Early users of Anthropic's Mythos continue to have access despite the US directive.

      When Washington instructed Anthropic to disable access to its most advanced AI model, not all users were affected. Some organizations chosen by Anthropic to initially test Mythos retained their access to a preview of the system, even as other versions were disabled under a U.S. export directive, according to a Bloomberg report.

      The specifics are important. Anthropic limited what it refers to as Mythos Preview to about 200 organizations, including the U.S. government, through its Glasswing program, following the model's unexpected ability to identify thousands of software vulnerabilities. A less powerful iteration of Mythos was more widely released but was subsequently disabled when the Commerce Department ordered Anthropic to suspend access for all foreign nationals based on national-security concerns. However, the preview remained accessible for some users.

      Two companies confirmed that they still had access. Dragos, the industrial-cybersecurity firm that Accenture is acquiring a majority stake in, and Cisco Systems both informed Bloomberg that they retained Mythos Preview.

      This detail is significant: the organizations that maintained access are precisely those utilizing the model for defensive security work, which Anthropic argues supports the notion that advanced AI in trusted hands is a public benefit rather than a risk.

      The stark contrast with Europe is notable. The European cybersecurity agency ENISA, which was invited to be part of Glasswing before Washington's restriction, was informed last Friday that it would no longer have access. This reverses an agreement discussed just days prior, directly addressing the question raised in that meeting: whether a European agency could comply with a U.S. export order. The answer, at this moment, is no.

      This situation reveals how much leeway Anthropic has within the framework left by the directive. The export order is aimed at foreign nationals, but it does not explicitly dictate which existing Glasswing members retain access to the preview.

      It is unclear how Anthropic determines individual access, meaning the company is effectively making decisions on a case-by-case basis about who can utilize one of the most advanced security models available.

      This is a precarious position for any vendor and a revealing one. Anthropic has spent the year cautioning about the dangers of advanced AI while asserting that models like Mythos should be accessible to defenders. The directive forced it to make a choice, and the pattern of who retained access—U.S. security firms remaining in while a European agency was excluded—reflects the contours of the export rule rather than an assessment of merit.

      The model at the center of this issue is undeniably powerful, which is precisely the concern. A system capable of uncovering thousands of vulnerabilities is equally advantageous for attackers as it is for defenders, and this dual-use nature is why the Commerce Department sought to impose restrictions. The same features that motivate Dragos and Cisco to seek ongoing access are the very ones that cause Washington to worry about who else might obtain it.

      The contrasting outcomes also intensify the question of who controls access to dual-use AI. When a single company determines, based on a government directive, which security teams retain access to a frontier model and which do not, the practical authority over a tool relevant to national security rests with a private entity instead of a public entity.

      This grants considerable discretion to one firm, and the disparity between the retained U.S. firms and the excluded European agency highlights this discretion in a way that warrants examination. Anthropic has not specified its access criteria, and the situation continues to evolve as the company navigates between government directives and its own clients. What is evident is that the shutdown was not all-encompassing, that those who retained access are primarily U.S. defensive-security users, and that the first European participant allowed in has also been the first to be excluded.