"EVERY Federal Agency" should stop using its products, President Donald Trump tweeted — words that, along with recent White House behavior, have helped put one of the most capable new generative-AI models at the center of a widening tug-of-war inside government.
Anthropic's Mythos and Project Glasswing
Anthropic began a selective, non-public rollout of its Mythos model in early April, distributing access through what the company calls Project Glasswing to select organizations and, later, partners in industry and other nations. The company limited distribution on the grounds that Mythos, in the wrong hands, could accelerate adversaries' ability to find and exploit network vulnerabilities. Select parts of the U.S. government — the intelligence community, the report says — already have access. Anthropic declined to comment when asked for this story.
ONCD: silence and centralized control
Several senior federal technology officials told Nextgov/FCW they remain frustrated by what they describe as a lack of White House guidance on who may access Mythos and how agencies may use it. Those sources said the White House Office of the National Cyber Director (ONCD) has largely prevented agency tech leaders from making use decisions about Anthropic's models while spending much of its energy engaging industry on AI policy.
ONCD did not respond to a request for comment. The sources spoke on the condition of anonymity to be candid about ongoing internal disagreements.
Federal CIOs: demand for access and operational guidance
Agency chief information officers, struggling with persistent threat activity against government systems, want clear direction on whether and how Mythos can be used to scan networks for hidden vulnerabilities. Some CIOs, the reporting says, are frustrated that they were not briefed by ONCD and have been "arbitrarily blocked" from further engagement with Anthropic; others are chiefly concerned about why they have not gained access at all.
Absent executive-branch guidance, Anthropic conducted briefings for federal CIOs in early May to explain Mythos and its potential cybersecurity implications. At the same time, several CIOs have moved to partner with private-sector vendors to accelerate patching, accept vulnerability disclosures promptly, and operationalize more automated remediation — steps driven by the recognition that agencies "can't wait for access," one person familiar with CIO discussions told Nextgov/FCW.
CISA's planned directive, departures at ONCD, and recent White House actions
Access dynamics could change: the Cybersecurity and Infrastructure Security Agency (CISA) is planning a binding operational directive to push agencies to prioritize the most urgent risks to federal networks, a shift CISA's acting director said was informed in part by AI-enabled cyber threats. Several senior officials have also made plans to leave ONCD in recent weeks, including the office's head of policy.
The broader policy backdrop is active. Defense Secretary Pete Hegseth ordered Anthropic declared a national supply-chain risk barely three months before the article; President Trump tweeted that "EVERY Federal Agency" should stop using Anthropic's products. A judge has since ruled those actions "arbitrary and capricious." Separately, President Trump signed an AI security executive order encouraging developers to submit powerful new models to a 30-day government review before public release, and he signed a memorandum intended to speed government use of advanced AI across the military and intelligence community.
What this means for federal CIOs, ONCD, and Anthropic
- Federal CIOs and security teams: Expect continued pressure to close known vulnerabilities now — through tighter patching cycles, faster vulnerability disclosure channels, and automation — while they press for clearer, centralized guidance on Mythos access and acceptable operational use.
- ONCD and policymakers: The office faces a balancing act between restricting potentially risky distribution of frontier models and providing operational guidance to agency technology leaders; staff departures and criticism from agency CIOs underscore the political and managerial strain.
- Anthropic and private sector partners: With some federal actors blocked or cautious, Anthropic has shifted to briefings and limited partner distribution. Private vendors will likely remain important interim suppliers of tooling and expertise as agencies seek to harden networks without immediate Mythos access.
There is, as the reporting makes plain, a narrow but consequential gap between a powerful, guarded capability and the agencies that want to use it defensively. Whether that gap will close through ONCD guidance, a CISA directive, or continued industry-led work remains the immediate question — and one that will determine whether Mythos becomes a tool for strengthening federal defenses or another contested asset locked behind policy uncertainty.
