Pentagon uses Anthropic's Mythos

The Pentagon said on May 12 that it is deploying Anthropic’s Mythos cybersecurity model to identify and patch software vulnerabilities across U.S. government systems, even as the Defense Department moves to cut broader ties with the company. Reuters reported the arrangement after remarks from Emil Michael, the department’s top technology official, who said the government was using the model for defensive cyber work while continuing a transition away from Anthropic. (sahmcapital.com) Anthropic’s model was announced on April 7 as part of Project Glasswing, a controlled access program for defensive security work. (cnbc.com) Anthropic has described Mythos as capable of finding and exploiting zero-day vulnerabilities in major operating systems and browsers. (anthropic.com) ### Why is the Pentagon using Anthropic’s model if it is moving away from the company? Emil Michael said on May 12 that the Defense Department was deploying Mythos because of its cybersecurity utility, even while the department was completing a transition away from Anthropic. Reuters reported that the Pentagon had declared Anthropic a supply-chain risk after the two sides failed to agree on how the company’s models could be used by the agency. CNBC reported on May 1 that Michael said Anthropic was still considered a supply-chain risk, but described Mythos as a separate issue because of the need to harden government networks. (sahmcapital.com) Defense One separately reported that Michael said the Pentagon would “never again” rely on a single AI provider, linking the Anthropic dispute to a broader push for more flexible contracts and multiple vendors. ### What exactly is Mythos, and what has Anthropic claimed it can do? Anthropic announced Project Glasswing on April 7 and said Mythos Preview would be used by launch partners including Amazon Web Services, Apple, Cisco, CrowdStrike, Google, Microsoft, NVIDIA and Palo Alto Networks for defensive security work. (sahmcapital.com) The company said it had also extended access to more than 40 additional organizations that build or maintain critical software infrastructure. Anthropic’s technical write-up said Mythos Preview had found thousands of high-severity vulnerabilities and was capable, in testing, of identifying and exploiting zero-day vulnerabilities in every major operating system and every major web browser. Anthropic said more than 99% of the vulnerabilities it found had not yet been patched, which is why it withheld most technical details. (cnbc.com) ### Is the government deploying Mythos broadly or in a controlled way? Reuters reported that Mythos is being used under Project Glasswing, which it described as a controlled initiative allowing select organizations to use the unreleased Claude Mythos Preview model for defensive cybersecurity purposes. That framing matters because the Pentagon’s use, as described publicly, is tied to vulnerability discovery and remediation rather than general-purpose model access. (anthropic.com) The distinction has also shown up in public comments from Pentagon officials. CNBC reported that Michael separated Mythos from the broader Anthropic dispute, while other reports in early May described government use as evaluation or defensive deployment tied specifically to cyber tasks. (red.anthropic.com) ### What does this episode show about AI procurement inside government? The Defense Department’s own posture shows the split. On one track, Reuters reported, the Pentagon is phasing out Anthropic after a dispute over acceptable use and supply-chain risk. On another, the same department is using Anthropic’s cyber model because officials see immediate defensive value in hardening networks. (newsbreak.com) Defense One reported on May 8 that the Pentagon’s new AI agreements with other companies were intended as a counterweight to dependence on any one provider. Anthropic, meanwhile, remains outside that broader procurement set even as its specialized model is being used for cyber defense. (cnbc.com) ### What happens next, and where will readers see the next concrete signal? Project Glasswing is the next place to watch. Anthropic said the program includes launch partners and more than 40 additional organizations using Mythos Preview for defensive security work, with Anthropic committing up to $100 million in usage credits and $4 million in direct donations to open-source security groups. (money.usnews.com) Future Pentagon disclosures, contract actions or court filings tied to Anthropic’s challenge to its blacklisting are likely to provide the next concrete update on whether Mythos remains a narrow exception or becomes a longer-running federal cyber tool. (anthropic.com) (defenseone.com)