OpenAI Got a Voluntary Gate. Anthropic Got a Hard Shutdown. The Stated Threat Was the Same.

On June 25, Sam Altman told OpenAI staff that the company had agreed to limit initial GPT-5.6 access to a small group of enterprise partners while the US government approves customers one by one. He called it "the fastest path to a broad release." He expects broader rollout "a couple of weeks" after the preview period.

The arrangement is voluntary. A June 2 executive order — EO 14409 — established a framework allowing AI developers to provide government access to frontier models for up to 30 days before broader release, and explicitly bars mandatory licensing, preclearance, or permitting requirements within that framework. ONCD and OSTP are named in secondary reporting as the agencies involved, though these attributions trace entirely to a single internal Altman memo and have not been independently confirmed. Commerce Secretary Howard Lutnick engaged with OpenAI directly, separately confirmed by Axios and The Decoder, warning the company not to proceed without multi-agency sign-off.

Compare that to what happened to Anthropic.

On June 12, the Bureau of Industry and Security issued a binding directive to Anthropic CEO Dario Amodei at 5:21 PM ET. It cited ECRA § 4817(b)(1), 15 C.F.R. § 744.22(b), and ECRA broadly. The directive named Claude Mythos 5 and Claude Fable 5 — which had launched three days earlier — and required Anthropic to take both models offline entirely. Because Anthropic cannot verify customer citizenship at scale, it executed a hard global shutoff. All users. All countries. The approximately 200 institutions across 15 countries that held Mythos Preview access lost access simultaneously.

The stated concern in both cases is the same: autonomous cybersecurity capabilities — specifically the ability to identify and potentially exploit software vulnerabilities — at a level that the government considers a proliferation risk.

Here is where the government's position becomes difficult to defend on consistent grounds.

The documented benchmark comparison available before GPT-5.6 was gated is between GPT-5.5-Cyber — a specialized OpenAI variant released in April — and Anthropic's Mythos 5. GPT-5.5-Cyber scored 85.6% on UC Berkeley's CyberGym benchmark. Mythos 5 scored 83.8%. GPT-5.5-Cyber does not match Mythos — it outperforms it. After the June 12 shutdown, Anthropic stated publicly that GPT-5.5-Cyber "carries the same capability set" that triggered the Mythos directive. That claim has not been independently verified. But if Anthropic is right, the government shut down the weaker model while giving the stronger one a voluntary gate.

GPT-5.6 itself has no official benchmarks. OpenAI has issued no model card. Chief scientist Jakub Pachocki described it internally as a "meaningful improvement" over GPT-5.5, but that characterization comes from a single source and has not been confirmed. The government's concern with GPT-5.6's cybersecurity capabilities is an extrapolation from GPT-5.5-Cyber's documented performance, not a direct assessment of a model that has not been released.

The "voluntary" framing requires context.

The EO's anti-compulsion clause applies only within that EO. It does not bind the Defense Production Act, IEEPA, or the Bureau of Industry and Security's Export Administration Regulations. The government demonstrated its willingness to use those non-voluntary tools 13 days before the GPT-5.6 arrangement. The question of how voluntary OpenAI's compliance was is not separable from the knowledge of what happened to the lab that did not pre-coordinate.

Altman said as much without saying it: "We've made clear to the U.S. government that this is not our preferred long-term model, and will work with them and others in industry to achieve a more sustainable approach for future releases." That is not the statement of a company that views the arrangement as a genuine voluntary choice.

The legal architecture is unsettled.

BIS's application of § 4817(b)(1) — written to govern export, reexport, and in-country transfer — to restrict domestic US consumers' access to a domestic commercial service is being litigated directly. Legion LegalTech v. United States challenges the authority on that ground. The statutory text covers exports; whether access to a cloud API by a US citizen constitutes an "export" under EAR has no binding appellate precedent. Congress passed the Remote Access Security Act in January 2026 specifically because the prior legal framework had no authority to regulate domestic-access controls on cloud AI services — confirming legislatively that the gap existed.

The individual customer vetting — approving or denying access to a commercial software product on security grounds — has no domestic precedent. Existing frameworks (ITAR deemed export, NRC nuclear, SAP clearances) all apply to employee/contractor relationships in controlled-technology environments, not to retail consumers. What the government is building with GPT-5.6 has no prior model in US regulatory history.

What remains unanswered.

No source has confirmed what security criteria the government applies to individual enterprise customers, which specific customers have been approved or denied, or whether the vetting requirement extends to non-US customers. One source claims access will run through Amazon Bedrock to approximately 20 trusted partners — that is single-source and unverified. No agency has publicly taken responsibility for running the approval queue.

The broader question the government has not addressed: if the same cybersecurity capability threshold that justified a hard global shutdown for Anthropic is being applied voluntarily with a two-week preview window for OpenAI, what was the actual basis for the different treatment? The administration has not answered that.