Anthropic wants to take its most capable model, Claude Mythos, from a controlled set of about 50 organisations to roughly 120, adding names like Amazon, Google and JPMorgan under a programme the company is calling Project Glasswing. The White House, according to reporting today in the New York Post and CNN, has told Anthropic it is against the expansion. The objection is not about competition or pricing. It is about the model itself.

Mythos is the system Anthropic itself characterised, in internal analysis later summarised by reporters, as capable of exploiting electric grids, power plants and hospitals if it fell to the wrong operator. Dark Reading's piece this week, written from panic in the Japanese banking sector, describes Mythos finding previously unknown vulnerabilities in every browser and operating system tested against it, including one defect that had sat undisturbed for twenty-seven years. Finance minister Satsuki Katayama called the model's mere existence a crisis already upon us. A Japanese banking executive, quoted in the same piece, said that in the event of a customer-data leak the institution might have no choice but to shut its systems and conduct all transactions in cash. Those are not the sentences a regulator chooses lightly.

What makes the Glasswing fight strange is the Pentagon backdrop. Earlier this year, after Anthropic refused to grant the Department of Defense unrestricted use of its models for surveillance and weaponry, Pete Hegseth's office declared the company a supply-chain risk to national security, the kind of classification usually reserved for foreign adversaries. NBC covered the timeline. A long thread of mine on what Anthropic was trying to keep off the table is in Defenders First. And yet, days later, CNN was reporting that the same administration was looking for ways around its own restriction so that selected agencies, including the NSA, could keep testing Mythos against Microsoft systems and other domestic targets. Bloomberg confirmed the NSA work this morning.

So the position the White House has taken on Glasswing is, more or less, that a tool the federal government cannot resist using itself is too dangerous for JPMorgan to license. That argument has internal logic, the bank does not have a clearance pipeline, and credentialled access is an entirely different posture from a private SLA, but it is still an argument the administration has to make in public while quietly running the model against adversary infrastructure. The contradiction is the news.

It also, awkwardly, is not the first time Mythos has been somewhere it should not be. Three weeks ago a contractor with incidental access guessed an endpoint from leaked naming conventions, the episode I wrote up in A Contractor Had Mythos. Dark Reading nods at the same incident in its Tokyo piece. The inner circle was already porous before any expansion happened. Glasswing, by enlarging the circle from 50 to 120, multiplies the attack surface for exactly that kind of perimeter leak, and Anthropic's own threat modelling is the strongest argument against doing it.

There is a version of this story where the White House wins, the rollout pauses, the 70 candidate firms wait six months, and Anthropic spends the time tightening operational security around the Mythos endpoints it already operates. There is another version where the company decides the commercial pressure from Amazon and Google outweighs the political cost and pushes Glasswing live anyway. The interesting question is not which version we get. It is whether the precedent here, a sitting administration trying to gate a private firm's customer list on national-security grounds without naming a statute, survives the next change of party. That is the part nobody is writing about yet.

Sources: