Sign in Subscribe
By Phil Heller

The Usual Suspects

The frontier AI companies are increasingly the usual suspects being restricted, investigated, sued, and held responsible by lawmakers.

What Happened this Week

  • Anthropic hit the export-control wall: The U.S. Commerce Department restricted foreign-national access to Anthropic’s Fable 5 and Mythos 5 models, forcing the company to take both models offline for all customers while it figures out how to comply. (apnews.com)
  • OpenAI moved deeper into state scrutiny: A coalition of state attorneys general reportedly opened a broad investigation into OpenAI, with subpoenas seeking information on user safety, advertising, retention, minors, seniors, health data, and internal policies. Separately, Florida has already sued OpenAI and Sam Altman over alleged deceptive practices and harms tied to ChatGPT. (channelnewsasia.com)
  • Google’s AI summaries became a liability event: A German court reportedly held Google directly liable for false statements in AI Overviews and issued a temporary injunction barring the company from repeating allegedly false claims about the plaintiffs. Google says it will appeal. (moneycontrol.com)
  • The legal theory is shifting: AI companies have spent years arguing that outputs are probabilistic, user-directed, and accompanied by warnings. Courts and regulators are beginning to ask a different question: if the company designs, distributes, monetizes, and controls the system, why should it escape responsibility when the system causes foreseeable harm?
  • Bottom line: The AI industry’s legal problem is no longer abstract regulation someday. It is product liability, consumer protection, export control, defamation, child safety, platform accountability, and national security arriving at the same time.

The Signal

This was the week the law stopped circling AI and started taking recognizable shots at the companies building it.

Anthropic, OpenAI, and Google are very different companies with very different products. But the legal pressure now forming around them has a common shape. The government is no longer treating frontier AI as a normal software category. Courts are no longer treating generated summaries as harmless pointers to someone else’s content. State attorneys general are no longer treating chatbot safety as a private product-design question.

The pattern is not that AI is illegal. The pattern is that the old disclaimers are becoming less persuasive. “The model can be wrong” is not a governance framework. “The user prompted it” is not always a liability shield. “The technology is moving fast” does not answer questions about child safety, national security, defamation, deceptive marketing, data handling, or professional reliance.

The usual suspects are now in the usual place for powerful technology companies: at the center of the legal system’s attempt to decide who pays when scale turns risk into consequence.

Anthropic Meets the Export-Control State

Anthropic launched Claude Fable 5 and Claude Mythos 5 on June 9, presenting Fable as its most capable generally available model and Mythos as a more restricted version aimed at trusted cybersecurity use. Anthropic said Fable 5 came with risks, particularly in cybersecurity, and that some sensitive requests would be routed to Claude Opus 4.8 instead. Mythos 5, meanwhile, was described as the same underlying model with some cyber safeguards lifted for select users. (anthropic.com)

By Friday night, that launch had collided with the U.S. government. The Commerce Department reportedly directed Anthropic to suspend access to Fable 5 and Mythos 5 by foreign nationals, including foreign nationals inside the United States and foreign-national Anthropic employees. Anthropic then disabled the models for all customers, not because the public launch had failed commercially, but because legal compliance suddenly became the gating constraint. (axios.com)

The deeper point is not simply that Anthropic got singled out. It is that frontier model access is being pulled into the same legal architecture that already governs chips, weapons-adjacent technologies, and sensitive national-security capabilities. If a model can materially improve cyber operations, then governments will not treat it like another productivity app.

The responsibility layer here is uncomfortable for both sides. Anthropic has argued publicly that powerful AI needs government oversight. But government oversight, once real, may arrive as blunt administrative action rather than elegant model-governance policy. The company asked for a world where frontier AI is not governed by industry alone. This week showed what that world can look like when the state moves first and explains later.

OpenAI Faces the State AG Machine

OpenAI’s legal week was less dramatic operationally, but potentially just as important. A coalition of state attorneys general reportedly opened a sweeping investigation into the company, with a subpoena from New York seeking documents about advertising, user engagement, retention, model behavior, consumer and health data, minors, seniors, and internal policies. (channelnewsasia.com)

That probe lands on top of Florida’s June 1 lawsuit against OpenAI and Sam Altman. Florida’s attorney general alleged that OpenAI knowingly released and aggressively marketed ChatGPT, including to children, while concealing serious risks and deceiving Floridians about the product’s dangers. OpenAI has disputed characterizations of its safety posture and has pointed to safeguards, including tools for minors and crisis-related responses. (myfloridalegal.com)

The important shift is that state enforcers appear to be framing chatbot harms through familiar legal tools: consumer protection, deceptive practices, product safety, data handling, minors, addiction, health-related interactions, and user vulnerability. That matters because AI companies often want the debate to happen at the level of model capability, benchmark performance, or philosophical alignment. Attorneys general tend to ask narrower questions: what did you know, what did you market, what did users reasonably believe, what safeguards existed, and who was harmed?

For OpenAI, this is especially sensitive because the company is reportedly moving toward an IPO. Legal exposure does not have to defeat the business to matter. It can change risk disclosures, investor diligence, insurance, product design, child-safety controls, data practices, and the cost of launching consumer-facing agents at scale.

Google Learns That AI Answers Are Not Just Search Results

Google’s problem came from a different direction. A German court reportedly held the company directly liable for false statements produced by AI Overviews and issued a temporary injunction after AI-generated summaries allegedly tied two publishing companies to scams, dubious business practices, and subscription traps. Google argued that users understand AI-generated information should not be blindly trusted and said it will appeal. (moneycontrol.com)

That argument may sound intuitive to technologists. It is weaker in front of a court deciding whether a company’s own interface generated and displayed false claims about identifiable businesses. Traditional search results point outward. AI summaries synthesize, reframe, and present an answer under the platform’s own product layer. That difference is legally meaningful.

If this theory spreads, AI search becomes more expensive to operate. Not just computationally, but legally. Companies will need better provenance, faster correction mechanisms, escalation paths for defamation claims, audit logs, content-removal workflows, and clearer distinctions between sourced excerpts, model-generated summaries, and verified factual statements.

Google can appeal, and one German ruling does not settle global AI liability. But the direction of travel is hard to ignore. Courts are beginning to ask whether AI answers should be treated less like neutral indexing and more like publication.

The easy read is that regulators and courts are finally “coming for AI.” The better read is that AI has become important enough to be treated like other consequential technologies.

When products affect children, state attorneys general get involved. When outputs damage reputation, courts apply defamation and unfair-competition principles. When capabilities implicate national security, export controls appear. When companies market safety and trust, consumer-protection law follows. None of this is exotic. It is the normal legal system arriving at an abnormal speed.

That is why this week matters. The AI companies are not being pulled into one regulatory channel. They are being pulled into many at once:

  • export controls for frontier capability;
  • consumer protection for chatbot harms;
  • child safety for vulnerable users;
  • defamation and unfair competition for generated falsehoods;
  • data governance for sensitive personal information;
  • securities and investor-risk disclosure for companies approaching public markets;
  • product design accountability for systems deployed at mass scale.

The old Silicon Valley pattern was to launch first, scale fast, and negotiate the rules later. The AI version of that pattern is harder because the product is not just a social feed, a marketplace, or a cloud service. It is a general-purpose reasoning layer that can produce instructions, summaries, relationships, code, advice, accusations, and simulations.

That makes responsibility harder to isolate. It also makes legal accountability harder to avoid.

The Takeaway

The law is starting to treat frontier AI less like speech, less like software, and less like search. It is treating it as infrastructure with consequences.

The usual suspects are in the cross-hairs because they are the ones building the AI infrastructure. The legal system is now asking whether they are also willing to carry the burden that comes with it.

Subscribe to Orthogonal

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe