Darktrace has backed Anthropic’s temporary restrictions on its most advanced AI models, arguing the move was about safety rather than shutting Britain out of its frontier model.
Nicole Carignan, Darktrace’s SVP of AI and security strategy, told *City AM *the short-lived curb on Anthropic’s Mythos and Fable models should not be read as a straightforward power play over AI sovereignty.
“I do not think it was a competitive advantage move,” she said. “I think a good healthy to think through the security mitigations and strategy to ensure that it’s done safely is always a good thing.”
The comments cut against fears that the US export curbs marked a warning shot for UK firms relying on American AI systems.
Anthropic’s models were briefly restricted after concerns they could be used to identify and exploit software weaknesses, before access was later restored.
Carignan said the decision appeared to be driven by whether “the security guardrails around this model [were] sufficient for something that could be so highly weaponised”.
“I actually appreciate the, ‘Hey, let’s pump the brakes for a hot second’,” she added. “Let’s make sure that we wrap the appropriate defence in depth around a model, ensure that it isn’t weaponised… and then roll it back out.”
Anthropic’s Mythos model is designed for advanced cybersecurity work, including identifying software vulnerabilities.
US officials briefly imposed export restrictions after raising national security concerns over how the technology could be misused before restoring access after Anthropic agreed additional safeguards.
AI sovereignty fears grow #
While Darktrace believes the restrictions were motivated by security rather than geopolitics, Anthropic’s temporary halt nevertheless sharpened concern over whether UK plc and public bodies are too dependent on AI tools they do not control. The government’s Science, Innovation and Technology Committee has warned that ministers not to rely on allies for access to strategically important technologies, citing the Anthropic restrictions as evidence that overseas providers can become a single point of failure.
Carignan said organisations should increasingly think about frontier AI in the same way they manage cloud infrastructure or other critical suppliers.
Rather than relying on a single provider, businesses should diversify across multiple models and build resilience into their AI supply chains.
“We’re not all in on one model,” she said, pointing to Darktrace’s integrations with OpenAI, Anthropic, Gemini and Microsoft. “It’s about balancing resilience with third-party risk.”
She also expects more organisations to adopt sovereign AI approaches, including open-source models and domestic data centres that allow businesses to retain greater control over sensitive information.
‘Resilience depends on sovereignty’ #
John Harms, head of government solutions at Quantexa, also said the Anthropic episode demonstrated why governments need “control under distress” – the ability to continue operating through geopolitical or regulatory disruption. “The lesson is clear: resilience depends on sovereignty,” he said.
Legal experts also believe the incident could mark a turning point in how governments treat frontier AI, with Caroline Ramsay, partner and head of international trade at TLT, saying the temporary restrictions represented “a material shift” in US export controls, moving beyond semiconductor chips to the AI models themselves.
She warned organisations relying on frontier AI should now build export controls and potential service interruptions into their risk planning, as governments increasingly view advanced AI systems as technologies with national security implications.
But Carignan argues AI has compressed the gap between vulnerabilities emerging and being exploited, making traditional patch-first cybersecurity increasingly ineffective.
“Behavioural-based detection and autonomous response” will become the defining capabilities for security teams, she said, as organisations move towards detecting abnormal activity rather than waiting for vulnerabilities to be disclosed and patched.