The real reason, afaik, that the US is trying to restrict access to SOTA models is that a very large component of USA tailored access injections and surveillance relies on exploits and weaknesses that these models will easily detect. Thus, it really is an export control issue, but it has nothing to do with offensive capabilities. Offensive capabilities always exist, but pervasive defensibility would upset the asymmetric advantage that attackers, especially the USA, currently have.

There are now Asian models coming , optimized and focused on cybersecurity defense at a high level. I suspect export walls will be a relatively moot point soon, because it is in chinas (and everyone else’s) interest to reduce US cyberwarfare dominance

LLMs are not great at creating exploits, but they are really good at detecting them. That asymmetry alone is enough to destroy the “offensive capabilities” narrative. Yes, mythos can find exploitable bugs, even write bench exploits. But real exploits require a good dose of human psychology, and most of the tools needed are off the shelf available anyway. You still need a real cybersecurity expert to effectively weaponize a zero day into a -deployable- exploit. If you don’t think so, just try to get Claude to help you with that. But it will gladly help you secure your systems.

What an LLM can do is inspect payloads, packages, and blobs at scale and find those exploits in a way that was wholly impractical before, so the asymmetric attack advantage is dissolved by strong LLMs.

The USA is trying to protect its cyberwarfare advantage, not protect against attackers. The exact opposite, actually. Porous security is a huge advantage to technologically advanced state actors.