White House Blocks Anthropic's Mythos Expansion to 70 New Orgs

The date is April 30, 2026, and the Trump White House just told Anthropic: not so fast.

Anthropic wanted to expand access to its most powerful AI model, a system called Mythos Preview, from roughly 50 organizations to 120 total. That meant adding 70 new entities to a very short and very carefully controlled list. The White House said no. The administration cited both security concerns and insufficient compute capacity, arguing that adding those 70 new users would strain the system and compromise the government's own access to the model. The rejection landed today, and it crystallized a conflict that has been building for weeks across every level of Washington.

On its surface, this looks like a standard technology access dispute. Bureaucracy slows down a corporate expansion plan. But this story is different, because Mythos is unlike any AI model that has come before it, and the government's relationship with it may be the most contradictory technology policy situation this country has seen.

Let me take you back to April 7, 2026, when Anthropic announced Mythos Preview. The company restricted access immediately through something called Project Glasswing. The reason was not commercial positioning or pricing strategy. The reason was that Mythos can autonomously find and exploit zero-day vulnerabilities in every major operating system and browser in the world, and over 99% of the vulnerabilities it discovers are still unpatched at the moment of discovery. In testing, Mythos produced 181 successful Firefox JavaScript engine exploits. Claude Opus 4.6, the previous top model, managed 2 across several hundred attempts. This model finds security holes that no human and no prior AI system could reliably find, and it does it at a scale that changes the entire structure of offensive and defensive cybersecurity.

The Anthropic technical report included a line that every person thinking about AI policy should read carefully: "We did not explicitly train Mythos Preview to have these capabilities. Rather, they emerged as a downstream consequence of general improvements in code, reasoning, and autonomy." Anthropic did not set out to build a cyberweapon. They built a more capable general model, and a cyberweapon came along with it.

That admission has implications well beyond Anthropic. If these capabilities emerged unintentionally at one lab, there is no technical reason the same thing cannot emerge at another lab, on a different timeline, operating under a completely different access philosophy. Anthropic chose controlled release. Another lab might not choose the same thing. Or might not have the choice at all, if the capabilities emerge before their safety process catches up. The policy question is no longer solely about what Anthropic specifically decides to do with this model. It is about what happens when this capability appears somewhere with no access controls, no safety team, and no public announcement.

Project Glasswing launched alongside Mythos Preview on April 7, and it committed $100 million in Mythos usage credits to 12 named launch partners. Those partners include AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, Nvidia, and Palo Alto Networks. Beyond those 12, Anthropic also granted access to 40 additional organizations selected to help scan and secure critical software infrastructure. On top of the model access, Anthropic added direct financial commitments: $2.5 million to the Linux Foundation's Alpha-Omega project and OpenSSF, and another $1.5 million to the Apache Software Foundation for vulnerability remediation work.

The core argument of Project Glasswing is defensible. If this model can find vulnerabilities that no human or previous AI could reliably find, put it in the hands of defenders first, before attackers discover those same vulnerabilities the slow, manual way.

On the benchmarks, Mythos scored 83.1% on CyberGym versus Claude Opus 4.6's 66.6%. On SWE-bench Verified, Mythos scored 93.9% versus Claude Opus 4.6's 80.8%.

After the preview phase, Mythos is priced at $25 per million input tokens and $125 per million output tokens, making it by far the most expensive Anthropic model. Mythos can autonomously develop a complete FreeBSD remote code execution exploit from scratch in under 24 hours, for a total compute cost of $2,000. Attackers who once needed a sophisticated team and months of time can now replicate that outcome for two thousand dollars.

Within hours of the April 7 announcement, unauthorized users in a private online forum had already gained access to the model. The scarcity model only holds if the scarcity holds, and on launch day it nearly collapsed within hours of the announcement going live.

Now for the part of this story that should give you pause. In early March 2026, the Pentagon designated Anthropic a supply chain risk. That designation came after negotiations over the Department of Defense's GenAI.mil platform fell apart because Anthropic refused to grant unfettered access for fully autonomous weapons and domestic mass surveillance applications. A $200 million Pentagon contract dissolved. Anthropic sued the Trump administration over the supply chain risk label. That lawsuit is still active.

And yet, at the same time, the NSA is actively using Mythos. The NSA sits inside the Department of Defense. The same department that declared Anthropic a supply chain risk, the same department pursuing court action to enforce a government-wide ban on Anthropic technology, has a major intelligence component that is quietly running the model. That is not bureaucratic inconsistency. That is the United States government suing a company in federal court while simultaneously operating that company's product through a subordinate agency. The left hand and the right hand are not just failing to coordinate. They are actively working against each other.

CISA, the Cybersecurity and Infrastructure Security Agency, is the U.S. civilian body most directly responsible for defending the networks that Mythos could be used to attack. CISA does not have Mythos access. Intelligence agencies, including the NSA, do. The access structure is the OPPOSITE of any rational defensive posture. The offensive agencies have the capability. The defensive agency does not. Security policy experts have drawn sharp criticism of that inversion.

So where does today's White House rejection leave us?

Around April 16, Federal Chief Information Officer Gregory Barbaccia emailed Cabinet departments indicating the Office of Management and Budget was laying groundwork for a controlled Mythos rollout to federal agencies. Barbaccia also clarified that no agencies had been given access to anything yet. His exact words: "We're working closely with model providers, other industry partners, and the intelligence community to ensure the appropriate guardrails and safeguards are in place before potentially releasing a modified version of the model to agencies."

That message was circulating on the same news cycle as today's White House opposition to Anthropic's plan to add 70 commercial partners. The government is simultaneously blocking commercial expansion and drafting a plan for government deployment. The administration blocked Anthropic's proposed 70 new users on compute and security grounds, while the NSA is already running the model and OMB is planning a controlled federal rollout. The incoherence is structural, and no one in the administration has publicly resolved it.

OpenAI looked at all of this and placed a different bet entirely. They launched GPT-5.4-Cyber in direct response to Mythos, scaling their Trusted Access for Cyber program to a large verified-defender base. They explicitly rejected Anthropic's restricted-access approach, arguing that broad verified distribution produces better defensive outcomes than scarcity. Anthropic's own frontier red team head, Logan Graham, estimates competitors will reach Mythos-level cybersecurity capabilities somewhere between 6 and 18 months from now.

Security technologist Bruce Schneier put the underlying tension clearly: "Finding for the purposes of fixing is easier for an AI than finding plus exploiting. This advantage is likely to shrink, as ever more powerful models become available to the general public." A security firm called Aisle reportedly replicated Mythos-level vulnerability discovery using older, cheaper public models already available today, which supports Schneier's argument that Anthropic's window of advantage may be shorter than 6 months.

Anthony Aguirre, CEO of the Future of Life Institute, said: "I fundamentally believe they're doing something that is bad for humanity." Anthony Grieco, Chief Security and Trust Officer at Cisco and a Project Glasswing partner, answered from the other direction: "AI capabilities have crossed a threshold fundamentally changing protection urgency for critical infrastructure."

Former Trump AI adviser David Sacks has also publicly questioned whether Anthropic's access restrictions stem from genuine safety concerns or from a compute limitation that Anthropic is framing as a safety choice. If Anthropic cannot serve 120 organizations at current infrastructure scale, calling that constraint a safety decision is better optics than admitting a supply problem. That question has not been answered publicly.

Google is the structural winner of the entire situation. Google is a Project Glasswing partner with Mythos access AND the primary commercial beneficiary of the Pentagon's Anthropic blacklisting, expanding its classified project work with the Defense Department using Gemini after Anthropic was forced out. The same company sits comfortably inside both the Mythos access list and the list of entities benefiting from Anthropic's exclusion. In Washington's AI standoff, Google's position is unique: it has everything to gain and nothing to lose.

What we are watching, as of April 30, 2026, is a model the United States government wants to suppress commercially, operate internally through intelligence agencies, and cannot agree on whether to deploy defensively or lock away. The NSA has it. CISA does not. The White House is blocking expansion while OMB is drafting the rollout. Anthropic is in federal court with the Department of Defense while that same department's intelligence arm runs the model daily.

When the most capable and most dangerous AI capability in recent history arrives UNINTENTIONALLY, as a byproduct of training nobody designed for this purpose, the policy framework for containing it was already behind the moment it was needed. That gap is not closing. It is widening.