The real reason, afaik, that the US is trying to restrict access to SOTA models is that a very large component of USA tailored access and surveillance relies on exploits and weaknesses that these models will easily detect. Thus, it really is an export control issue, but it has nothing to do with offensive capabilities. Offensive capabilities always exist, but pervasive defensibility would upset the asymmetric advantage that attackers, especially the USA, currently have.

There are now Asian models coming , optimized focused on cybersecurity defense at a high level, so I suspect this will be a relatively moot point soon.

LLMs are not great at creating exploits, but they are really good at detecting them. That asymmetry alone is enough to destroy the “offensive capabilities” narrative. Yes, mythos can find exploitable bugs, even write bench exploits. But real exploits require a good dose of human psychology, and most of the tools needed are off the shelf available anyway. You still need a real cybersecurity expert to effectively weaponize a zero day into a deployable exploit.

But an LLM can inspect payloads, packages, and blobs en masse and find those exploits in a way that was wholly impractical before, so the asymmetric attack advantage is dissolved by strong LLMs.

The USA is trying to protect its cyberwarfare advantage, not protect against attackers. The exact opposite, actually. Porous security is a huge advantage to technologically advanced state actors.