The Anthropic Mythos Pentagon ban is collapsing in practice. The National Security Agency, a division of the Department of Defense, is actively expanding its use of Anthropic’s Mythos Preview—the company’s most powerful AI model yet—despite Pentagon officials labeling Anthropic a national security risk and ordering federal agencies to stop using it.
Key Takeaways
- NSA is expanding Mythos use for identifying and analyzing software vulnerabilities despite Pentagon ban.
- Pentagon designated Anthropic a supply chain risk in February/March 2026, initiating actions to sever ties.
- Anthropic won a preliminary injunction in Northern California halting the Presidential Directive ban.
- Mythos access is limited to approximately 40 select organizations due to risks of exploitation.
- Mythos detected thousands of critical and zero-day vulnerabilities in testing months faster than human teams.
Why the NSA Ignores the Pentagon’s Supply Chain Risk Designation
The contradiction is stark. The Pentagon classified Anthropic as a national security risk and a supply chain threat, directing federal agencies to cease operations with the company. Yet the NSA—the very agency tasked with protecting US cybersecurity—is reportedly deepening its reliance on Mythos for autonomously finding, analyzing, and exploiting software vulnerabilities more effectively than human experts in some cases.
The core reason is practical desperation. Mythos is described as a watershed moment in AI capabilities for cybersecurity. During testing, the model detected thousands of critical and zero-day vulnerabilities—flaws that would take human teams months to uncover. For an agency responsible for national security, walking away from a tool that dramatically accelerates vulnerability discovery is a strategic liability, not a prudent precaution.
One Pentagon aide captured the frustration bluntly: the Pentagon has shot itself in the foot by giving the middle finger to the most capable AI provider. The tension reflects a deeper conflict within the Trump administration—one faction prioritizing supply chain risk mitigation, another prioritizing cybersecurity capability.
The Legal Reprieve That Changed Everything
Anthropic’s legal challenge shifted the calculus. On March 26, US District Judge Rita Lin granted a preliminary injunction halting the Presidential Directive that would have banned federal use of Anthropic tools. The ruling was split—a D.C. Circuit Court of Appeals temporarily upheld part of the ban—but the Northern California injunction provided enough legal breathing room for agencies like the NSA to continue operations.
That window enabled the NSA to not just maintain Mythos access but expand it. The agency’s growing reliance signals that once a government body gains access to a transformative tool, reversing course becomes politically and operationally difficult. Agencies build workflows around new capabilities. Removing them creates friction and perceived weakness.
Anthropic Mythos Pentagon Ban Faces White House Pressure
The real story is not the Pentagon’s ban—it is the White House’s apparent override of it. Anthropic CEO Dario Amodei met with the White House Chief of Staff and Treasury Secretary Scott Benson before April 20, 2026, to discuss Mythos implementation across government. The Treasury Department’s IT officials are actively seeking Mythos access to fix network vulnerabilities. These are not agencies defying orders; they are pursuing tools the White House is encouraging them to use.
A White House statement acknowledged this strategy: the administration continues to work and engage with AI companies to ensure their models help secure critical software vulnerabilities and is proactively engaging across government and industry to ensure the United States and Americans are protected. This language sidesteps the Pentagon ban entirely, reframing Mythos not as a security risk but as a security necessity.
The political split is real. Trump posted criticism of Anthropic and the ban, suggesting the administration itself is fractured on whether supply chain risk concerns outweigh cybersecurity gains. When the President signals skepticism toward a ban his own Pentagon imposed, agencies read permission to proceed.
Why Anthropic Restricts Mythos to 40 Organizations
Anthropic’s decision to limit Mythos access to approximately 40 select technology and cybersecurity organizations—publicly naming only 12—is not caution; it is containment. The company explicitly warns that public release would destabilize cybersecurity by enabling non-specialists to uncover and exploit flaws, amplify phishing and deepfake campaigns, and chain exploits together.
This restriction is the only thing preventing Mythos from becoming a universal hacking tool. In the wrong hands, a model that autonomously finds zero-day vulnerabilities transforms cybersecurity from defense into a race to exploitation. Attackers would benefit first, according to cybersecurity specialists cited in reporting. Anthropic knows this. The company is betting that government agencies—particularly those with security clearances and oversight—can be trusted with the tool in ways the general public cannot.
The UK’s counterparts access Mythos through the AI Security Institute, suggesting a parallel international effort to contain and weaponize the model rather than democratize it. This is not a product launch; it is a controlled distribution of a dual-use technology.
What Happens If the Pentagon Ban Holds?
If the legal injunction fails and the Pentagon ban is fully enforced, the NSA would face a genuine dilemma. Abandoning Mythos would mean reverting to slower, more labor-intensive vulnerability discovery. Competitors—China, Russia—would not face the same restriction. The NSA would be knowingly weakening its own cyber defenses for the sake of supply chain risk management, a trade-off that few security leaders would accept willingly.
This is why the NSA’s continued expansion of Mythos use is not insubordination; it is institutional self-preservation. The agency is betting that political and legal momentum favors capability over caution, and so far, that bet is paying off.
Is the NSA defying direct Pentagon orders?
Technically, the preliminary injunction from US District Judge Rita Lin halts enforcement of the ban, providing legal cover for continued NSA use. However, the Pentagon’s original designation of Anthropic as a supply chain risk remains in effect, creating ambiguity about whether the NSA is operating under legal permission or political tolerance.
Could Mythos access be cut off without warning?
Yes. If the D.C. Circuit Court of Appeals fully upholds the Pentagon ban and the Supreme Court declines to intervene, Anthropic could be forced to sever access to all federal agencies within weeks. The NSA’s expansion of Mythos use is a calculated bet on legal victory, not a guarantee.
Why doesn’t Anthropic release Mythos publicly?
Anthropic restricts Mythos to vetted organizations because public release would enable non-experts to discover and exploit critical vulnerabilities at scale, destabilizing cybersecurity infrastructure. The company is treating Mythos as a controlled dual-use technology, not a consumer product.
The Anthropic Mythos Pentagon ban reveals a government at war with itself. The Pentagon imposed restrictions on national security grounds. The NSA ignores them for national security reasons. The White House signals support for the NSA’s position. And Anthropic profits from the chaos, distributing its most powerful tool to the agencies most desperate to use it. This is not a story about AI safety or supply chain risk anymore—it is a story about which branch of government controls cybersecurity policy, and the answer remains genuinely unclear.
This article was written with AI assistance and editorially reviewed.
Source: TechRadar
