Despite a U.S. government order to cease access to its most advanced AI model, Anthropic has maintained access for a select group of early testing organizations. These entities, part of Anthropic’s preview program, continue to utilize the system even as other versions were disabled under a U.S. export directive.
Selective Access Amidst National Security Concerns
The AI model in question, codenamed Mythos, was initially made available in a preview phase to approximately 200 organizations under Anthropic’s Glasswing program. This limited rollout followed the model’s demonstration of a significant capability: identifying thousands of software vulnerabilities. A less powerful iteration of Mythos was released more broadly before being suspended following a directive from the U.S. Commerce Department to halt access for all foreign nationals on national security grounds.
However, the preview version appears to have bypassed the full impact of this directive for some participants. Both Dragos, an industrial cybersecurity firm, and Cisco Systems have confirmed they retain access to Mythos Preview. This detail is noteworthy, as the organizations maintaining access are primarily those engaged in defensive security work. This aligns with Anthropic’s public stance that advanced AI, when utilized by vetted entities, serves as a public good rather than a threat.
European Agency Denied Access, Highlighting Export Order’s Reach
The situation presents a stark contrast with developments in Europe. The European Union Agency for Cybersecurity (ENISA), which had been invited to participate in the Glasswing program before the U.S. restrictions, was informed on Friday that its access would be revoked. This decision effectively reverses an arrangement that was the subject of recent discussions, definitively answering whether a European agency could operate under a U.S. export order.
Discretionary Power in AI Access
This episode underscores the significant discretion Anthropic holds within the framework of the U.S. directive. While the export order targets foreign nationals, it does not appear to mandate specific organizational access decisions among existing Glasswing members. The criteria Anthropic is using to determine individual access remain unclear, suggesting the company is making case-by-case judgments regarding the use of one of the most potent security-focused AI models currently available.
This position is challenging for any technology vendor. Anthropic has consistently highlighted the potential risks associated with advanced AI while simultaneously advocating for its availability to defenders. The U.S. directive has compelled the company to make difficult choices. The pattern of retained access for U.S. security firms and the exclusion of a European agency appears to reflect the contours of the export rule rather than a judgment on the merits of the users.
Dual-Use Technology and Governance Questions
The inherent power of the Mythos model is central to the issue. Its ability to discover numerous software vulnerabilities makes it equally valuable to malicious actors as it is to defenders. This dual-use characteristic is precisely why the Commerce Department moved to restrict its dissemination. The same capability that drives demand from firms like Dragos and Cisco also raises concerns in Washington about broader access.
The bifurcated outcome of this situation also intensifies questions about the governance of dual-use AI technologies. When a private company, operating within the ambiguities of a government order, decides which security teams gain access to a cutting-edge model and which do not, the practical control over a national security-relevant tool shifts from public authority to a private vendor. Vesting such a considerable degree of discretion in a single firm is a significant development.
The disparity between the U.S. firms that have retained access and the European agency that has been excluded makes this discretionary power apparent and invites scrutiny. Anthropic has not publicly detailed its access criteria, and the situation remains dynamic as the company navigates the directive from its government and the needs of its customer base. It is clear that the shutdown was not absolute, that the entities retaining access are predominantly U.S.-based defensive security users, and that the first European participant has now been denied entry.
