Key Takeaways
- Export controls target the training phase: restrict compute hardware, prevent capability development. But DeepSeek proves this approach has a ceiling.
- Glasswing targets the deployment phase: Mythos exists; governance controls who gets access and for what purpose. This is a fundamentally different control layer.
- DeepSeek V3.2's reasoning parity (10x efficiency gain) proves algorithmic innovation can partially overcome hardware constraints, eroding export control effectiveness
- Mythos's dual-use cybersecurity capability (181/181 exploit conversion, 27-year-old flaws discovered) cannot be managed by hardware controls alone. Deployment governance fills the gap.
- The strategic implication: AI governance is transitioning from hardware-layer control to capability-layer control, requiring two-layer enforcement during the next 2-5 years
The Strategic Pivot: Two Control Layers, Not One
US export control strategy, formalized between 2023-2025, operates on a simple hypothesis: restrict compute hardware access to China, prevent frontier AI capability development. H100/H200 GPU restrictions target the training phase directly. No hardware, no frontier capability. The logic is clean.
But DeepSeek V3.2's technical report proves this hypothesis has a ceiling. DeepSeek achieved reasoning parity with GPT-5 using 10x fewer FLOPs through architectural innovation (Mixture of Experts sparse attention, deep seek-based retrieval, reinforcement learning post-training). Algorithmic efficiency partially overcomes hardware scarcity. Export controls delay capability development, but they do not prevent it indefinitely.
Project Glasswing represents the next governance layer: deployment-phase control. Mythos was trained and exists. The governance decision is not whether to build it, but who gets to use it and under what constraints. This is a fundamentally different control point. It applies after the capability has been created, not trying to prevent its creation.
The strategic implication is that AI governance will need both layers simultaneously: hardware controls to slow adversarial capability development, and deployment controls to manage capabilities that exist despite those controls. The transition from layer 1 to layer 2 is happening now in April 2026.
AI Governance Control Layers: Chip vs Deployment vs Regulatory
Comparison of three governance approaches by control point, enforcer, what it prevents, and effectiveness ceiling
| Layer | Ceiling | Enforcer | Prevents | Control Point | 2026 Effectiveness |
|---|---|---|---|---|---|
| Chip Export Controls | Cannot prevent reasoning parity (DeepSeek proven) | BIS / Commerce | Pre-training at frontier scale | Training (compute access) | High — knowledge gap confirmed widening |
| Deployment Controls (Glasswing RSP) | Requires RSP credibility; not legally mandated | Lab internal RSP policy | Misuse of existing capabilities | Inference (model access) | High — 12-partner restriction active |
| State Regulation (RAISE Act) | Constitutional uncertainty through early 2027 | State AG / civil courts | Unsafe frontier model releases | Development (safety protocols) | Low — excludes foreign open-weight models |
Source: Anthropic Project Glasswing / DeepSeek V3.2 Technical Report / NY RAISE Act analysis
Why Export Controls Have a Ceiling: The Efficiency Proof
Export controls work by increasing the cost of capability development. If training GPT-5 costs $500M with unrestricted chip access, and export controls increase the cost to $5B for equivalent Chinese capability, the economic barrier is high enough to delay development by 3-5 years. This is the intended effect.
But DeepSeek's efficiency gains suggest this barrier is temporary. DeepSeek achieves reasoning parity through architectural efficiency, not compute scaling. The cost to close the knowledge breadth gap (which DeepSeek still admits is real) is $100-500M in pre-training FLOPs — high but achievable within 3-5 years even under export restrictions. The efficiency trend line suggests the cost barrier will shrink as algorithmic innovation continues.
This is not a temporary advantage. This is a structural ceiling on export control effectiveness. As algorithms improve, the compute-to-capability ratio improves, eroding the economic barrier that export controls create. Eventually (perhaps 2028-2030), algorithmic efficiency will overcome hardware scarcity sufficiently that capability parity becomes inevitable regardless of trade restrictions.
Geopolitechs analysis confirms the performance gap on knowledge-intensive tasks is widening, which means export controls are currently effective. But they are effective because algorithmic efficiency has not yet overcome hardware scarcity, not because hardware scarcity is an insurmountable barrier.
The Dual-Use Problem: Mythos as Both Weapon and Shield
Claude Mythos scored 83.1% on CyberGym with 181/181 exploit conversion rates, representing a qualitative leap in offensive capability. The model autonomously identified vulnerabilities that decades of human and automated review missed: a 27-year-old OpenBSD flaw and 16-year-old FFmpeg bug that evaded 5 million automated test runs.
This is a dual-use problem that export controls cannot address. The model exists domestically. It is already developed. No hardware restrictions can retroactively make it not exist. The question is not prevention but deployment: who gets access, and under what terms?
Export controls are designed to prevent adversarial nations from building frontier capabilities. But they cannot control how domestic labs deploy their own frontier capabilities. This is the fundamental limitation: export controls are supply-side (prevent capability creation), not demand-side (restrict capability use). Once a frontier capability is created domestically, supply-side controls are irrelevant to deployment governance.
Glasswing's selection of CrowdStrike, Palo Alto Networks, and other defensive infrastructure partners is an attempt to solve the dual-use problem through alignment: give the model only to organizations with both capability and incentive to use it defensively. But this is a governance framework question, not a technology question. It depends on trust, accountability, and compliance monitoring — all things that hardware controls can bypass by definition.
The Governance Transition: From Prevention to Management
The broader strategic transition is from prevention-based governance (export controls, training-phase restrictions) to management-based governance (deployment restrictions, capability-layer controls). This transition is necessary because:
1. Prevention has a ceiling (algorithmic efficiency): As algorithms improve, compute requirements drop, and hardware scarcity becomes less binding. Export controls remain useful but not sufficient.
2. Capability development is accelerating (Mythos tier every 6-12 months): At this velocity, waiting for international treaties and legislative consensus is too slow. Governance mechanisms must operate at the speed of capability development. Glasswing's 7-day decision cycle demonstrates that deployment governance can operate at this speed; export controls cannot.
3. Dual-use risks cannot be solved by hardware controls: Once a frontier capability exists, the use-case risk is real regardless of where it was developed. Deployment governance addresses this directly; hardware controls address it only indirectly by delaying development.
4. International deployment is inevitable (open-source models, API access): DeepSeek V3.2 available open-weight on Hugging Face demonstrates that capability restrictions cannot be maintained indefinitely. Eventually, frontier models leak to open-source or are released by Chinese labs directly. Deployment governance at the ecosystem level (who can legally use it, under what compliance framework) becomes more effective than hardware controls.
The transition is not a replacement of export controls with deployment governance. It is a shift from single-layer to two-layer enforcement: export controls to slow adversarial capability development, deployment controls to manage capabilities that exist domestically and internationally.
International Implications: Toward Deployment-Level Treaties
If the strategic frontier is shifting to deployment governance, the international policy implication is clear: the next generation of AI governance will need formal frameworks equivalent to nuclear non-proliferation, where deployment-level access is codified in treaty rather than left to corporate policy.
Glasswing demonstrates that deployment governance can be operationalized quickly — Anthropic made a civilization-critical decision in 7 days. But it also demonstrates that private corporate governance lacks democratic accountability and international legitimacy. A private company decided who gets access to a model with 181/181 exploit conversion capability. That decision was made internally, announced publicly, and no regulatory body signed off on it.
This model (corporate governance for civilization-critical capabilities) cannot remain sustainable as a norm. Either: (1) Governments formalize deployment-level access controls in treaty (analogous to nuclear non-proliferation), creating international accountability and legitimacy for who gets access to frontier capabilities. (2) Or governance remains private, each lab makes its own Glasswing decisions, and the precedent for unaccountable private governance becomes normalized.
The 2026-2028 period (when the US has maximum capability advantage but minimum domestic infrastructure independence) is the precise moment when this question should be answered. It probably will not be.
What This Means for Practitioners
If you are building frontier AI models, expect deployment governance to become increasingly formal and restrictive. Project Glasswing is the prototype. Your models will eventually reach the capability tier where deployment governance becomes necessary. Plan for it now: implement monitoring systems, access logging, and usage auditing that can support a restricted-deployment model if your capability reaches the Mythos tier.
If you are in critical infrastructure (cloud, security, financial services), you may find yourself in a position to request restricted access to frontier capabilities before they are available to the general market. The Glasswing partner list (AWS, Apple, Microsoft, Google, NVIDIA, CrowdStrike, Cisco, Broadcom, JPMorganChase, Palo Alto Networks, Linux Foundation) shows the selection criteria: infrastructure owners with defense responsibility and capability alignment.
If you are a policy maker, monitor the transition from export-control-centric governance to deployment-governance-centric governance. Export controls will remain important for 3-5 years (they are working as intended), but they will not scale to the 2030s threat environment. Begin building international frameworks for deployment-level governance now, while the US still has leverage. The nuclear non-proliferation analogy is exact: you build these frameworks when you have power, not when you lack it.