Much of the current debate, however, still views the strategic landscape primarily through the lens of chip denial and hardware restrictions. That perspective risks overstating the long-term importance of compute controls, while understating the significance of where AI systems actually meet the world: through cloud services, application programming interfaces (APIs), identity systems, monitoring tools, and security controls.
As models proliferate, open-weight ecosystems mature, and agentic orchestration techniques improve—that is, as systems become better at coordinating multiple tools and models to complete tasks—the core strategic challenge increasingly shifts. The question is less whether adversaries can ever obtain compute and more whether deployed systems can be hardened against misuse, monitored effectively, and integrated into resilient defensive architectures.
In practice, the emerging equilibrium looks far more like cybersecurity or fraud prevention than a traditional nonproliferation regime. Overindexing on the latter risks weakening both American national security and the ability of U.S. firms to remain at the technological frontier.
Put differently, current AI policy discussions too often blur the line between national security and incumbent protection. A sustainable strategy should preserve U.S. ecosystem leadership, focus governance on the places where models are actually accessed and abused, and encourage defensive open-source proliferation. Treating blunt hardware denial as the master key to AI security is unlikely to achieve any of those goals.