Newest first. Each entry captures what changed, the affected entity, and the source it comes from.
High
NetskopeOfficial
Netskope: official press release says Netskope has access to Claude Mythos Preview and will share findings with the Glasswing coalition and broader cybersecurity community
Netskope announced on June 2 that it is part of Project Glasswing and has access to Anthropic's Claude Mythos Preview. The company said it will use the model to find vulnerabilities in code at scale and continue sharing its findings with other Glasswing partners and the wider cybersecurity community.
Netskope's inclusion expands the named access list into large-scale cloud, network, and AI-governance security infrastructure, adding a defender that sits in the traffic path of major enterprise AI deployments.
Rubrik: official press release confirms the company has been granted access to Anthropic's Mythos Research Preview through Project Glasswing
Rubrik announced on June 2 that it has been granted access to Anthropic's Mythos Research Preview as part of Project Glasswing. The company said it is testing the model defensively across its enterprise platform and product suites to identify, vet, and patch potential software vulnerabilities in advance.
Rubrik adds a major cyber-resilience and data-protection vendor to the named Glasswing roster, showing that the June expansion is bringing in security operators responsible for enterprise backup, recovery, and resilience layers rather than only cloud and telecom infrastructure owners.
White House: Trump signs executive order creating a voluntary federal early-access framework for covered frontier AI models and an AI cybersecurity clearinghouse
The White House published a June 2 executive order directing CISA to facilitate access to cybersecurity tools including covered frontier models for agencies, state and local authorities, and critical-infrastructure operators. The order also directs Treasury, NSA, and DHS to form an AI cybersecurity clearinghouse for vulnerability scanning and remediation coordination, and establishes a voluntary framework under which AI developers can provide the federal government up to 30 days of early access to covered frontier models before wider release.
The June 2 order converts the White House's earlier Mythos discussions into signed policy: it creates a concrete federal path for government early access and coordinated defensive deployment of frontier cyber models across civilian agencies and critical infrastructure.
Approximately 150 new Glasswing partner organizationsUnknown pool
Anthropic/Reuters: Project Glasswing expands by approximately 150 new organizations across more than 15 countries, extending Mythos Preview to critical infrastructure, vendors, and government organizations
Anthropic announced on June 2 that it is extending Project Glasswing to approximately 150 new organizations that meet its security requirements, adding partners in more than 15 countries across power, water, healthcare, communications, hardware, and vendor-maintained software. Reuters reported the wider rollout lifts the program from around 50 organizations to roughly 200 total partners and includes government organizations, while Anthropic said many of the new members maintain codebases relied on globally by governments and major infrastructure operators.
This is the largest official access expansion since Mythos launched, turning Project Glasswing from a tightly bounded pilot into a broader transnational defensive-access program spanning essential infrastructure and government-adjacent systems.
Government Executive: House Homeland Security Committee receives closed Anthropic Mythos demonstration; committee aide says briefing 'reinforced urgency' of ensuring federal agencies can access advanced AI models
Government Executive reported on May 15 that the House Homeland Security Committee received a rare closed briefing in which Anthropic executives demonstrated Mythos to committee members, showing how the model identifies software vulnerabilities. Chairman Andrew Garbarino (R-NY) and Ranking Member Bennie Thompson (D-MS) led the briefing. A committee aide stated: 'What we saw reinforced the urgency of ensuring that federal agencies can responsibly access and deploy the most advanced U.S. models.' The briefing also highlighted CISA's lack of full Mythos access and the NSA's reported use despite the Pentagon blacklist. Senate Intelligence Committee leaders Tom Cotton (R-AR) and Mark Warner (D-VA), along with Gen. Joshua Rudd (NSA/Cyber Command), were noted as part of broader congressional engagement.
A bipartisan House committee receiving a direct Anthropic Mythos demonstration — with a committee aide publicly signaling urgency around federal agency access — escalates the U.S. government access debate from executive-branch negotiations into formal legislative oversight, directly raising CISA's exclusion as a Congressional concern.
Verizon: official press release confirms Verizon joins Project Glasswing as the first named telecommunications company with Claude Mythos Preview access
Verizon published an official press release on May 15 confirming it has joined Project Glasswing, becoming the first named telecommunications company to gain access to Claude Mythos Preview. The company is testing the model to identify complex vulnerabilities in its software and operating systems. CEO Dan Schulman stated: 'Our customers rely on the security of our network every day. As part of Project Glasswing, we are able to test and improve our cybersecurity efforts with new insights to maintain our network's security.'
Verizon is the first named telecommunications carrier in Project Glasswing, extending Mythos access from cloud, financial, and device manufacturers into core U.S. telecommunications network infrastructure — a sector that underpins both civilian and national security communications.
Axios: 32 bipartisan House members led by Rep. Latta send letter to National Cyber Director Cairncross demanding expanded Mythos defensive access and clearer AI cyber standards
Axios reported on May 13 that Rep. Bob Latta (R-Ohio) led a bipartisan group of 32 House members in sending a letter to National Cyber Director Sean Cairncross urging immediate action to address the high volume of AI-generated vulnerability disclosures from systems like Mythos and OpenAI's GPT-5.5-Cyber. The letter outlines seven recommendations including expanded defensive access to frontier AI cyber models, federal government assistance helping software companies validate and patch AI-discovered vulnerabilities, and clearer standards governing how advanced cyber models are shared across government and industry. Lawmakers also called for coordination with the Treasury Department and National Economic Council, and requested a staff briefing within 30 days and a written response within 45 days. The letter cited Mythos's identification of 'thousands of high-severity zero-day vulnerabilities' across major operating systems and web browsers.
A bipartisan 32-member House letter directly to the National Cyber Director demanding expanded Mythos access and federal patching coordination formalizes congressional pressure on the White House's cyber policy apparatus and marks an escalation from executive-branch negotiations into a direct legislative-oversight demand.
Japan Cabinet – Prime Minister's OfficeRegulatory response
The Register/Nikkei: Japan PM Takaichi orders cabinet-level cybersecurity review of government systems and critical infrastructure, citing Mythos threat
Japan's Prime Minister Sanae Takaichi ordered a cabinet-level cybersecurity review in direct response to Anthropic's Mythos, instructing cybersecurity minister Hisashi Matsumoto to check government systems for detectable vulnerabilities and develop measures so critical infrastructure operators can do likewise. The Register reported Takaichi stated that Mythos and similar frontier models may be misused, and that attacks on infrastructure may therefore increase in speed and scale, perhaps even exponentially.
A PM-level cabinet order covering all of Japan's government systems and critical infrastructure — not just the financial sector addressed by the April FSA working group — makes Japan one of the few countries to issue a whole-of-government cybersecurity directive directly citing a named AI model.
Japan FSA, BOJ, and financial sectorRegulatory response
Bloomberg: Japan FSA expands Mythos working group to 36 entities including Anthropic Japan and OpenAI Japan; first meeting May 15 chaired by Mizuho CISO
Bloomberg reported on May 12 that Japan's Financial Services Agency has expanded its Mythos cybersecurity working group to 36 entities — including megabanks, internet banks, the Bank of Japan, and the Japanese units of both Anthropic and OpenAI — with the group's first formal meeting scheduled for May 15. Mizuho Financial Group CISO Osamu Terai will chair the group, which will discuss procedures for handling discovered vulnerabilities, defensive measures, and contingency planning. The FSA is also considering information-sharing arrangements with U.S. and overseas authorities. Growing interest from Japanese banks in Project Glasswing access is reported, with Anthropic described as potentially providing limited defensive access to participating financial institutions.
The FSA working group's expansion to 36 named entities — including the Japanese subsidiaries of Anthropic and OpenAI — and its inaugural May 15 meeting make Japan's financial-sector Mythos response the largest multi-institution coordinated regulatory forum on the model to date; the FSA's international information-sharing consideration signals Japan may seek allied government access coordination.
CNBC: EU-Anthropic Mythos access talks stall at 'different stage' as OpenAI grants EU access to rival GPT-5.5-Cyber model
CNBC reported on May 11 that Anthropic is still holding out on releasing Mythos to the European Union, despite the EU Commissioner's office having held 'four or five' meetings with the company. An EU official stated that discussions with Anthropic are 'not yet at the same stage as the solution we have on the table from OpenAI,' referring to OpenAI's May 7 decision to grant EU access to its rival GPT-5.5-Cyber model.
The EU-Anthropic access gap now has a direct competitive dimension: OpenAI has leapfrogged Anthropic in EU engagement by granting preview access to its rival cyber model, publicly exposing Anthropic's Mythos holdout and adding pressure on Anthropic to accelerate EU discussions.
ASIC/Reuters: ASIC publishes official letter naming Claude Mythos, orders all licensees to table cyber resilience assessment at the board level, warns 'the clock is at a minute to midnight'
Australia's Securities and Investments Commission published an official industry letter on May 8 (media release 26-092MR) explicitly naming Anthropic's Claude Mythos as a frontier AI model that could expose cybersecurity vulnerabilities at unprecedented speed, scale, and sophistication. ASIC Commissioner Simone Constant ordered all licensees and market participants to reassess cyber plans and table the letter at their ultimate board and risk governance committees — framing cyber resilience as a core licensing obligation with enforcement backstop from ASIC's recent court victory against FIIG Securities Limited. Constant stated: 'The clock is at a minute to midnight – if you aren't on top of your cyber resilience already, the time to act and prepare is right now.' Reuters separately reported that Macquarie CEO Shemara Wikramanayake confirmed the bank is running technology programs to test its potential risks against frontier AI models, though no Mythos-specific access was confirmed.
ASIC's May 8 formal letter — as Australia's corporate and markets regulator, distinct from APRA's April 30 prudential enforcement letter — makes Australia the first country to have two separate financial regulators issue official named-Mythos compliance directives within two weeks, mandating board-level governance action across Australia's entire licensed financial services sector.
Securities and Exchange Board of IndiaRegulatory response
The Print/ANI: SEBI names Claude Mythos in formal circular, orders all Indian securities market entities to immediately overhaul cyber defences and forms cyber-suraksha.ai task force
India's Securities and Exchange Board of India (SEBI) issued a formal circular on May 5 explicitly naming Claude Mythos as a cybersecurity threat and ordering every regulated entity — including stock exchanges, depositories, brokerages, and mutual funds — to immediately overhaul their cybersecurity infrastructure. The circular requires entities to update operating systems and applications with the latest patches, conduct regular vulnerability assessments, strengthen API security controls, and consult IT committees on managing AI-led vulnerability risks. SEBI also constituted a dedicated task force named cyber-suraksha.ai, comprising representatives from market infrastructure institutions, qualified registrars and transfer agents, to examine AI-driven cybersecurity risks and strengthen cyber resilience across the securities market ecosystem. The task force is additionally mandated to share threat intelligence, report cyber-incidents on a priority basis, and review the cybersecurity posture of third-party application service providers.
SEBI is the first Indian financial regulator to issue a formal named circular explicitly ordering mandatory remediation action across India's entire securities market — the world's fourth-largest equity market by capitalization — while Indian institutions have no public Mythos access to use the model defensively.
Center for AI Standards and Innovation (CAISI)Evaluated
NIST/Bloomberg: CAISI signs new pre-deployment AI security testing agreements with Google DeepMind, Microsoft, and xAI; White House studying executive order requiring AI model safety reviews, directly prompted by Mythos
The Center for AI Standards and Innovation (CAISI), a NIST division within the Commerce Department, announced on May 5 that it signed new pre-deployment AI safety evaluation agreements with Google DeepMind, Microsoft, and xAI — building on prior agreements with Anthropic and OpenAI from 2024. The agreements allow CAISI to evaluate AI models before public release in classified environments, potentially with reduced or removed safeguards, and include post-deployment research and information-sharing. CAISI director Chris Fall stated the center had completed more than 40 pre-deployment evaluations including unreleased state-of-the-art models. Separately, White House National Economic Council Director Kevin Hassett confirmed the administration is studying 'possibly an executive order' to create a clear roadmap for evaluating advanced AI systems before release.
The CAISI expansion and potential executive order are the US government's most concrete formal institutional response to Mythos-class capability: CAISI's pre-existing Anthropic agreement is being extended across the major AI labs, and a possible mandatory pre-deployment review framework would formalize what Mythos made urgent.
Bloomberg/Reuters: EU Economy Commissioner Dombrovskis confirms European Commission met with Anthropic and is assessing Mythos implications under EU law
Bloomberg reported on May 4 that the European Commission is in talks with Anthropic about getting European companies and banks tested for vulnerabilities that Mythos might expose. EU Economy Commissioner Valdis Dombrovskis stated: 'The commission representatives met with Anthropic and was briefed on technical details around cyber capabilities and the risk of this Mythos preview, so we are currently assessing possible implications in light of the EU policies and legislation.' Reuters separately confirmed the statement the same day. The talks mark a shift from the EU's earlier position of limited visibility into Mythos while the UK AISI directly evaluated the model.
A named EU Commissioner publicly confirming that Commission representatives have directly met with Anthropic and are assessing Mythos against EU policies and legislation upgrades Brussels from institutional sidelining to active engagement — potentially linking Mythos to EU AI Act enforcement scope and European banking regulators.
Nextgov: American Water meets with Office of the National Cyber Director on Mythos as OT sector expresses 'annoyance' at exclusion from initial Glasswing rollout
Nextgov/FCW reported on May 4 that operational technology providers are frustrated by their exclusion from Anthropic's initial Mythos rollout under Project Glasswing. American Water — one of the nation's largest regulated water utilities — recently met with the Office of the National Cyber Director to discuss Mythos access. An anonymous source stated: 'There's definitely an annoyance in the OT world,' noting that decision-makers 'weren't thinking in those terms' regarding OT sector needs when determining initial access. The initial distribution focused on major technology and finance companies, leaving operators of energy, water, and transportation systems without access.
The OT sector's formal push for Mythos access — represented by a named water utility meeting with the White House's top cyber office — reveals a structural gap in the Glasswing rollout: critical infrastructure most frequently targeted by nation-state adversaries was excluded while financial and technology sectors were prioritized.
CNBC/Axios: Pentagon announces AI agreements with seven companies for classified networks, conspicuously excluding Anthropic as Defense Secretary calls CEO an 'ideological lunatic'
On May 1, the Department of Defense announced agreements with seven AI companies — Google, OpenAI, Nvidia, Microsoft, Amazon Web Services, SpaceX (merged with xAI), and Reflection — to deploy their technology across classified networks for 'lawful operational use.' Anthropic was absent. Defense Secretary Pete Hegseth separately testified on Capitol Hill on April 30 that Anthropic is 'run by an ideological lunatic who shouldn't have a sole decision-making over what we do.' Pentagon CTO Emil Michael framed Anthropic's exclusion as consistent with the supply chain risk designation while describing Mythos itself as 'a separate national security moment.'
The Pentagon formalizing AI access agreements with seven competing companies while explicitly leaving Anthropic out — on the same day the NSA is reportedly using Mythos — sharpens the institutional contradiction at the center of U.S. AI and national security policy and signals DoD is building an Anthropic-free classified AI stack.
The Register/CNBC: Pentagon CTO Emil Michael reaffirms Anthropic blacklist, frames Mythos as 'a separate national security moment' with NSA access limited to evaluation only
Pentagon CTO Emil Michael told CNBC's Squawk Box on May 1 that Anthropic remains a supply-chain risk to the Department of Defense despite growing Mythos interest across the executive branch. Michael said 'The Mythos issue … is a separate national security moment. We have to make sure our networks are hardened up because that model has capabilities that are particular to finding cyber vulnerabilities and patching them.' He confirmed the NSA and Commerce Department evaluate all frontier models including Chinese ones to 'see what the capabilities are at the edge,' characterizing any NSA Mythos access as evaluation-only rather than operational deployment. He added the government is looking at how to work with all AI companies so capabilities are 'understood by us first so that we can fix any issues.'
The Pentagon CTO's explicit May 1 reaffirmation that Anthropic's supply-chain risk designation stands — directly contrasting Trump's April 21 signal that a DoD deal was 'possible' — shows the executive branch remains institutionally divided, with DoD framing NSA's reported Mythos use as technical evaluation rather than procurement and signaling no immediate path to a DoD deal.
APRA: official industry letter threatens enforcement for inadequate AI risk controls, explicitly naming Anthropic Mythos as a frontier model heightening cyber threats
Australia's prudential regulator APRA published an official letter to all regulated entities — banks, insurers, and superannuation trustees — threatening enforcement action against those failing to adequately manage AI risks. Board member Therese McCarthy Hockey stated: 'Where entities fail to adequately identify, manage or control AI risks in a manner proportionate to their size, scale and complexity, we will take stronger supervisory action and, where appropriate, pursue enforcement.' The letter explicitly named Anthropic Mythos, stating APRA is 'engaging across the sector on the potential for increased cyber threats from high capability AI frontier models such as Anthropic Mythos.' Key gaps cited: information security practices lagging behind AI threat speed, over-reliance on vendor summaries without examining AI risks, and weak board-level technical literacy.
This is the first official enforcement threat issued by a major financial prudential regulator that specifically names Anthropic Mythos by model name, upgrading Australia's posture from sector-level monitoring to formal regulatory response with an explicit enforcement backstop.
Bloomberg: White House tells Anthropic it opposes plan to expand Mythos access from ~50 to ~120 organizations, citing security and compute concerns
Bloomberg reported that the White House told Anthropic it opposes its plan to expand Mythos access from approximately 50 companies to 120 organizations — adding roughly 70 more recipients. Administration officials (speaking anonymously) cited two concerns: security risk, that broader access increases potential for misuse by hackers or foreign governments; and compute constraints, that Anthropic lacks the computing capacity to serve 120 entities without degrading the government's own Mythos access. The original reporting was by the Wall Street Journal.
The White House shifting from discussion to active opposition to expansion is the first concrete executive-branch constraint on Mythos deployment outside the existing Pentagon blacklist, and frames government access to Mythos compute as a strategic resource to protect against commercial dilution.
Bloomberg: NSA staff testing Anthropic's Mythos specifically to find security flaws in Microsoft products and other widely used software
Bloomberg reported on April 30 that the NSA has been testing Anthropic's Mythos model to find cybersecurity vulnerabilities in Microsoft products and other widely used software, citing a US official and a person familiar with the matter. NSA officials studying the model have been impressed by its speed and efficiency in searching for potential security flaws. The sources said they did not know whether the tests had found specific bugs. NSA and Anthropic both declined to comment.
Bloomberg's April 30 report adds specific operational detail the prior April 19 Axios report lacked: NSA is targeting the world's most widely deployed OS and business software suite, making this a directly government-sanctioned scanning operation for critical civilian infrastructure vulnerabilities despite the Pentagon blacklist of Anthropic.
Axios: White House developing draft executive action to allow federal agencies to bypass Anthropic supply chain risk designation and onboard Mythos
Axios reported on April 29 that the White House is developing guidance — including a draft executive action — that would allow federal agencies to sidestep Anthropic's DoD supply chain risk designation and onboard models including Mythos. Sources described the effort as a way to 'save face and bring em back in.' The White House was convening companies across tech and cyber sectors for table reads of draft guidance that week. Talks were in flux and no guidance was final.
A draft executive action to bypass the DoD supply chain risk designation would be the clearest White House reversal on the Anthropic blacklist, creating a formal policy instrument for dozens of civilian agencies to access Mythos without Pentagon approval.
India Government – MeitY, Finance Ministry, and CERT-InIn discussion
The Print: MeitY Secretary S. Krishnan confirms India is in active talks with Anthropic and U.S. authorities to secure Claude Mythos access for Indian entities
MeitY Secretary S. Krishnan confirmed on April 28 that the Indian government is working out the 'logistics' with U.S. authorities to include Indian entities in Project Glasswing. A senior MeitY official separately confirmed active conversations with Anthropic for possible access, while IT Minister Ashwini Vaishnaw and Department of Financial Services officials expressed urgency about building capacity before other frontier AI models launch. Industry body Nasscom wrote to Anthropic arguing Indian technology firms maintain critical code used by organizations worldwide and that inclusion in the global consortium is 'imperative.'
India's IT ministry confirming active access negotiations marks the country's transition from strategic watch to named access-seeking government, making India the first major tech-exporting nation outside the U.S. and Europe publicly seeking inclusion in Project Glasswing.
Japan FSA, BOJ, and financial sectorRegulatory response
NHK/Jiji Press: Japan's Finance Minister and FSA convene Bank of Japan, three megabanks, and JPX on Mythos risks; formal public-private working group established
Japan's Financial Services Agency convened an emergency meeting on April 23 with the Bank of Japan, three megabanks, the Tokyo Stock Exchange, and the National Cybersecurity Office after Anthropic's Mythos announcement. Finance Minister Satsuki Katayama said: 'This is a crisis that is already upon us — cyberattacks against the financial industry could immediately trigger credit uneasiness.' On April 24, Katayama announced a formal working group jointly with the financial industry. BOJ Governor Kazuo Ueda, JPX CEO Hiromi Yamaji, and the presidents of Japan's three megabanks all attended. Japan has no public Mythos access.
Japan's FSA establishing a named minister-led, BOJ-and-megabank-attended working group on Mythos risks upgrades Japan from a research-watch placeholder to a concrete institutional regulatory response from the world's third-largest economy.
Fortune/TechCrunch: Mozilla used Mythos to identify and patch Firefox vulnerabilities at unprecedented scale — 423 bug fixes shipped in April alone
Fortune reported on April 23 that Mozilla identified and patched 271 Firefox vulnerabilities using Anthropic's Mythos Preview model. TechCrunch reported on May 7 that Mozilla subsequently shipped 423 bug fixes in April 2026 alone — compared to 31 in April of the prior year — including a 15-year-old bug in the browser's HTML parser and multiple sandbox vulnerabilities. Mozilla published details on 12 specific bugs discovered through Mythos. Firefox remains reliant on human engineers for the actual patches; Mozilla's Brian Grinstead stated: 'every single one is one engineer writing a patch and one engineer reviewing it. We have not found it to be automatable.' Mozilla is not publicly named by Anthropic as a Glasswing launch partner but is consistent with the 40+ additional organizations extended access for critical software infrastructure.
Mozilla's Mythos-assisted patch run — scaling from 31 to 423 monthly bug fixes — is the first concretely quantified example of Glasswing's defensive output for a major open-source browser with hundreds of millions of global users, and demonstrates Mythos's practical utility even where human patch authors remain the bottleneck.
Fortune: unauthorized Discord group retains continuous Mythos access as of April 23, breach enabled by prior Mercor data leak
Fortune reported that the Discord group that gained unauthorized access to Mythos on its announcement day still had continuous access as of April 23. The group exploited knowledge from a prior cyberattack on AI training startup Mercor, which gave members familiarity with Anthropic's URL conventions for unreleased models. The group had not used Mythos for cyberattacks but had been running the model continuously since gaining access.
Ongoing unauthorized access — not a one-time breach — means Anthropic's Glasswing gating strategy remains materially compromised while the company investigates, and traces the access vector to a supply-chain incident at a third-party AI startup.
Reuters: Morgan Stanley CEO Ted Pick says the bank is 'permissioned on Claude Mythos Preview'
Reuters reported that Morgan Stanley CEO Ted Pick told analysts on the bank's earnings call that the firm is 'permissioned on Claude Mythos Preview,' publicly confirming access that had previously only been reported through unnamed sourcing.
This upgrades Morgan Stanley from a reported tester to a publicly confirmed access holder, strengthening the map of named major-bank participation in Project Glasswing-era Mythos access.
India Government – MeitY, Finance Ministry, and CERT-InRegulatory response
The Print: Finance Minister Sitharaman chairs emergency Mythos risk meeting with bank chiefs and RBI; CERT-In issues high-severity advisory on April 26
Finance Minister Nirmala Sitharaman chaired a meeting on April 23 with bank chiefs, RBI officials, and MeitY representatives to assess the risks Claude Mythos poses to India's financial systems, describing the threat as 'unprecedented' and calling for a real-time threat-intelligence-sharing system across banks, CERT-In, and other agencies. Three days later, on April 26, CERT-In issued a high-severity advisory about frontier AI models, formalizing India's official cyber risk posture on Mythos-class capabilities.
India's Finance Minister personally chairing a cross-agency Mythos risk meeting — and CERT-In following with a formal advisory — shows a G20 government with no public Mythos access treating the model as a systemic financial and infrastructure threat requiring cabinet-level coordination.
Australian Department of Home AffairsRegulatory response
Reuters: Australia's Home Affairs ministry says it is working with Anthropic on emerging Mythos vulnerabilities
Reuters reported that a spokesperson for Australian Home Affairs minister Tony Burke said the government is working with software providers including Anthropic to stay aware of emerging vulnerabilities linked to Mythos. The same report said the central banks of Australia and New Zealand were monitoring the release and that the Australian Banking Association said banks were engaging regulators over Mythos.
This moves Australia's position from sector-level monitoring into an explicit government critical-infrastructure coordination response tied directly to Anthropic and Mythos.
UK National Cyber Security CentreRegulatory response
UK NCSC CEO Richard Horne at CyberUK 2026: Mythos can be a 'net positive' for UK cyber defence if secured against misuse
UK National Cyber Security Centre CEO Richard Horne told the CyberUK 2026 conference in Glasgow that advanced AI tools such as Anthropic's Claude Mythos can be a 'net positive' for UK cyber defence if properly secured against misuse. Horne framed the model as part of a broader 'perfect storm' moment for cybersecurity while endorsing Anthropic's controlled-access approach.
A named public endorsement from the head of the UK's national cyber agency at its flagship annual conference is the strongest allied-government affirmative signal on Mythos, separating the NCSC's assessment from the financial-regulator caution and U.S. agency-exclusion narrative.
Reuters: BoE co-chaired CMORG formally meets and states that UK financial services industry 'is prepared' for Mythos-class frontier AI cyber risks
The Bank of England and UK Finance co-chaired Cross Market Operational Resilience Group met and issued a public statement that 'the financial services industry is prepared for these developments and emerging cyber risks more broadly, as well as the opportunities for growth and efficiency that they bring.' The group — which includes eight of the UK's largest banks, four financial infrastructure providers, two insurers and multiple regulators — agreed that firms must continue to focus on effective practices including AI-based cyber defence. The group will reconvene in early May with expanded industry participation.
The formal CMORG statement marks the UK financial sector's transition from monitored watch into a sector-wide public preparedness assessment, providing the clearest official signal yet that structured institutional response is under way on Mythos-class frontier AI.
UK Government – DSIT and Cabinet OfficeRegulatory response
UK Technology Secretary Kendall and Security Minister Jarvis publish open letter: Mythos is 'substantially more capable at cyber offence than any model we have previously assessed'
Technology Secretary Liz Kendall and Security Minister Dan Jarvis issued a joint open letter to UK business leaders warning that AI models — citing Mythos specifically — are 'becoming capable of doing work that previously required rare expertise: finding weaknesses in software, writing the code to exploit them.' The letter cited the AISI's finding that frontier model capabilities are now doubling every four months rather than every eight, and called on businesses to prioritize cybersecurity at board level.
A cabinet-level joint ministerial letter naming Mythos as the most capable offensive model the AISI has ever assessed is the UK government's highest-level public policy escalation since the model was announced, placing Mythos explicitly in the UK's national cybersecurity governance agenda.
Bloomberg: unauthorized users accessed Claude Mythos Preview; Anthropic confirms active investigation
Bloomberg News, citing documentation and a person familiar with the matter, reported that a small group of unauthorized users gained access to Anthropic's restricted Claude Mythos Preview through a third-party vendor environment on the day of its announcement. The group — communicating through a private Discord channel — provided Bloomberg with screenshots and a live demonstration of the model. An Anthropic spokesperson confirmed the company is investigating the report, stating there is no evidence its core systems were impacted or that activity extended beyond the vendor environment.
An unauthorized access incident directly challenges Anthropic's Project Glasswing gating strategy and raises questions about the robustness of access controls on a model its own safety team flagged as too dangerous for public release.
Cybersecurity and Infrastructure Security AgencyBlocked
Axios: CISA lacks access to Mythos despite being the nation's top cyber defense agency
Axios reported that CISA does not have access to Claude Mythos Preview, even as other government agencies including the NSA are reportedly using it. Anthropic briefed CISA on Mythos capabilities but this did not result in access; the Commerce Department's Center for AI Standards and Innovation was separately reported to be testing the model.
The country's top cyber defense agency being excluded from a model it is supposed to help protect against creates a direct accountability and preparedness gap in U.S. critical infrastructure defense.
Bundesbank calls for relevant institutions to have Mythos access
Bundesbank President Joachim Nagel warned that Mythos could identify and exploit financial-institution software vulnerabilities, said misuse must be prevented, and called for all relevant institutions to have access to avoid competitive distortions.
This is a primary-source institutional reaction from a Eurosystem central banker, and it frames restricted access itself as a financial-stability and competition concern.
CNBC: Trump says Anthropic is 'shaping up' and a DoD deal is 'possible'
CNBC reported that President Trump told reporters a deal between Anthropic and the Department of Defense was 'possible,' citing 'very good talks' following the White House meeting with Anthropic CEO Dario Amodei. The Pentagon had blacklisted Anthropic as a supply-chain risk in March 2026 after contract disputes over autonomous weapons and domestic surveillance.
A direct presidential signal that a DoD deal is possible changes the Pentagon's status from administratively blocked to active discussion at the executive level, with significant implications for military AI procurement.
Reuters: Anthropic plans Mythos access for European and UK banks
Reuters reported that Anthropic plans to provide Mythos access to European banks soon and aims to expand access to European and UK banks among other organizations, subject to security checks.
This is an access-lane update, not just a reaction update: European and UK banks may move from regulator scrutiny into direct testing within days or weeks.
Reuters: Bank of America has been testing Mythos internally
Reuters reported, citing a source familiar with the matter, that Bank of America has been part of Glasswing since the start and has been testing the Mythos technology internally.
A named U.S. megabank reportedly testing Mythos expands the access map beyond Anthropic's publicly named bank partner and helps separate reported private access from official launch-partner access.
Singapore MAS and Cyber Security AgencyRegulatory response
Reuters: MAS warns financial institutions and HKMA launches AI cyber-risk taskforce in response to Mythos
Reuters reporting carried by iTnews said Singapore's MAS warned financial institutions to strengthen cyber defenses and coordinated with the national Cyber Security Agency. Hong Kong's HKMA separately engaged banks, planned cyber resilience testing, and announced a public-private AI cyber-risk taskforce.
Singapore and Hong Kong are small but systemically connected financial hubs — their specific regulatory actions (MAS warning, HKMA taskforce) are named institutional responses, not sector-level monitoring signals.
Reuters/iTnews: ASIC, APRA, HKMA, South Korean financial regulators, and Singapore MAS named as monitoring or responding to Mythos-related financial-system risk
Reuters reporting carried by iTnews named ASIC, APRA, HKMA, South Korean financial regulators, and Singapore MAS as monitoring or responding to Mythos-related financial-system risk.
The access story is now also a reaction story: regulators without public access are still adjusting supervision and resilience planning around the model's reported capability.
Axios reports NSA use of Anthropic's Mythos despite the Pentagon blacklist
Axios reported that the National Security Agency is using Claude Mythos Preview despite a Defense Department effort to treat Anthropic as a supply-chain risk. TechCrunch carried the story the following day, amplifying the contradiction that one part of the national security apparatus is using a model another part has officially blacklisted.
Reported intelligence use changes Mythos from a corporate cybersecurity preview into a state-capability access story — and the DoD/NSA split is the cleanest institutional contradiction in the dataset.
AP details the Anthropic and Pentagon dispute over allowed government uses
AP reported that the administration and Defense Department had sought to restrict federal use of Anthropic products amid conflict over autonomous weapons and domestic surveillance constraints.
Denied or contested access is just as important as granted access because it shows where policy, safety, and procurement collide.
European Central Bank and eurozone lendersRegulatory response
Irish Times: Bailey and Lagarde warn at IMF spring meetings that Mythos-class AI could threaten world banking system
The Irish Times reported that Bank of England Governor Andrew Bailey and ECB President Christine Lagarde both issued public warnings about AI models like Mythos at the IMF spring meetings in Washington. Bailey, chairing the Financial Stability Board, warned Mythos 'could crack the whole cyber risk world open.' Lagarde stated that no governance framework currently exists to contain tools of this reach if they fall into the wrong hands.
Named statements from the FSB chair and ECB president at the IMF's principal forum elevate Mythos from a bilateral regulatory concern to a stated G7-level financial stability issue with no existing international governance solution.
OMB discusses Mythos guardrails but denies current agency access
Reporting based on a Bloomberg-reviewed memo said OMB was setting up protections for possible use of a modified Mythos version; Nextgov/FCW later quoted OMB saying it was not giving agencies access and had no policy process underway.
This keeps the civilian-government signal in the negotiation lane rather than overstating it as an active access rollout.
White House chief of staff meets Anthropic CEO about Mythos
AP reported that White House chief of staff Susie Wiles met with Anthropic CEO Dario Amodei to discuss Mythos, cybersecurity, AI safety, and U.S. leadership.
The meeting makes Mythos access an executive-branch policy issue and creates a credible basis for tracking government discussions separately from confirmed deployments.
European Central Bank and eurozone lendersRegulatory watch
ECB reportedly convenes eurozone bank risk officers on Mythos
Bloomberg reported that the European Central Bank was convening chief risk officers of eurozone lenders to discuss potential threats from Anthropic's Mythos model.
Europe's financial regulators appear to be moving even where direct testing access remains unclear.
South Korea MSIT and financial regulatorsRegulatory response
Seoul Economic Daily: South Korea's science ministry holds emergency cybersecurity briefings with industry after Mythos release
Seoul Economic Daily reported that South Korea's science ministry met with major domestic cybersecurity firms to discuss countermeasures after specialized cyber AI releases.
This is a named ministry response, not a generalized sentiment signal, making it one of the strongest non-access records in Asia.
UK AISI publishes official evaluation of Claude Mythos Preview's cyber capabilities
The UK AI Security Institute published its official evaluation of Claude Mythos Preview's performance on cybersecurity tasks, including capture-the-flag challenges and complex multi-step attack simulations, confirming direct government evaluation of the model.
This primary source confirms the UK government is among the most technically informed allied governments on Mythos capabilities, and places the UK evaluation on record with official documentation rather than only secondary reporting.
Bloomberg: Treasury CIO Sam Corcos seeks Mythos access to scan government systems for vulnerabilities
Bloomberg reported that Treasury Chief Information Officer Sam Corcos was seeking access to Anthropic's Mythos model as early as that week to begin hunting for software vulnerabilities. Corcos briefed Treasury's cybersecurity team on Mythos and directed the team to prepare for AI-enabled threats. Access had not yet been confirmed at the time of reporting.
Treasury seeking its own model access is distinct from the earlier coordination role — it signals the department treating Mythos as a hands-on security tool rather than only a systemic risk topic, extending the government access-seeker footprint beyond intelligence and national security agencies.
The Decoder/POLITICO: most European cyber agencies had limited Mythos visibility while UK AISI evaluated it
The Decoder, citing POLITICO reporting based on conversations with officials from eight national European cybersecurity agencies, said most had limited visibility into Mythos. Germany's BSI confirmed talks with Anthropic but no direct testing. The UK AISI, by contrast, published an official evaluation.
The access divide is not only national but institutional — agencies with different technical credibility and vendor relationships landed in different positions, even within allied Europe.
Bloomberg: Goldman Sachs CEO confirms the bank has access to Mythos and is working with Anthropic on cyber defenses
Bloomberg reported that Goldman Sachs CEO David Solomon confirmed during the bank's Q1 2026 earnings call that Goldman has access to Anthropic's Mythos model and is working closely with Anthropic and its security vendors. Solomon said the bank is 'supplementing' its cyber and infrastructure resilience in response.
A CEO's public earnings-call confirmation of Mythos access makes Goldman Sachs the second major U.S. bank to confirm access on record, expanding the named financial institution access list beyond the officially named Glasswing partner JPMorgan Chase.
Bank of England CMORG reportedly prepares Mythos discussion with banks
Bloomberg reporting carried by Insurance Journal said Mythos would be on the agenda for the Bank of England's cross-market operational resilience and AI taskforce discussions.
Financial resilience meetings give the UK a second public lane beyond model evaluation: sector-wide preparedness.
Ireland National Cyber Security CentreRegulatory response
Ireland NCSC: Mythos represents a 'significant change' in vulnerability identification; calls for wider trusted government access
Ireland's National Cyber Security Centre issued an official statement acknowledging that Anthropic's Mythos Preview represents 'a significant change in the way hardware and software vulnerabilities are identified and patched,' confirming these capabilities align with developments the NCSC has been tracking since 2023. It endorsed Anthropic's restricted release as a responsible approach and called for wider availability to trusted global industry and government cyber security partners.
A primary-source EU member state government statement confirms that allied intelligence communities have been tracking Mythos-class capability since 2023 and explicitly endorses broader allied government access as the appropriate policy response.
Bloomberg: Citigroup among Wall Street banks internally testing Mythos at the urging of Trump administration officials
Bloomberg reported that Citigroup is among Wall Street banks — alongside Goldman Sachs, Bank of America, and Morgan Stanley — that have begun testing Anthropic's Mythos model internally as Trump administration officials encourage major banks to use it to detect vulnerabilities.
Citigroup is a globally systemically important bank; its reported testing extends the named financial-institution access map well beyond the single bank Anthropic publicly named as a Glasswing partner.
Bloomberg: Morgan Stanley among Wall Street banks internally testing Mythos at the urging of Trump administration officials
Bloomberg reported that Morgan Stanley is among Wall Street banks — alongside Goldman Sachs, Citigroup, and Bank of America — that have begun testing Anthropic's Mythos model internally as Trump administration officials encourage banks to use the model for vulnerability detection.
Morgan Stanley's reported access brings the named U.S. financial-institution testing pool to at least five major banks, indicating the early Glasswing access base is broader than the single publicly named bank partner.
Treasury, Federal Reserve, and Major BanksSector watch
Treasury, Fed, and bank CEOs discuss Mythos cyber risk
CBS News reported that Treasury Secretary Scott Bessent and Fed Chair Jerome Powell met with top bank CEOs in a closed-door session about cybersecurity risks posed by Mythos.
Financial-system coordination shows Mythos-class capability being handled as a sector-wide resilience problem, not only as model access.
Anthropic announces Project Glasswing and Claude Mythos Preview
Anthropic announced a gated research preview of Claude Mythos Preview through Project Glasswing, naming launch partners and saying access was extended to over 40 additional organizations.
The announcement created the initial access map: named critical-infrastructure partners, unnamed additional organizations, cloud access channels, and explicit defensive-security positioning.
Anthropic names India a major Claude market through Infosys partnership
Anthropic announced an Infosys collaboration and described India as its second-largest Claude.ai market, with deep technical usage across software and regulated industries.
India is strategically important even without public Mythos access because its developer base and Global South governance posture shape future access debates.