Pentagon Deploys Anthropic Mythos AI for Cybersecurity While Planning to Cut Ties

The Pentagon is actively deploying Anthropic's unreleased Claude Mythos model to find and patch software vulnerabilities across U.S. government systems — even as it executes plans to remove Anthropic's other products from its networks. Emil Michael, the Defense Department's chief technology officer, called the situation "a national security moment," according to Reuters.

The deployment is happening under Project Glasswing, a controlled initiative launched April 7 that grants select organizations access to the Claude Mythos Preview model strictly for defensive cybersecurity purposes. Reuters reported that Mythos is capable of detecting decades‑old vulnerabilities in web browsers, infrastructure, and enterprise software — vulnerabilities that have existed for years but only now can be found and patched at scale.

Mythos represents a step‑change in AI cybersecurity capabilities. The UK's AI Security Institute (AISI) conducted evaluations and found that Mythos Preview can autonomously find and exploit zero‑day vulnerabilities — previously undiscovered flaws — in real‑world software. On expert‑level capture‑the‑flag challenges that no model could complete before April 2025, Mythos succeeds 73% of the time.

More strikingly, AISI built a 32‑step corporate network attack simulation called "The Last Ones" — a scenario they estimate would take human professionals roughly 20 hours to complete. Mythos Preview is the first model to solve it from start to finish, succeeding in 3 out of 10 attempts. Across all attempts, it completed an average of 22 out of 32 steps, well ahead of the next‑best model (Claude Opus 4.6, at 16 steps).

The Pentagon's relationship with Anthropic is deeply contradictory. In March 2026, the Defense Department designated Anthropic as a supply‑chain risk after the two sides failed to agree on how Anthropic's models could be used by the agency, CNBC reported. Anthropic sued the Trump administration to overturn the blacklisting.

Now, the Pentagon is deploying Mythos — arguably Anthropic's most powerful model — while simultaneously executing plans to phase out the company's other products. Michael told ¹ that the department still intends to remove Anthropic's tools, but acknowledged Mythos has "specialised capabilities" uniquely useful for finding and patching cyber vulnerabilities.

Michael also said Anthropic's advantage is temporary, predicting that models from OpenAI, xAI, and Google will develop similar capabilities soon. That prediction is already playing out.

On May 12, Forbes reported that OpenAI launched Daybreak, a cybersecurity initiative designed to compete directly with Mythos and Project Glasswing. Daybreak provides customers with access to GPT‑5.5 and specialized cyber‑permissive models for secure code review, vulnerability triage, malware analysis, and penetration testing.

"AI is already good and about to get super good at cybersecurity; we'd like to start working with as many companies as possible now to help them continuously secure themselves," Sam Altman, CEO of OpenAI, wrote on X, according to Forbes.

Industry analysts see this as the start of an AI cybersecurity arms race. "What we're watching in real time is a Cambrian explosion of AI capability applied to vulnerability research," Dev Rishi, GM of AI at Rubrik, ² that "the competitive dynamics between labs are compressing what would have been a five‑year timeline into mere months."

Japan is moving quickly to address the implications of Mythos‑level AI. The Japanese government will draft new cybersecurity guidelines specifically in response to Anthropic's Claude Mythos, Nikkei Asia reported. Software developers will be urged to use powerful AI models to proactively check for vulnerabilities in their systems.

Japanese megabanks are also preparing for Mythos access, and Anthropic may join Japan's national cyber defense alliance, according to the.³ The rise of Mythos has prompted Japan to strengthen cyber defenses specifically for critical infrastructure.

For developers who build security tools, CI/CD pipelines, and infrastructure software, Mythos signals a fundamental shift. AI models can now find vulnerabilities faster than human security researchers — and potentially faster than defenders can patch them. The dual‑use nature of these capabilities means the same model that finds vulnerabilities for defenders can be used by attackers.

AISI recommends organizations focus on cybersecurity basics: regular security updates, strong access controls, security configuration, and thorough logging. Their evaluation noted that Mythos "can exploit systems with weak security posture" and that "it is likely that more models with these capabilities will be developed."

The competitive dynamic is also worth watching. If the Pentagon's prediction holds — that OpenAI, Google, and xAI will match Mythos's capabilities within months — cybersecurity tools will become commodities. The differentiator will not be the raw capability of the model but how well organizations integrate it into their defense workflows.

Mythos is forcing a global rethink of cybersecurity. The model's existence has already triggered calls for sovereign AI infrastructure in India, according to reports cited by Business Today. Countries are realizing that access to frontier cybersecurity AI may become a strategic necessity rather than a luxury.

For the builder community, the practical takeaway is straightforward: the era of AI‑powered vulnerability discovery has arrived. Whether through Mythos, Daybreak, or whatever comes next, the tools for finding and fixing vulnerabilities are about to get dramatically more powerful. The organizations that invest in integrating these capabilities into their development pipelines now will be the ones that stay ahead of adversaries — both human and AI‑powered.