White House officials are working on plans to give major federal agencies access to a modified version of Anthropic’s new Mythos artificial intelligence model, a move that underlines how quickly Washington is shifting from alarm over frontier AI risks to selective government adoption of the same tools for cyber defence. Reuters, citing Bloomberg, reported on April 16 that the Office of Management and Budget has been preparing safeguards before any wider agency use begins.
Mythos was announced on April 7 as part of Anthropic’s Project Glasswing, a controlled programme designed to let a limited set of organisations use the model for defensive cybersecurity work rather than broad public deployment. Anthropic has described the system as unusually strong at coding, autonomy and computer security tasks, while also warning that those same capabilities could be misused to identify and exploit software weaknesses at scale.
That combination of promise and danger explains why the administration’s deliberations carry unusual weight. According to Reuters’ account of the Bloomberg report, federal chief information officer Gregory Barbaccia told Cabinet departments in an email that OMB was setting up protections before a modified version of the model could potentially be released to agencies. The report also made clear that no firm timeline had been announced and that the intended uses across government had not yet been fully defined.
Anthropic’s own technical disclosures help explain why the model has triggered such concern inside policy and security circles. In a detailed assessment published on April 7, the company said Mythos Preview had shown an ability to identify and exploit zero-day vulnerabilities across major operating systems and web browsers, and in some cases chain multiple flaws together autonomously. Anthropic said more than 99% of the vulnerabilities it found had not yet been patched, which is one reason the company decided against a general release and instead limited access through Project Glasswing.
For cyber defenders, that capability offers a tempting advantage. Federal networks and the software supply chains that support them remain constant targets for criminal groups and state-backed actors. A model that can scan code, spot subtle flaws and help engineers patch them faster could strengthen the government’s defensive posture at a time when Washington has been pressing for more resilient digital infrastructure. The White House’s broader AI policy has also stressed adoption that advances national security while insisting that federal procurement be accompanied by safeguards and technical review.
Yet the political and legal context around Anthropic makes the story more complicated than a straightforward procurement decision. Reuters reported on April 13 that Anthropic had continued discussing Mythos with the Trump administration even after the Pentagon cut off business with the company following a contract dispute. According to that report, the Defense Department labelled Anthropic a supply-chain risk and barred its use by the Pentagon and contractors, while Anthropic co-founder Jack Clark said the dispute should not prevent the government from understanding the technology’s implications for national security.
That tension was partly eased, at least in civilian channels, by a separate legal and administrative development. The General Services Administration said on April 3 that it was restoring Anthropic technology to the status quo that existed before February 27, after a preliminary injunction paused implementation of a presidential directive to stop using the company’s technology. GSA said Anthropic products would again be allowed in system integrations, in GSA Chat and through its Multiple Award Schedule.
The result is a fragmented picture across Washington: one part of government reopening channels, another maintaining restrictions, and the White House exploring a guarded pathway for selected agency access. That patchwork reflects a wider debate playing out far beyond Anthropic. Governments want the strategic advantages of advanced AI for defence, cyber resilience and productivity, but they are also confronting the possibility that the same models compress the time and expertise needed to launch damaging attacks. Reuters reported last week that U. S. officials had separately raised concerns with major banks about the cybersecurity implications of Mythos, highlighting how the issue extends from federal systems into critical private-sector infrastructure.
Mythos was announced on April 7 as part of Anthropic’s Project Glasswing, a controlled programme designed to let a limited set of organisations use the model for defensive cybersecurity work rather than broad public deployment. Anthropic has described the system as unusually strong at coding, autonomy and computer security tasks, while also warning that those same capabilities could be misused to identify and exploit software weaknesses at scale.
That combination of promise and danger explains why the administration’s deliberations carry unusual weight. According to Reuters’ account of the Bloomberg report, federal chief information officer Gregory Barbaccia told Cabinet departments in an email that OMB was setting up protections before a modified version of the model could potentially be released to agencies. The report also made clear that no firm timeline had been announced and that the intended uses across government had not yet been fully defined.
Anthropic’s own technical disclosures help explain why the model has triggered such concern inside policy and security circles. In a detailed assessment published on April 7, the company said Mythos Preview had shown an ability to identify and exploit zero-day vulnerabilities across major operating systems and web browsers, and in some cases chain multiple flaws together autonomously. Anthropic said more than 99% of the vulnerabilities it found had not yet been patched, which is one reason the company decided against a general release and instead limited access through Project Glasswing.
For cyber defenders, that capability offers a tempting advantage. Federal networks and the software supply chains that support them remain constant targets for criminal groups and state-backed actors. A model that can scan code, spot subtle flaws and help engineers patch them faster could strengthen the government’s defensive posture at a time when Washington has been pressing for more resilient digital infrastructure. The White House’s broader AI policy has also stressed adoption that advances national security while insisting that federal procurement be accompanied by safeguards and technical review.
Yet the political and legal context around Anthropic makes the story more complicated than a straightforward procurement decision. Reuters reported on April 13 that Anthropic had continued discussing Mythos with the Trump administration even after the Pentagon cut off business with the company following a contract dispute. According to that report, the Defense Department labelled Anthropic a supply-chain risk and barred its use by the Pentagon and contractors, while Anthropic co-founder Jack Clark said the dispute should not prevent the government from understanding the technology’s implications for national security.
That tension was partly eased, at least in civilian channels, by a separate legal and administrative development. The General Services Administration said on April 3 that it was restoring Anthropic technology to the status quo that existed before February 27, after a preliminary injunction paused implementation of a presidential directive to stop using the company’s technology. GSA said Anthropic products would again be allowed in system integrations, in GSA Chat and through its Multiple Award Schedule.
The result is a fragmented picture across Washington: one part of government reopening channels, another maintaining restrictions, and the White House exploring a guarded pathway for selected agency access. That patchwork reflects a wider debate playing out far beyond Anthropic. Governments want the strategic advantages of advanced AI for defence, cyber resilience and productivity, but they are also confronting the possibility that the same models compress the time and expertise needed to launch damaging attacks. Reuters reported last week that U. S. officials had separately raised concerns with major banks about the cybersecurity implications of Mythos, highlighting how the issue extends from federal systems into critical private-sector infrastructure.
Topics
Technology