When Washington ordered Anthropic to shut off access to its most advanced AI model, it did not shut off everyone. Some of the organisations Anthropic had chosen early to test Mythos have kept their access to a preview of the system, even as other versions went dark under a US export directive, according to a Bloomberg report.
The mechanics matter here. Anthropic had limited what it calls Mythos Preview to roughly 200 organisations, including the US government, under its Glasswing programme, after the model demonstrated an unusual capability: it identified thousands of software vulnerabilities.
A less powerful version of Mythos was released more widely, then disabled when Commerce ordered Anthropic to suspend access for all foreign nationals on national-security grounds. The preview, for some, survived the cut.
Two named firms confirmed they retained access. Dragos, the industrial-cybersecurity company that Accenture is now acquiring a majority stake in, and Cisco Systems both told Bloomberg they still had Mythos Preview.
That detail is telling: the organisations keeping access are precisely the ones using the model for defensive security work, the use case Anthropic has put at the centre of its argument for why frontier AI in vetted hands is a public good rather than a hazard.
The contrast with Europe is sharp. The European cybersecurity agency ENISA, which had been invited to join Glasswing before Washington’s block, was told on Friday it would no longer be given access. That reverses the arrangement that was the subject of a meeting only days earlier, and it answers, bluntly, the question that meeting had left open: whether a European agency could be squared with a US export order. The answer, for now, is no.
What the episode exposes is how much discretion sits with Anthropic in the gap the directive leaves. The export order targets foreign nationals, but it does not appear to dictate, organisation by organisation, who among existing Glasswing members keeps a preview running.
It was not immediately clear how Anthropic was determining individual access, which means a company is, in effect, making case-by-case calls about who can use one of the most capable security models in existence.
That is an uncomfortable position for any vendor, and a revealing one. Anthropic has spent the year warning about the risks of advanced AI while arguing that models like Mythos should be available to defenders. The directive forced it to choose, and the pattern of who kept access, US security firms in, a European agency out, traces the contour of the export rule rather than any judgement about merit.
The model at the heart of it is genuinely powerful, which is the whole problem. A system that can find thousands of vulnerabilities is as useful to an attacker as to a defender, and that dual-use quality is exactly why Commerce moved to restrict it. The same capability that makes Dragos and Cisco want continued access is the one that makes Washington nervous about who else might get it.
The split-screen outcome also sharpens a question about who governs access to dual-use AI. When a single company decides, in the space left by a government order, which security teams keep a frontier model and which lose it, the practical power over a national-security-relevant tool sits with a private vendor rather than a public authority.
That is a lot of discretion to vest in one firm, and the inconsistency between the US firms retained and the European agency dropped makes the discretion visible in a way that invites scrutiny.
Anthropic has not detailed its access criteria, and the situation remains in flux as the company navigates between its government’s directive and its own customers. What is clear is that the shutdown was not total, that the survivors are concentrated among US defensive-security users, and that the first European to be let in has now been the first to be shown out.
Get the TNW newsletter #
Get the most important tech news in your inbox each week.