The Pentagon is winding down its Anthropic contract — while also putting Anthropic’s most capable model inside military networks for cyber work. This is Anthropic Pentagon Watch. Today, Project Glasswing is running Mythos for cybersecurity defense, other Pentagon products are getting phased out, Cloudflare has the first third-party account of what Mythos actually does in the wild, and the enforcement question we’ve been circling all week just turned into an operational fact. And Japan is rewriting its cyberdefense guidelines because one private lab shipped a model. That blast radius goes way past D.C. This one's from Opentools:
The Pentagon is actively deploying Anthropic's unreleased Claude Mythos model to find and patch software vulnerabilities across U.S. government systems — even as it executes plans to remove Anthropic's other products from its networks. Emil Michael, the Defense Department's chief technology officer, called the situation "a national security moment," according to Reuters.
The blacklist fight just got weirder: the Pentagon is phasing out Anthropic’s products, but it’s also running their most capable unreleased model inside U.S. government infrastructure under Project Glasswing. Those are two different contract tracks, and nobody in the coverage is really sitting with that contradiction. Emil Michael calls it a “national security moment,” which is doing a lot of work when the same department cutting Anthropic loose is also giving them access to patch decades-old browser and infrastructure vulns at scale. That’s not a phase-out. That’s deeper embedding with better branding. And now Japan is drafting cyberdefense guidance off a model it’s never even touched. One private lab’s release becomes a policy-forcing event for an allied government — that’s a secondary proliferation effect none of the current enforcement frameworks even try to cover. Japan’s drafting policy from Anthropic’s press materials and whatever Cloudflare published. That’s not allied coordination — it’s a foreign government doing Anthropic’s standards-setting work for them, while Anthropic is locked out of NIST TRAINS domestically. The vacuum is getting filled, just not where anyone’s looking. Okay, so Anthropic drew these hard lines — no autonomous weapons, no mass surveillance — but once Mythos is running inside a military network, who’s actually checking whether those rules are being followed? That’s the tension sitting right at the center of this. The honest answer from the sources we have is that the enforcement picture is murky at best. The Pentagon’s original demand — delivered as a formal “best and final offer” by Defense Secretary Pete Hegseth on February 25th — was for Anthropic to let Claude be used for, quote, “any lawful use,” with no corporate-imposed restrictions at all. Anthropic refused, which is how the company ended up labeled a “supply-chain risk” in the first place, per The Verge. Fast-forward to Mythos: Anthropic announced it as a cybersecurity-specific model and withheld it from public release because, per TechCrunch, it decided it was too capable of offensive use. That withholding is itself a kind of technical gate, since the model isn’t generally available and access is controlled at the distribution layer. But here’s the catch: TechCrunch also reported the NSA is already using Mythos Preview despite the broader Pentagon feud, which tells you selective access is happening outside a formal vendor relationship, and there’s no public reporting on what contractual or audit conditions, if any, govern that NSA use. So if there’s no formal vendor contract — and the Pentagon CTO has said Anthropic won’t be a DoD vendor — does that actually leave Anthropic with less leverage to enforce its own terms, not more? That’s the real watch item. Pentagon CTO Emil Michael confirmed as recently as May that Anthropic won’t be a formal DoD vendor, while still calling Mythos a “national security moment” worth pursuing — which suggests the government is trying to get at the capability through side channels like the NSA arrangement instead of through a contract that would give Anthropic any formal audit rights. Without a signed agreement, Anthropic’s red lines are basically product design choices and public statements, not enforceable contract terms. So the question to watch is whether any formal access agreement eventually surfaces, because that document would tell us whether those lines are real guardrails or just a policy position. From r/artificial (42 pts, 9 comments):
The catch:
its built-in guardrails aren't consistent. The same task framed differently could produce completely different outcomes. Cloudflare's point is that this inconsistency is exactly why any future public release needs hardened safeguards layered on top.
They also acknowledge the same capabilities that helped them find bugs in their own code will, in the wrong hands, accelerate attacks against every application on the internet.
Cloudflare just put out the first real third-party operational account of Mythos Preview running against live infrastructure — 50-plus of their own repos — and the headline finding is that the guardrails are inconsistent. Same task, different framing, different result. That’s not a theoretical concern about a model in a lab; that’s documented behavior inside a system already deployed under Project Glasswing. And let’s be precise about Cloudflare: they’re one of the roughly 40 organizations with access. So the first production-facing read on Mythos is coming from someone with a stake in keeping the access list intact. That’s a testimonial, not an audit. Meanwhile, Glasswing is being phased out by the Pentagon, but Mythos is running inside it right now. One arm of Anthropic’s Pentagon relationship is expanding, the other is being wound down — and nobody’s published which contract language actually governs the model that’s actively chaining exploit primitives against military-adjacent infrastructure. Japan is now writing cyberdefense guidelines in response to the Glasswing announcement — a foreign government reshaping its threat posture around a capability released by a private lab it hasn’t evaluated and can’t access. If that’s a safety move, it’s the most aggressive market-entry play in enterprise software history. If you’re tracking AI and the Pentagon, you may also like The Data Center Daily, a daily briefing on AI compute, hyperscaler capex, power, semiconductors, and energy markets reshaped by intelligence at scale. Find it wherever you listen to podcasts.
You’ll find links to all the reporting we drew on today in the show notes, so if one of these stories is worth a closer read, that’s the place to start.
That’s Anthropic Pentagon Watch for this Tuesday. This is a Lantern Podcast.