Anthropic Mythos Model Advances Federal Rollout Amid Cybersecurity Concerns

The U.S. government is preparing to grant federal agencies access to Anthropic’s Mythos model, according to Bloomberg reporting Thursday. Gregory Barbaccia, federal chief information officer at the White House Office of Management and Budget, sent a Tuesday email to Cabinet department officials stating that OMB was setting up protections to enable agency use of the model. The Mythos model is limited to select groups and intended for defensive cyber work, not broad commercial use.

White House Safeguards for Mythos Access

In the OMB email with subject line “Mythos Model Access,” Barbaccia wrote: “We’re working closely with model providers, other industry partners, and the intelligence community to ensure the appropriate guardrails and safeguards are in place before potentially releasing a modified version of the model to agencies.”

The rollout plan comes as officials express concern about cybersecurity risks if the tool is not tightly controlled. Anthropic has stated that Mythos capabilities may spread quickly and not remain in safe hands, warning that “the fallout for economies, public safety, and national security could be severe” if such capabilities proliferate beyond actors committed to safe deployment.

International Regulatory Concerns

The federal rollout plan coincides with heightened international focus on AI cybersecurity risks. Finance ministers, central bankers, and regulators gathered in Washington for IMF and World Bank spring meetings, where senior financial officials warned that advanced AI from U.S. tech firms could expose vulnerabilities in lenders’ cyber defenses and pressure the broader banking system.

Andrew Bailey, governor of the Bank of England and chair of the Financial Stability Board, stated: “It is a very serious challenge for all of us. It reminds us how fast the AI world moves.” Bailey said regulators worldwide would need to quickly assess the cyber risk that Anthropic’s Claude Mythos Preview could pose to the financial system.

Dan Katz, deputy head of the IMF, said: “The evolution of digital technology is posing immense risks from a cybersecurity perspective. This is really going to be absolutely essential on the international agenda for the next few months.”

Christine Lagarde, president of the European Central Bank, highlighted the dual-use concern: “The development we’ve seen with Anthropic and Mythos is a good example of a responsible company that is suddenly thinking, ‘ah, that could be really good,’ but if it falls in the wrong hands, it could be really bad.” Lagarde told reporters that officials want a framework for governance, but no formal system is currently in place: “Everybody is keen to have a framework within which to operate. I don’t think there is a governance framework that’s actually meant to mind those things. We need to work on that.”

Anthropic’s Vulnerability Findings and Safeguards

Anthropicannounced earlier this month that Mythos had found “thousands of high-severity vulnerabilities, including some in every major operating system and web browser.” The company warned that capabilities like these may spread quickly and not remain in safe hands, stating: “It will not be long before such capabilities proliferate, potentially beyond actors who are committed to deploying them safely.”

Pip White, Anthropic’s head for the UK, Ireland, and northern Europe, said interest from executives increased rapidly following news of the model. In an interview, White stated: “We are putting our own safeguards and our own limitations around this product because we know how powerful it can be.”

Opus 4.7 Release

On Thursday, Anthropic released Opus 4.7, a new model designed for software engineering tasks. According to the company, Opus 4.7 can handle coding work that previously required closer supervision, follow instructions better than older models, and inspect higher-resolution images to identify details in dense charts and complex pictures.

Anthropic noted that Opus 4.7 is less capable than Mythos, including in cyber use cases. During training, the company tested methods to “differentially reduce” the model’s cyber ability.