The White House is preparing to give US federal agencies access to Anthropic’s Claude Mythos Preview, Reuters reported on April 16, citing Bloomberg News. The decision would expand deployment of the unreleased cybersecurity AI model from Anthropic’s controlled Project Glasswing program into government security infrastructure.
NCT previously covered Mythos when Bloomberg published an investigation into Anthropic’s internal safety warnings and German regulators began formal examination of the model’s risks. The White House decision represents a significant escalation: from regulatory scrutiny to active government deployment.
What Mythos Does
Claude Mythos Preview is not a general-purpose AI release. It is Anthropic’s most capable model, deliberately withheld from public access because of its cybersecurity capabilities. Anthropic says the model has identified thousands of zero-day vulnerabilities across every major operating system and web browser. In one case cited by Anthropic’s security team, the model found a method to breach a web browser in a way that would let a malicious website read data from another site, including banking information, according to The Next Web.
The UK’s AI Security Institute evaluated Mythos and described it as the first model to complete a full cyber-range attack end-to-end, per The Next Web. Testing also uncovered a 27-year-old vulnerability in OpenBSD.
Anthropic’s own system card for the newer Claude Opus 4.7, released this week, acknowledges that Mythos received higher scores “on every relevant evaluation” compared to Opus 4.7, according to The Verge.
Project Glasswing and the Controlled Rollout
Mythos Preview has been available only through Project Glasswing, a controlled program giving approximately 40 to 50 organizations early access along with $100 million in model usage credits for defensive cybersecurity tasks. Named partners include AWS, Apple, Google, Microsoft, Nvidia, Cisco, JPMorgan Chase, the Linux Foundation, CrowdStrike, and Palo Alto Networks, according to The Verge and The Next Web.
The White House decision would move Mythos beyond this closed corporate program into the federal government’s operational security apparatus.
Regulators Are Convening Globally
The regulatory response to Mythos has been swift and international. The Next Web reported that the Bank of England’s Cross Market Operational Resilience Group (CMORG) will convene within days to brief UK banks, insurers, and financial exchanges on Mythos. CMORG members include CEOs of the UK’s eight largest banks, four financial infrastructure providers, and representatives from HM Treasury, the FCA, and the National Cyber Security Centre.
In the US, Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell convened heads of systemically important banks last week to discuss Mythos, including Jane Fraser of Citigroup, Brian Moynihan of Bank of America, Ted Pick of Morgan Stanley, Charlie Scharf of Wells Fargo, and David Solomon of Goldman Sachs, per The Next Web citing Bloomberg and CNBC confirmation. Powell’s attendance was described as significant: the Fed chair typically maintains separation from Treasury, and his presence signaled the issue was being treated as a systemic financial stability concern.
The Bank of Canada held a separate meeting with Canadian banks on the same topic.
From Regulatory Scrutiny to Government Deployment
The trajectory in less than two weeks: Anthropic announced Mythos and Project Glasswing on April 7. By mid-April, Bloomberg had published an investigation into Anthropic’s internal safety warnings. German regulators began formal examination. The US Treasury, Federal Reserve, Bank of England, and Bank of Canada convened emergency sessions with major banks. And now, per Reuters, the White House is preparing to give US agencies direct access.
The speed of that escalation reflects a dual reality about Mythos. Regulators treat it as a systemic risk to financial infrastructure because of what it can find and exploit. The US government, simultaneously, appears to want it deployed defensively because of the same capabilities. Whether those two postures can coexist will define how frontier cybersecurity AI models get governed going forward.