Anthropic's Mythos/Claude Security and US Government Tensions

On May 1, 2026, the Pentagon awarded classified-network AI work to seven firms — OpenAI, Google, Microsoft, AWS, Nvidia, xAI, and Reflection — and pointedly left Anthropic off the list. Pentagon CTO Emil Michael told reporters that Anthropic remains a supply chain risk, the same harsh designation typically applied to firms with foreign-adversary ties. By any normal procurement logic, that should be the end of Anthropic's federal story for the foreseeable future.

It isn't. The same reporting reveals the National Security Agency is already using Mythos despite the ban, and the Treasury Department has requested access. Pentagon CTO Michael himself separates Mythos from the rest of Anthropic's posture, calling it a 'separate national security moment.' The White House, having earlier blocked Anthropic's plan to expand Mythos access from roughly 50 to 120 organizations, is now drafting guidance to let agencies onboard Mythos around the supply-chain-risk designation. Treasury Secretary Scott Bessent and Fed Chair Jerome Powell have met with bank CEOs about Mythos's financial-system implications. The U.S. government's working stance is therefore that Anthropic is too dangerous to use, and Mythos is too dangerous not to.

That contradiction is the structural insight: federal procurement and national-security workflows are running on different operating systems, and Mythos is the wedge that exposes the gap. The seven-firm classified deal locks in Anthropic competitors for the foreseeable future even if the supply-chain-risk label gets struck. But the Mythos carve-out, if it lands, creates a precedent that capability-tier strategic models can route around standard procurement bans. That is a structural shift in how the federal government will buy frontier AI.

The standard reading of the Anthropic-Pentagon fight is that it's about export risk and trustworthiness. The timeline tells a different story. Pentagon GenAI.mil negotiations stalled in September 2025 because Anthropic refused to permit Claude's use for fully autonomous weapons or domestic mass surveillance. Defense Secretary Pete Hegseth issued an ultimatum on February 24, 2026 demanding unrestricted DoD use of Claude for 'all lawful purposes.' Anthropic refused on February 26. President Trump posted his 'immediately cease' directive on February 27. The supply-chain-risk label landed March 6.

The sequence is unambiguous: Anthropic's usage policy — not its supply chain, not its security posture, not foreign exposure — triggered a designation historically reserved for firms with adversary ties. Judge Rita F. Lin's March 26 preliminary injunction explicitly found the government acted retaliatorily. The D.C. Circuit on April 8 nonetheless refused Anthropic's stay request, citing reluctance to force DoD to keep an unwanted vendor. So the legal record now contains both a federal court finding of retaliation and an appeals decision treating the dispute as a normal vendor matter.

For every other AI lab watching, the lesson is operational: published usage policies are now procurement risk. The terms in your acceptable-use document are not just a values statement — they're a procurement filter that the federal government can reverse-engineer into a blacklist. Anthropic is the first lab to discover where that line sits, and it cost them a $200 million Pentagon contract before the Glasswing partners and Mythos credits arguably bought back the leverage.

Mythos's measured capability is not subtle. UK AISI evaluations put it at 73% on expert-level cyber tasks, up from zero before April 2025. In Firefox exploit testing, Mythos produced 181 working exploits and achieved register control on 29 more, against just two for Opus 4.6 across several hundred attempts. It crashed 595 OSS-Fuzz tier 1-2 targets and achieved full control-flow hijack on ten fully patched programs. Expert reviewers agreed with its severity scoring on 89% of 198 manually reviewed reports. Kemba Walden cites an 83% first-attempt exploit-creation rate.

This is what Alex Stamos is racing against when he tells Platformer that defenders have 'something like six months before the open-weight models catch up to the foundation models in bug finding.' Project Glasswing's coalition — AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, Linux Foundation, Microsoft, Nvidia, Palo Alto Networks — is structured around that window: get critical-infrastructure software hardened before commodity models reach equivalent capability. Anthropic's $100M Mythos credit pool plus $4M in donations to OpenSSF, Alpha-Omega, and the Apache Software Foundation underwrite that timeline.

The skeptics push back hard. Reddit's r/Anthropic top thread argues Mythos is 'mostly hype' — pointing out that the thousands-of-zero-day claim rests on 198 manually reviewed cases, and that bugs identified included reproductions of issues open-weight models had already found. Tom's Hardware called it 'a sales pitch.' Both can be true: the capability number can be real and the marketing framing can be inflated. What matters operationally is the proliferation curve. If Stamos's six-month estimate is right, the policy fight over Mythos access will look quaint by November 2026 because adversaries will have rough equivalents on hardware they already control.

The scale of the Anthropic-government collision is best read in the figures themselves. On capability: Mythos scores 73% on expert cyber tasks per UK AISI — a domain where no model could complete tasks before April 2025. It produced 181 working Firefox exploits versus Opus 4.6's two. Severity-scoring agreement with expert reviewers ran 89% across 198 reports, and 98% within one severity level. Kemba Walden's 83% first-attempt exploit success rate sits on top of all that.

On money and access: Anthropic committed up to $100M in Mythos usage credits to Glasswing partners, plus $4M in open-source security donations ($2.5M to Alpha-Omega/OpenSSF via the Linux Foundation, $1.5M to the Apache Software Foundation). Mythos access today reaches roughly 50 organizations; Anthropic asked the White House to expand to 120 and was blocked. The Pentagon contract Anthropic lost was worth $200M (signed July 2025). The May 1, 2026 classified-network deals went to seven competitors.

On market impact: Black Duck has cut headcount 8% since end-2024, Snyk 9%, Veracode 19% — compression that Claude Security's bundled pricing inside Claude Code on the Web is expected to accelerate. The pattern across all three rows is the same: capability and market disruption are scaling faster than the procurement and policy systems built to govern them.