The Pentagon’s Anthropic blacklist has a missing replacement

The agency that blacklisted Anthropic's Mythos model is not the agency that stopped using it. The National Security Agency has been quietly running the same cyber model the Pentagon labeled a supply-chain risk, testing it to find flaws in Microsoft products. The White House is now drafting guidance that could formalize what is already happening informally: a workaround for the same designation the Pentagon spent months defending.

The three-way fracture is the story. The Pentagon banned Anthropic in March after the company refused to grant unrestricted access to its Claude models for fully autonomous weapons and mass domestic surveillance. The NSA kept Mythos in production. And the White House is drafting guidance that could let federal agencies bypass the supply-chain-risk flag and use Mythos and future Anthropic models directly. None of those three positions is consistent with the others, and none has been resolved.

The fresh evidence is in the May 1 vendor announcement. The Pentagon named seven AI companies it had signed to deploy systems inside classified networks: SpaceX, OpenAI, Google, NVIDIA, Reflection AI, Microsoft, and AWS. The department did not name a replacement for what Mythos can do. None of the seven companies has publicly demonstrated the automated vulnerability-finding capability that made Anthropic hard to discard, according to a review of the vendor announcement and public records by type0.

That absence is the operational reason the fracture exists. If any newly signed vendor had shown it could autonomously find and exploit zero-day vulnerabilities the way Mythos reportedly does, the NSA would have less reason to keep running a blacklisted model. The NSA is still running it. The vendor bench is public. The replacement capability is not.

Mythos is Anthropic's dedicated cyber model for finding software vulnerabilities, including zero-day flaws, which are security holes unknown to the software maker. Representatives George Whitesides and Chrissy Houlahan wrote in an April 22 letter that Mythos had autonomously found and exploited previously unknown flaws across every major operating system and web browser, and had uncovered hidden Linux vulnerabilities affecting Defense Department systems. The Whitesides-Houlahan letter is now 10 days old. The fresh fact is what did not appear in the May 1 announcement: a public answer to the question it raises.

Pentagon chief technology officer Emil Michael drew a distinction in a CNBC interview. He said the NSA's use of Mythos was evaluation, not operations. Bloomberg had reported that NSA officials were impressed by the model's speed and efficiency in searching for potential security flaws and were using it to find flaws in Microsoft products. Michael's distinction may matter legally. Operationally, it is a tell.

The White House is treating the blacklist as less absolute than it looks. Officials were drafting guidance that could let federal agencies bypass Anthropic's supply-chain-risk flag and use Mythos and future models. That is the escape hatch. The capability gap is the reason the hatch exists.

Reflection AI, one of the seven named suppliers, has no public model. The other vendors bring frontier models, cloud infrastructure, chips, and classified-network plumbing. Those are useful pieces of a defense AI stack. They are not public evidence of Mythos-level cyber performance.

Retired Gen. Paul Nakasone, former head of the NSA and U.S. Cyber Command, put the contradiction plainly in a Nextgov interview. He did not think Anthropic was a supply-chain risk and felt uncomfortable that part of the nation's capability was not being used by its own government.

The May 1 deals are not nothing. The Defense Department's official AI platform, GenAI.mil, has reached more than 1.3 million users in five months, generating tens of millions of prompts and deploying hundreds of thousands of agents. The Pentagon is proving it can buy and deploy AI faster than before. But adoption and substitution are different things. A large user base does not prove that any newly signed vendor can autonomously find and exploit the same class of vulnerabilities Mythos reportedly found.

The next test is narrow and measurable. One of the newly signed vendors either shows public evidence of Mythos-level vulnerability research, or the government finishes writing a workaround for the company it just tried to freeze out. The blacklist was the headline. The missing replacement is the problem.