Anthropic's Mythos tool has found thousands of major vulnerabilities across production software — operating systems, web browsers, and more. Fewer than 1 percent have been fully patched by their maintainers. And now three parts of the U.S. executive branch want access to that capability anyway.
The policy incoherence is the context, not the lede. Here it is: the Pentagon blacklisted Anthropic in March, citing ethics objections to providing a model capable of finding and exploiting software vulnerabilities to defense agencies. Treasury and State have since requested briefings on and access to Mythos, according to Reuters. Gregory Barbaccia, the federal chief information officer at the OMB, emailed Cabinet department officials Tuesday telling them the agency was "setting up protections" to allow agencies to begin using the model — while the original blacklist remains in force.
Anthropic CEO Dario Amodei is scheduled to meet White House chief of staff Susie Wiles on Friday, according to Reuters — a direct, CEO-level escalation that suggests the bureaucratic fight has reached a decision point. If Wiles and Amodei reach an agreement, it would effectively supersede the Pentagon's blacklist — which raises the question of who actually sets AI procurement policy in the executive branch, and whether the answer is "whoever moves fastest."
The immediate cause of the fracture is Mythos. In Anthropic's Mythos Preview technical blog post, the model achieved full control flow hijack on ten separate, fully patched targets — and 595 crashes at tiers 1 and 2 of Anthropic's exploit difficulty scale. By comparison, Anthropic's Opus 4.6 model achieved near zero percent on comparable exploit development benchmarks. "We did not explicitly train Mythos Preview to have these capabilities," Anthropic wrote. "Rather, they emerged as a downstream consequence of general improvements in code, reasoning, and autonomy."
The sub-1 percent patch rate is the number that makes this urgent. Thousands of vulnerabilities that Mythos can almost certainly exploit likely remain unfixed across production systems worldwide — with no way to know whether any have already been discovered and weaponized by other parties. Responsible disclosure timelines typically run 90 to 120 days; Anthropic's own data suggests the ecosystem is not keeping pace.
Independent security researchers who reviewed Anthropic's claims offered a more mixed picture. Heidy Khlaaf, a security researcher who has studied AI exploitation tools, noted that the false positive rate for Mythos's vulnerability claims remains unclear, and that human verification is still required to confirm any given exploit actually works. Gary Marcus, the AI researcher and longtime skeptic of frontier model capability claims, wrote that Mythos is "nowhere near as scary as it first appeared." Tal Kollender, a cybersecurity practitioner, called the episode "corporate theater" — a public relations move designed to generate regulatory leverage rather than a genuine capability demonstration, according to Mashable. The AI Safety Institute in the UK provided independent verification that the capability leap Anthropic described is real.
The OMB's move to pre-position agency access to a blacklisted model is unusual. Federal agencies typically wait for legal and policy clearances before moving on models with this level of national security implications. Doing it in parallel with an ongoing interagency dispute suggests some parts of the government consider the threat landscape urgent enough to not wait.
What happens after Friday's meeting is the thing to watch.
Anthropic did not respond to a request for comment.
