Dr. Nathan Hayes: Maya, hey — I want to just flag before we start: I think we're going to disagree on what's doing the most work here today, and I'm curious to see where we land.
Maya Chen: Oh good, yeah — I was counting on that. Okay, what's your version of the week?
Dr. Nathan Hayes: So — the mechanism. President Trump signs Executive Order 14409 on June 2nd, voluntary pre-release cybersecurity review, thirty-day window for federal agencies. And then within the month, OpenAI launches GPT-5.6 — Sol, Terra, Luna — on June 26th and immediately gates it to a small group of trusted partners. Anthropic gets its models, Fable 5 and Mythos 5, forcibly taken offline. First time that's happened to commercially deployed frontier AI. And EO 14409 is supposed to be voluntary.
Maya Chen: Voluntary in name. OpenAI literally said these restrictions 'shouldn't be the norm' — while complying.
Dr. Nathan Hayes: Correct. Now — my version is that's the mechanistic failure. Yours, I suspect, is going to be something about who's inside the velvet rope.
Maya Chen: It's — sort of, yeah. Because Mythos 5 comes back June 27th for a hundred-plus vetted U.S. organizations through Project Glasswing, and Fable 5 might be close behind based on the Axios reporting. But Google's Gemini 3.5 Pro was never subjected to any federal review threshold at all. Just delayed from June to July, no scrutiny. And I want to know — mm — what 'vetted' means when the vetting criteria don't exist in writing.
Dr. Nathan Hayes: That's — yes, that's the same problem from two different angles. No rubric for review, no rubric for reinstatement.
Dr. Nathan Hayes: Okay, here's the analogy that keeps stopping me cold. Imagine your landlord tells you the building inspection is optional — those are the actual words, optional — but if you skip it, you can't open your doors. That's what voluntary means inside EO 14409. The text literally says this framework should not be construed as a mandatory licensing regime. And yet OpenAI's GPT-5.6 Sol is gated. Anthropic's models were pulled entirely. That's not optional behavior.
Maya Chen: The door just... doesn't open.
Dr. Nathan Hayes: Right. And now here's what's actually new — what I think the headlines missed. It's not that a voluntary framework became coercive. That's the surface read. What's new is there's no published rubric for what triggers review, none for what satisfies it. As of late June 2026, those standards are simply unwritten. So the question isn't just 'is this voluntary?' It's — wait, how does any company know when it's cleared?
Maya Chen: Maya Chen: How does Anthropic know Mythos 5 is safe to release for those hundred-plus organizations through Project Glasswing if nobody published what 'safe' means?
Dr. Nathan Hayes: They don't know. That's — that's actually my answer. GPT-5.6 Sol gets flagged specifically for dual-use exploit-analysis capabilities, the kind that could theoretically be turned against critical infrastructure. That's the stated trigger. But Gemini 3.5 Pro — no threshold, no review, just a quiet delay to July. No federal scrutiny. So the operative variable here is not capability. It can't be.
Maya Chen: Hold on. If Sol's dual-use profile is the trigger, and Gemini isn't reviewed at all — what does that say about what's actually driving the criteria?
Dr. Nathan Hayes: It says the criteria aren't technical. Or — I mean, they may partly be technical, but something else is doing work. You've got Axios reporting June 27th that Fable 5 restrictions are nearly lifted, insiders expecting clearance that week or early July, and still no public explanation of what changed. Nothing published about what was assessed or what passed. That's the core of it — a de facto capability-gating regime with no mechanism anyone can audit.
Maya Chen: Okay but — the take I keep seeing is that this is a serious, coherent national-security posture. Like, the administration identified real dual-use risk and acted on it. And I want to name that framing out loud because I don't think it survives the next fact.
Dr. Nathan Hayes: Which fact.
Maya Chen: OpenAI and Anthropic blocked Chinese IP addresses from their restricted models. Google did not. No equivalent geographic restriction on Gemini 3.5 Pro. Observers are literally calling it a split-stack dynamic — like the frontier AI market just cleaved in two, and one side of the stack is still fully accessible to the people this framework is supposedly protecting against.
Dr. Nathan Hayes: That's — yeah, that's the load-bearing problem. If the operative concern is adversarial capability gap, a Chinese researcher blocked from GPT-5.6 Sol just... opens Gemini 3.5 Pro. The gap doesn't close. It fragments. And Dean Ball has made exactly this point — that without sensible, defined release processes, you don't get security, you get, I mean — you get the appearance of it, applied unevenly to whoever the government has leverage over.
Maya Chen: Which is OpenAI and Anthropic. Not Google.
Dr. Nathan Hayes: Right. And historically — export controls worked on semiconductors and encryption because you could control the physical artifact. Applying that ad hoc to model deployment, with no published criteria, no peer-reviewed risk rubric — actually, no, the worse consequence is this: you concentrate frontier access at Fortune 500s with government relationships, and distributed innovation just stops. That's not a security outcome. That's industrial policy with a security label on it.
Dr. Nathan Hayes: Dr. Nathan Hayes: And that's — I mean, that's the issue, and I don't have a clean resolution for it. Fable 5 is apparently coming back any day, Mythos 5 is already live through Project Glasswing for those organizations, GPT-5.6 is still locked — and nobody has published what changed. What criterion was met. The stated purpose of EO 14409 is preventing AI weaponization against critical infrastructure. That's the text. Whether a weeks-long domestic access delay actually closes that risk in any measurable way... I genuinely don't know how you'd model that.
Maya Chen: The question I'm left with is — what happens when the next model is more capable than all of these? Because if the pattern is 'companies with government relationships get unlocked, others wait,' that's not a security framework anymore. That's something else, and we just don't have a name for it yet.
Dr. Nathan Hayes: Yeah. That's the one I can't answer.
Maya Chen: Mm. Thanks for thinking through it with me.