The White House Office of Management and Budget is preparing to grant federal civilian agencies access to Anthropic’s Claude Mythos AI model, even as the Department of Defense’s supply chain risk designation against the company remains in force. On April 16, Gregory Barbaccia, OMB’s federal CIO, emailed Cabinet department officials that OMB is “setting up protections” to allow agencies including Treasury, Commerce, and Homeland Security to use Mythos. The following day, White House Chief of Staff Susie Wiles met with Anthropic CEO Dario Amodei, joined by Treasury Secretary Scott Bessent, in what both sides described as a “productive” discussion on cybersecurity collaboration.
This creates an unprecedented split in federal AI policy. The Pentagon bars Anthropic from defense contracts while the White House works to provide the same model to civilian agencies. It’s the same federal government with opposite policies.
Pentagon Ban Remains Active
The Department of Defense designated Anthropic a supply chain risk on March 3, and the DC Circuit Court upheld this designation on April 8, denying Anthropic’s request for a stay. The ban remains in force: Anthropic is barred from defense contracts, and no contractor working with the military may do business with the company. Furthermore, the court ruled that “the equitable balance cuts in favor of the government” over Anthropic’s financial concerns.
This policy creates immediate compliance headaches. Federal contractors working with both defense and civilian agencies face contradictory directives. Commerce says “use Mythos for cybersecurity,” Pentagon says “no Anthropic.” Contractors are stuck navigating conflicting federal requirements with no clear guidance on segregation or compliance.
Related: Claude Mythos Gated: Best AI Model, Zero Public Access
Why Mythos Matters: Cybersecurity Capabilities
Both sides want Mythos for the same reason: it’s extraordinarily powerful. Internal testing found the model identified thousands of zero-day vulnerabilities across every major operating system and web browser. Moreover, Mythos autonomously writes exploits, chains multiple vulnerabilities together, and obtains privilege escalation on Linux and FreeBSD systems without human guidance. Anthropic says these capabilities “emerged as a downstream consequence of general improvements in code, reasoning, and autonomy”—they didn’t explicitly train the model for hacking.
Specific demonstrated capabilities include a web browser exploit chaining four vulnerabilities, Linux privilege escalation via race condition exploitation, and FreeBSD NFS server remote code execution. Anthropic states Mythos “can surpass all but the most skilled humans at finding and exploiting software vulnerabilities.” Consequently, that dual-use nature drives the policy split: Pentagon wants offensive and defensive flexibility, civilian agencies want defensive cybersecurity only.
The Standoff Background
The Pentagon-Anthropic conflict began February 24, when Defense Secretary Pete Hegseth gave Anthropic CEO Dario Amodei a Friday deadline to grant the military “any lawful use” access to Claude or face penalties. However, Amodei refused, citing two red lines: fully autonomous lethal weapons without human oversight, and mass surveillance of American citizens. On February 27, after Anthropic stood firm, President Trump ordered federal agencies to cease using Anthropic products, and Hegseth designated the company a supply chain risk.
Amodei stated, “I cannot in good conscience accede. We believe AI is not reliable enough to operate weapons, and there are no laws or regulations yet that cover how AI could be used in mass surveillance.” Hegseth characterized Anthropic’s safety guardrails as “corporate virtue-signaling” and threatened to invoke the Defense Production Act to force access. Therefore, this explains the split: it’s not bureaucratic confusion but a fundamental disagreement about AI safety.
What the White House Approach Means
The White House’s “modified version with guardrails” signals a compromise: civilian agencies get restricted Mythos without weapons or surveillance capabilities, while the Pentagon’s demand for unrestricted access goes unmet. Barbaccia stated OMB is “working closely with model providers, other industry partners, and the intelligence community to ensure appropriate guardrails and safeguards are in place before potentially releasing a modified version.”
This sets precedent for two-tier federal AI policy. Defense agencies face one set of rules, civilian agencies another. For federal contractors, it creates a compliance maze with no clear resolution. The White House official statement called the April 17 meeting “productive and constructive,” exploring “the balance between advancing innovation and ensuring safety.” Translation: we’re splitting the difference rather than resolving the underlying conflict.
Key Takeaways
- The White House is granting civilian agencies access to Claude Mythos while the Pentagon’s supply chain risk designation remains active, creating split federal AI policy
- Mythos found thousands of zero-day vulnerabilities across major operating systems and browsers, making it essential for cybersecurity but also a powerful offensive tool
- The standoff centers on AI safety: Anthropic refuses “any lawful use” access due to concerns about autonomous weapons and mass surveillance, while the Pentagon demands unrestricted capabilities
- Federal contractors working with both defense and civilian agencies face impossible compliance scenarios with no clear guidance on tool segregation
- This policy contradiction exposes the federal government’s inability to create coherent AI governance while adversaries develop equivalent capabilities
