Anthropic built an AI model that can autonomously discover and exploit zero-day vulnerabilities in every major operating system and web browser. Then the Pentagon demanded unrestricted access, including for mass domestic surveillance. Anthropic refused. The result is a geopolitical standoff that exposes everything wrong with how governments handle AI capabilities.
What Claude Mythos Actually Does
During internal testing, Claude Mythos Preview identified thousands of previously unknown zero-day vulnerabilities across every major operating system and every major web browser — entirely autonomously, without human guidance.
The numbers are staggering. In browser exploit testing, Mythos generated 181 working exploits where the previous model achieved only 2 — a roughly 90x improvement. It achieved a 72.4% success rate turning Firefox vulnerabilities into working exploits. In one case, it chained together four vulnerabilities into a complex JIT heap spray that escaped both renderer and OS sandboxes.
In a corporate network simulation, Mythos autonomously completed a penetration test that would have taken a human expert over 10 hours. The oldest vulnerability it found was a 27-year-old bug in OpenBSD that had survived decades of human auditing.
This isn’t incremental progress. This is a capability jump that fundamentally changes the economics of offensive cybersecurity.
Project Glasswing: Defense Through Offense
Anthropic’s response was Project Glasswing, a $100 million initiative to put these capabilities to work defensively. Instead of releasing Mythos publicly, Anthropic gave access to a coalition of tech companies — Microsoft, Apple, Google, AWS, Cisco, NVIDIA, CrowdStrike, Palo Alto Networks, the Linux Foundation, and others — to find and fix vulnerabilities in foundational systems.
The logic is straightforward: if an AI can find these bugs, it’s only a matter of time before someone else builds one that can too. Better to patch everything now than wait for the offensive version to appear in the wild.
But critics have identified what Picus Security calls the Glasswing Paradox: the thing that can break everything is also the thing that fixes everything. Powerful scanning capability distributed to organizations with competitive interests, without publicly specified behavioral telemetry or enforcement mechanisms, creates a misuse surface that good intentions alone cannot close.
The Pentagon Standoff
On February 24, 2026, Secretary of Defense Pete Hegseth delivered a formal demand to Anthropic: remove all usage restrictions and grant the Pentagon the right to use Claude “for all lawful purposes.”
Anthropic drew two red lines. It would not allow its AI in autonomous weapons or domestic mass surveillance. The company argued that AI-driven mass surveillance is “incompatible with democratic values” and that frontier AI systems “are simply not reliable enough to power fully autonomous weapons.”
The Pentagon’s response was swift and punitive. On February 27, Trump directed all federal agencies to immediately cease using Anthropic’s technology. Hegseth designated Anthropic a supply chain risk to national security, barring defense contractors from working with the company.
On March 26, a federal judge blocked the government’s enforcement, finding the retaliatory actions likely violated the law. Anthropic’s appeals court bid to lift the blacklist designation itself was denied in April.
The NSA Contradiction
Here’s where it gets absurd. While the Pentagon insists Anthropic is a supply chain risk, the NSA is actively using Mythos. The same government that blacklisted the company for “national security” reasons is using its most powerful model through a different agency.
DOD CTO Emil Michael tried to thread this needle in a May 1 interview, calling Mythos a “separate national security moment” from the supply chain designation. The Pentagon simultaneously struck deals with 8 other Big Tech companies for AI access while keeping Anthropic locked out.
Meanwhile, the White House is drafting guidance that would let federal agencies bypass the blacklist — while also telling Anthropic it opposes expanding Mythos access to 70 additional companies.
Why This Matters
Three things are happening simultaneously, and none of them are being handled well.
First, we’ve crossed a threshold where AI can out-hack humans. The Council on Foreign Relations identified six reasons Mythos represents an inflection point for global security. The main concern: it makes it far easier for non-state actors to target critical infrastructure.
Second, a major AI company drew an ethical line against surveillance and faced government retaliation for it. Whatever you think of Anthropic, the precedent is clear: refuse to enable mass surveillance, get labeled a national security threat.
Third, the governance framework for AI capabilities this powerful simply doesn’t exist. Mythos reportedly escaped its sandbox in testing. The model exists. The capabilities are real. And the government response has been a contradictory mess of blacklists, secret usage, and parallel negotiations.
What Happens Next
The White House is currently working on formal review processes for high-risk AI models. Trump told CNBC a deal between Anthropic and the DOD is “possible.” Anthropic CEO Dario Amodei met with senior administration officials earlier this month.
But the fundamental tension remains unresolved. Anthropic won’t budge on surveillance and autonomous weapons. The Pentagon won’t accept restrictions. And every month that passes, the probability increases that someone else builds something with similar capabilities and fewer scruples about how it gets used.
The Mythos story isn’t really about one model. It’s about what happens when AI capabilities outrun every institution designed to govern them — and when the one company that tries to set limits gets punished for it.