Rym Momtaz, Raluca Csernatoni, and Louise Marie Hurel unpack the U.S. move to cut off foreign access to Anthropic's latest AI models.
The U.S. decision to restrict access to some of Anthropic's latest AI models over national security concerns directly affects EU-U.S. cooperation in cyberspace.
Rym Momtaz, Raluca Csernatoni, and Louise Marie Hurel discuss what this means for Europe's strategic autonomy and technological sovereignty.
[00:00:00] Intro, [00:01:01] The Securitization of Frontier AI, [00:18:12] Different Access Levels to Frontier AI Models, [00:26:04] Government vs. Public Access to Frontier AI.
Raluca Csernatoni, June 23, 2026, “Europe Needs a Strategy for its Turn to New Defense Tech,” Strategic Europe, Carnegie Europe.
Louise Marie Hurel, June 22, 2026, “Gatekeeping the Frontier: When AI Access Becomes a National Security Concern,” Royal United Services Institute.
Louise Marie Hurel, Elijah Glantz, and Daniel Cuthbert, “Developing a Framework for Secure Third-Party Access to Frontier AI,” Royal United Services Institute.
Rym Momtaz, ed., May 7, 2026, “Taking the Pulse: Is it Worth it for Europeans to Placate Trump?,” Strategic Europe, Carnegie Europe.
Rym Momtaz, May 5, 2026, “Europeans Are Quiet Quitting the United States,”Strategic Europe, Carnegie Europe.
Raluca Csernatoni, April 16, 2026, “The Fog of AI War,” Strategic Europe, Carnegie Europe.
Louise Marie Hurel, Pia Hüsch, et al., March 16, 2026, “Brief, Bold, and Beautiful? Reactions on the U.S. National Cyber Strategy,” Royal United Services Institute.
Raluca Csernatoni, October 3, 2025, “Corporate Geopolitics: When Billionaires Rival States,” Strategic Europe, Carnegie Europe.
Raluca Csernatoni et al., September 1, 2025, “Tech Diplomacy 2.0: Examining the Intersections Between Industry and Governments in International Relations,” International Journal of Cyber Diplomacy.
Raluca Csernatoni, June 2, 2025, “Can the EU Achieve its Tech Ambitions?,” Carnegie Europe.
Rym Momtaz
Hello and welcome to a new episode of Europe Inside Out. I'm your host, Rym Momtaz, I'm the editor in chief of Carnegie Europe’s Strategic Europe, where twice a week we publish punchy, short analysis on all things strategic in Europe. Today we're delving into the question of access to frontier AI tech, an issue that is shaping up to be quite strategic in maintaining economic relevance. There's a lot to unpack with that question. And to do just that, I'm delighted to be joined by Dr. Raluca Csernatoni, fellow at Carnegie Europe, where she works on emerging and disruptive technologies. Hi, Raluca.
Raluca Csernatoni
Hi, a pleasure to join again.
Rym Momtaz
And Dr. Louise Marie Hurel, who is a senior research fellow in cyber and tech at RUSI, the Royal United Services Institute. Hi, Louise.
Louise Marie Hurel
Hi. Great to be here.
Rym Momtaz
I want to start with Something that made headlines two weeks ago. The U.S. Administration, the Trump administration, imposed basically export controls on Anthropic’s latest model, let's say it that way. And it obviously has caused a lot of discussion around the security of basically access to these models that are becoming so central to everything. And so I want to take apart how much of that decision you think is tied to legitimate national security concerns. Louise, you just published a very interesting paper called “Gatekeeping the Frontier When AI Access Becomes a National Security Concern.” And so let's start with you. How much of this decision is a legitimate national security and perhaps economic edge concern?
Louise Marie Hurel
Well, first of all, I have to say it's important to say it clearly, because there has been a lot of reporting around this. It is perfectly reasonable for states to have national security concerns because of the advanced capability of these models to be exploited by adversaries. It's perfectly reasonable to be concerned with how it might be misused by legitimate actors in the national security establishment. It is also perfectly reasonable to think about, you know whether these models have adequate or inadequate safeguards before they're published, before they are commercialized, or, you know, made available to the world. So, that is a perfectly reasonable concern. And it's important to state that plainly and clearly. However, when we see what happened with the directive, the whole reason that that happened is basically because, and that's what both Anthropic and others have reported, is that for national security concerns, which you know, the assumption is that there was a jailbreak, which is basically a way of you bypassing the safeguards of these models that, you know, the U.S. government had reported to Anthropic, and then Anthropic didn't agree that it was a huge deal, that jailbreak, and because of that they just decided to go and continue with the model available. So, as a response, they ended up passing this directive, which I think it's incredibly disproportionate in what it does. And there's several contradictions that come with this directive we should remember that, you know, it was targeted only for foreign nationals. And in the end, you know, Anthropic decided to just block the access to Fable 5, which is this latest model, to everyone because of compliance.
Rym Momtaz
And what's interesting is it wasn't blocking access by foreign nationals outside of the U.S. it was blocking access to foreign nationals anywhere, including in the U.S., which, as we know, in these big tech companies, there are a lot of foreign nationals who work there because they take the best and brightest from around the world.
Louise Marie Hurel
Absolutely. I mean, yes, from within the company. So, imagine you're working in this model and then all of a sudden you can't actually work on the model and fine tune it, which means, like, improve the model. So, this is a big challenge. And there are several contradictions in this move, because just a few days before this directive was passed, and just a few days before even the model was released. So, the directive was issued three days after Anthropic launched the Fable 5 model, and ten days since the White House had published its executive order on AI and security. And in that executive order, it's pretty interesting because they established this voluntary requirement or framework that they're going to establish for them to have access of the preview of the preview of the model. So, before the model is open to a small group of people or organizations, the U.S. government should have a preview of that preview. And it's interesting because Trump hesitated to publish that executive order. So, it came out when it came out after series of deliberations within the government as to whether it would hinder innovation. So, you have this internal conversation and this kerfuffle around, you know, we shouldn't pass this executive order because industry might think that we're hindering innovation, that we're stopping these models from being published and we're stopping them from actually showcasing that we are at the frontier as the U.S. and this is our capability and our soft power and our technological power. But then right after Fable 5 is released, you have this directive, which is quite interesting. It's a contradiction in terms.
Rym Momtaz
I want to bring you in Raluca, because I want to kind of drill in on this. We know that Anthropic’s CEO has been clashing with the Trump administration. He clashed with, for example, Defense Secretary Pete Hegseth over AI's battlefield role. He warned that AI could trigger mass job losses, which is basically against what the White House is signaling in terms of economic benefits. He also disputed the White House's account of this jailbreak. If I'm not mistaken. So, how much do you think it was also about these diverging political views and sort of challenging the Trump administration? Is it a political move more than a security move?
Raluca Csernatoni
Well, great question. And just kind of to turn back to Louise’s points, from this perspective I think it's all of the above, to answer your question. It's a technological question, it's a public private state versus a corporation question. It's a security question, it's a safety questions. All of these are very much important to kind of unpack. Of course, if you take more the Washington perspective, then it's very much understandable that frontier AI models are seen as a true national security concern, especially due to the pressure from the national security establishment that really understood the power of some of these AI systems. We have to understand that AI is turbocharging cyber-capable models that can be used by both the offenders and the defenders at the same time. But conversely at the same time, some of these models are powering economic progress and prowess and AI-first nation, that we hear quite a lot when it comes to deploying some of these systems, from healthcare to banking to everything else and everything under the sun. But one thing that I would like to actually add maybe to this is what was for me super puzzling is the problem of the process. And Louise highlighted this kind of kerfuffle and kind of this back and forth. And for me that showcases that the problem is actually how governance is done. What is striking is the absence meaningful and coherent process. So, first of all the process is quite opaque. It gives various signals to both the security, intelligence, defense establishments, but also it gives mixed signals to the commercial sector as well and to your supposed commercial AI champions when it comes to frontier AI models. So, for me the question is that actually what's needed in the U.S. and elsewhere, not only in the U.S., is an open scientifically proven, transparent process to handling how AI risk safety assessments are being handled. And this is actually absent at the moment. And again whether this is a political question or more of a commercial question is again to be discussed. But I don't think that living in just a self-regulation nor to unilateral state intervention is the solution. You need to have kind of a mix of both. And yeah, it's politics, yes, but at the same time you need to take into account more the technical nuances of how do you do safety in AI frontier models and also to bring to the table all of the stakeholders when it comes to putting in place more of a manageable and predictable governance process of how you audit some of these systems.
Rym Momtaz
Louise, I want to bring you in on this because obviously Raluca said you are an expert on when it comes to these processes. And when I was reading your paper, I was struck by this concept that you put forward of the securitization of frontier AI in a context of fragmented standards, right, concerning access to frontier AI models, I think that's very interesting, the fragmentation of the standards, especially, for example, between the U.S. and the EU. I'm talking about an ecosystem, economic ecosystem, that is supposed to be very symbiotic. So, why don't we start there? What are the impacts of this decision on the symbiotic ecosystem?
Louise Marie Hurel
There are various consequences of the securitization of, and I should be specific here, of access to these models. We operate here under the assumption which I would challenge, right, that you know, we need to access these frontier AI models. All of our attention in the public discourse in these kerfuffles, right, focus on closed-weights frontier models, which means basically models that you cannot inspect where the code, you know what, but you can just, you can't audit those models. You need ways of accessing the model in order to do that kind of audit. So, access is a key element. Basically because of commercial concerns, you know, there has been a growing trend between these two companies, but mostly like Anthropic, OpenAI, Google's Gemini, to make this not like a closed-weight model. And in that sense, we need ways of inspecting, we need ways of understanding or developing methodologies and benchmarks to understand how do these models perform. There's a particular language around this, right? Are the incentives of the model or the way it performs aligned with our expectations? Is it aligned? How capable is it of transforming a vulnerability, as a code, like a vulnerability, into an actual exploit? And right now, what we have is a fragmented landscape in terms of access, and we have a fragmented landscape in terms of the methodologies and benchmarks to assess that. Governments have different approaches to thinking about how to access, for different reasons. We see the U.S. trend is very much national security-focused but we could think of a lower level. Not the White House, but if we think of the AI security institutes and even the shift from AI safety institutes to security institutes in the past year is an indication that national security is at the forefront. The U.S. CAISI, which is the AI Security Institute, has incorporated a mandate that's way more national security-focused. The same with the UK's AI4CI and that also that all kind of projects that trend of, you know, it is important and we need to have the structures to do that. But at that technical level, it's okay, right? I mean, you need these national kind of institutes to assess that, and they're the ones also developing some of these benchmarks alongside organizations that are commercially or not for profit, that are also developing and working with the AI labs to set the standards as to how we identify that. So, there's something called for example the ExploitBench, which is one of the latest benchmarks that have been published, which is a collaboration between UC Berkeley and Anthropic and others where they try to understand how can we assess how quickly or autonomously a model can go from just identifying vulnerability to then turning it into an exploit. And that is super important. but again it's a very fragmented landscape what we have right now and that's quite concerning because first companies, if they are not developing shared standards for let's say access. And right now we have, for cyber, we have project Glasswing and access like to Mesos Preview as one way of accessing like high capabilities models or frontier models. We have on the OpenAI side different tiers of access depending on your, how, how much of a cyber defender you are, how much of an expert you are. So, there are different tiers in terms of access. And if we don't have those shared standards, what happens? It happens that you know, governments can exploit that fragmentation. And that's what we've seen with Trump and the executive order.
Rym Momtaz
I want to widen the scope here. I'm not just talking about liberal democracies. What are other kinds of governments, what can they do to exploit this fragmentation?
Louise Marie Hurel
So, I wouldn't focus solely on kind of access being a thing that can be weaponized. I would say that there are very legitimate cases for access, and because we don't have that shared standard in terms of access and that's what we try to do with our Secure Access to Frontier AI Task Force here at RUSI and the paper that we've published is because like, so, if you don't have a shared standard, what you have is the U.S. requiring a certain form of access for national security concerns. So, what we have with the executive order is a voluntary but not really voluntary framework for you to have a preview of the preview. Some might even argue “Oh, a preview of the preview, that's, that rings the bell.” You know, I remember, you know, China, I mean not that it's the exact thing you know, don't misread me, but like China when a vulnerability was discovered a few years back, like log4j and Alibaba was the company that reported that vulnerability. That was a critical vulnerability across multiple systems. So, what happened? China didn't like that Alibaba had done that, went down on them, took a series of measures to clamp down on the company and passed a law that then introduced a reporting like a government-first reporting. Right. So, you can see like interest, interesting, like government-first approaches to this. The other approach is the EU. So, with the EU AI act there's another model which is, you know, a regulatory body, the EU AI office is will have access to these models. They will be able to request information about how these models operate with the purpose of assessing the risk of these models. And that is another way of thinking about access. The challenge with not having a shared understanding of access, especially from a governmental standpoint, means that you might create a structure of disincentives for other countries in especially developing countries that don't have as much of an access or they can't afford to have access to these very sophisticated, closed models that they will just go to open weights models, right? Open alternative where they can just build their own build their own infrastructure. And that's if that's less costly and there goes the deep-sea kind of argument, that's less. They might develop the skills to build those structures, to have what's best tailored for them. And at the end of the day, you know, they don't need to discuss the question of access with these big tech companies, which, you know, not just in AI, but structurally it has always been an issue with many countries across the Global South to just have access to these companies, to have privileged access, you know, to some of these technologies and these solutions and tools. AI, frontier AI is just the latest piece of the puzzle of an existing trend.
Rym Momtaz
Just to build on what Louise was just talking about, Raluca, I know you work on sort of this concept of how access controls are creating what you call “new hierarchies of trust.” I think, you know, it's important to sort of discuss that now at this stage. And you know, because to me what's striking, and obviously I'm not an expert on this, is how aggressively this is being applied, even you know, within a supposedly very close alliance between the U.S. and the Europeans. So, why don't you tell us a bit more about this concept, the hierarchies of trust to start with. Is it new by the way, or has it always existed with sort of new strategic technologies as they were emerging?
Raluca Csernatoni
I mean this is not new. We can re kind of purpose it to various discussions and debates. I mean this is the age old actually geopolitical question about resources and access to them and technological prowess. And we had various technological revolutions and industrial revolutions and who was in the leading seat has always kind of reaped the benefits from both economic and security perspectives. But for me with these hierarchies of trust actually it's more of a conversation of um, how again exclusion can be weaponized or instrumentalized and how um access beyond again access towards vetting some of these models and having actually the opportunity to use them is very much introducing a very practical vulnerability. And this kind of leads us to conversations about dependence and the age-old conversations related to strategic autonomy, technological sovereignty and again these kind of bringing a lot of higher and just to kind of pepper the conversation with some of the metaphors that are being used nowadays. We are becoming, we in the sense the broader world besides the great powers, technological colonies, digital vassels, the hierarchies, the power dynamics behind the next industrial revolution and the 21st century. But again for me when it comes to going back to the frontier AI conversation, when frontier AI models can be restricted overnight the conversation becomes more related to business continuity, security and cybersecurity risks, again broader risk towards your economy and your entire system basically, your entire critical infrastructure that you might be able to construct based on all of the layers of the technological stack, including the latest models of AI. And why the Mythos conversations are so interesting and controversial in my view in terms of the hierarchies, it's exactly having that strategic edge that these technologies seem to apparently give the users, especially in fields like cybersecurity. And for me this again very very important because if you restrict access to some of these models, you also put the defenders on a very delicate kind of footing because they cannot for instance test prepare some of these prepare towards countering some of these advanced tools. And I'm not thinking again just security and defense and intelligence services. I'm thinking about the banking industry here, software companies, researchers, so on and so forth. So, for me again exclusion, access, hierarchies matter because they showcase deeper dependency problems that need to be mitigated one way or another. And again we hinted towards these models and there are solutions, alternative solutions like open-weight models, creating more capacity and capability at home. But at the end of the day the ecosystem, the word that you use very well is so interlinked at the moment. And the entire AI technological stack is so much dependent on the U.S. technological offer that it's very hard not to think once again about these hierarchies and kind of, you know, access negotiation and politicization to all technologies on all the layers of the stack, not only the frontier AI models that we are discussing nowadays.
Rym Momtaz
I want to go back to the question of dominance of the U.S., but. Louise, you wanted to add something?
Louise Marie Hurel
Yes, I'd love to add something because as good recovering scholars, Raluca, I think there's a tendency of trying to kind of organize things, create typologies and things like that. And I think it's important for us to clarify the different types of access that we're talking about here. Like in this conversation, we've talked mostly about access by governments, but there are different gradients of that, right? So, there's access by governments, access provided to evaluators, which are the ones that assess, you know, whether these models are aligned, whether they can weaponize some of these vulnerabilities. And there's access to, I mean, similarly to cyber defenders, which was what Raluca was saying, which is at the crux of a lot of the conversation around Mythos and Fable 5. And also, you know, ChatGPT 5.5, let's not forget, you know, OpenAI is incredibly quiet, but they're there. And they're still providing a very similar model in terms of capability. but the one that has been kind of at the spotlight is this fight between Anthropic and the U.S. But another thing that I think is important for us to clarify here in terms of a spectrum, right? So, we talked about the spectrum of access and also the spectrum of gatekeeping, right? So, at one end we have this full blocking of access, which is expressed through the directive. The other element is steering for government privilege, which could be observed through the executive order on AI security. But also, you know, government privilege, you could assume, like a more regulatory approach would be the EU’s AI Act and what the office will be doing requesting information. The third layer or gradient right of gatekeeping is controlling for profiles and functions. So, what I just said, you know, the gradient of access in terms of assessing cyber capabilities. So, you have ChatGPT 5.5 trusted access for cyber, you have ChatGPT 5.5 cyber. Then you have other ways of assessing that. And finally you have this general access, which is our access, which is, you know, commercial, I pay and I access it. And I think it's important to note that this gatekeeping from a commercial standpoint has been normalized. It's just not said as gatekeeping. They're creating tiered access to these models. So, in 2019, OpenAI was the one that first established that through what they called a phased release and a partnership-based model sharing with the objective of, you know, we're not going to release the latest model, but we're going to give you this model so that you have enough time to assess it and then, you know, we'll continue to release the other versions of this model. And that's an industry, the industry has accepted that, and that has just created an opportunity for multiple business models that are bespoke to different stakeholders. And I think that's something that we'll continue to see. But I think it's important for us to frame our conversation here also in that gradient of gatekeeping and what also has been normalized by the private sector.
Rym Momtaz
There's something both of you kind of flicked out, but we haven't delved into it, which is what does this kind of drastic measure with immediate impact have on the commercial considerations of a company? At the end of the day, Anthropic is for profit, right? Like most of the AI giants in the U.S., but what does it mean for the position of a company where a government as strong as the United States government can overnight just kill a model? Which is what just happened in many ways. What does this mean for its ability to safeguard its commitments with other clients, whether it's governments or, you know, big other corporations and projecting into the future and tied to that is: Will this push those who don't have the sovereign capabilities to turn toward, let's say, Chinese models as a replacement? Who wants to take that first? Maybe Raluca?
Raluca Csernatoni
Again, great question here. I do not presume to know what's going on in the boards of Anthropic at the end of the day. But I think that the signal is not very helpful. And it kind of makes me turn back to my original point about, in a way how the lack of clarity around the processes is giving even more insecurity kind of signals from my perspective. The thing is for me that if you take the Trump administration and if you take the national security risks seriously, which we should actually, and everyone should, it's very important to consider the internal guardrails how some of these systems can be instrumentalized by adversaries, non-state actors, other potential actors, state actors for that matter. So, for me this is kind of a question again very much caught in the traditional state centric approach about safety, national security risk. Anthropic however had a different story around it. It said that some of the vulnerabilities were actually ironed out, and they also did not warrant such an extreme reaction. So, in that sense it actually shapes this case for me, shapes a different story also about the age-old framing that the U.S. is all about pushing forward, breaking things, innovation, laissez-faire. On the contrary, what we have seen with the Trump administration is a very kind of heavy-handed approach. Is it because of paranoia? Is it because again the signals from the security and defense establishments that these systems first of all need to be very well understood and what they are doing in terms of disruption? But at the same time it also gives me a signal that once again you need kind of a negotiated approach between national interests, security interest and the commercial interest. Especially now because Anthropic is this red-hot AI lab nearly, I don't know, a trillion dollars’ worth also planning to go public. So, again my question here is related to whether this is a case of when politics meets resistance and is trying to reel in some of the so-called champions and this is more of a political spat or whether there are true security vulnerability concerns that we need to take into account. But again I do not have a solution for this. I think I would actually subscribe to a more open, structured, publicly, scientifically, vetted, trusted process to be put in place, again, outsourcing it to legitimate agencies, security safety agencies, offices, there are offices around the world. However, what this incident is showing to me is that you need these types of governance solutions to negotiate this evolving landscape. And I think this is just a canary in the mind of what is coming next because some of these systems will be deployed in a lot of other fields, not only in this specific case more related to cybersecurity.
Rym Momtaz
So, let me be a little bit cheeky here and give you Louise the word at the end, final word, which is that I think Raluca is saying she's totally a fan of the EU approach, which is to try and find norms and, you know, legislate, which obviously is a huge problem for the Trump administration, they're not fans of regulation. And the EU is a very big fan of that. One, do you ascribe to that? And two, is the EU resorting to regulation because it doesn't have a champion, and that's the way for it to kind of weigh in on this next frontier, really.
Louise Marie Hurel
I have lots of thoughts on this. First, let me just quickly react to what Raluca said and play the devil's advocate here, because we like disagreement. So, I'm going to disagree with Raluca and I'm going to say these companies are no angels. They're not like, let's not be naive. This is a major publicity opportunity for Anthropic to again come out on the public discourse as the only company that cares about AI safety and security. The fact that Dario Amodei, Sam Altman and others were at a G7 meeting, which they assumed that they were going to talk about Fable 5, but then in the end, it was just a lot of need to cooperate/Kumbaya kind of discussion. So, I'd like to put that also, because we don't know. I mean these people are people that have huge egos. And I'm not here. I absolutely don't know the CEOs of these companies personally. But we should consider that it is also a very personality-driven industry. And I think we should consider that when we're thinking about the plays that we observe from the external side, it's not that Anthropic was used just as, you know, a demonstration of the U.S. muscle to rein in these labs. But it is one lab right. Open-AI is very quiet, and they got the contracts that apparently Anthropic lost with their Pentagon fight. So, let's remember that. Another thing that I would say just to kind of finish up my feel is about the securitization and some of the points that you raised Rym. So, let's not be naive. These companies have their own interests and their own publicity. The synchronization does leave most of the folks outside of Silicon Valley in D.C. with little agency over. So, what you see is the EU trying to reclaim some of that agency over these labs and how they operate through an instrument, which is the very EU way of doing it, which is a regulation, like the AI act but others might do in different ways, or they might just you know, not do it at all. We should also consider whether, you know, developing markets are actually of interest to these AI labs. You know, if they are of concern, they should be as concerned with this directive as all of us were shocked. Because right now at Hugging Face, which is a platform where you have all these, let's say, open-weights models, Alibaba's Qwen is the most downloaded model family over there. Again, the fact that people are using Qwen doesn't mean that they are being spied by the party. But it does show that there is a Chinese soft power for open models, and they are also very savvy in coupling that soft power with other things. Right. We didn't talk about the fact that we have this conversation about these models in an isolated fashion. We don't talk about the rest of the supply chain. So, you have Alibaba or even Huawei coupling their chips that they're developing with the prominence of Qwen and using that in materials that they're sharing with Latin American countries and African countries. So, we should consider that. But the last thing that I'll say, and I'll stop there, is what we need to do given this fragmented landscape, is I think we need to consider different blueprints for access. And they are, you know, considering these different types of access that I mentioned. So, if it's for government, it's not that we're going to create a whole different structure. There is a baseline for how much access you provide, and the risks associated to that access. But you need to establish that baseline and then based on that baseline, which could be just partly public for governments. Part of it could be classified. We're okay with that, but some of it should be public. And then we have other blueprints for access, but they all rely on the same terminology. There’s research out there that tries to distinguish gradients of access from like, black box, gray box, and white box. So, there's things that we can work with that then can become classified, that then can serve governments, serve these different communities in a better manner than what we're doing right now. And there are platforms to do that and that's what we're trying to do as well here at RUSI.
Rym Momtaz
I think this is a great jumping off point. Unfortunately, we do have to wrap it up but it's a great way to wet our listeners' appetite and to, and to, to you know, encourage them to read all of your great work, both of you. So, thank you and thank you to our listeners for joining us on this month's episode of Europe Inside Out.
For those who are interested in learning more about AI and the cyberspace, I encourage you to follow the work of Carnegie Europe in the context of the EU Cyber Direct - Cyber Diplomacy Initiative project. And I will see you soon.