The Pentagon’s AI blacklist now has an escape hatch

The Pentagon's AI blacklist now has an escape hatch: call the forbidden model a national-security emergency.

Defense Department Chief Technology Officer Emil Michael gave that escape hatch a name Friday, telling CNBC that Anthropic, the AI company behind Claude, remains a supply-chain risk while Mythos, Anthropic's cyber model for finding and fixing software vulnerabilities, is "a separate national security moment." The market may price AI companies by revenue and benchmarks. The Pentagon is pricing them by whether their tools are too dangerous to clear and too useful to ignore.

"They're a supply chain risk," Michael said of Anthropic on CNBC's Squawk Box. Mythos, he said, requires hardening across the government because the model has capabilities "particular to finding cyber vulnerabilities and patching them."

That distinction turns procurement into industrial policy. The National Security Agency is still using Mythos Preview, Axios reported in April, despite Defense Department officials calling the company a supply-chain risk. The Pentagon is now paying rivals to fill the gap while its own technical users are reluctant to give up the tool that caused the fight.

This is bigger than one vendor fight. OpenAI announced its Pentagon deal hours after Defense Secretary Pete Hegseth declared Anthropic a supply-chain risk in late February, CNBC reported. OpenAI CEO Sam Altman later conceded on X that the timing looked opportunistic and sloppy. That is what military clearance does in frontier AI: it does not just decide who gets a contract. It changes who looks institutionally safe enough to become infrastructure.

The cleared-company list became concrete Friday. The Department of Defense said it reached classified-network AI agreements with seven companies: Google, OpenAI, Nvidia, Microsoft, Amazon Web Services, SpaceX, and Reflection. CNBC reported that those agreements are worth up to $200 million each.

The Pentagon is also speeding up the plumbing. Reuters reported that newer AI entrants say the process for getting onto secret and top-secret data levels has fallen from 18 months or longer to under three months since the Anthropic blowup. The same Reuters report said GenAI.mil, the Pentagon's main AI platform, has reached more than 1.3 million Defense Department users after five months.

Speed helps procurement. It does not answer the capability question. The issue is not whether the Pentagon can sign seven vendors. It is whether any of them can replace the specific cyber workflow that made Mythos too useful to ignore and too politically awkward to embrace.

Michael tried to draw that line by calling NSA access evaluation, not deployment. The Register reported that agencies have accessed Mythos for evaluation and analysis rather than operational use. Michael also said NSA and Commerce evaluate all frontier models, including Chinese models, to understand "the capabilities at the edge."

That explanation is plausible as process. It is weaker as strategy. If Mythos is merely another model to test, the blacklist is easy to maintain. If Mythos is better at finding vulnerabilities than the approved alternatives, the Pentagon has bought itself a procurement workaround, not a technical replacement.

Reuters reported that Pentagon staffers, former officials, and IT contractors remain reluctant to give up Anthropic tools, which they view as superior, despite orders to remove them over the next six months. That is the sentence the vendor list does not solve.

What to watch next is not the next deal announcement. It is whether one of the seven approved vendors publicly demonstrates cyber results comparable to Mythos before the Anthropic dispute is resolved. If not, the Pentagon will have spent real money proving it can replace a forbidden supplier on paper while keeping the capability gap open.