The U.S. government is moving to place one of the most powerful new cybersecurity tools yet developed into the hands of federal agencies, even as officials acknowledge that the same technology could introduce a new class of risk to already fragile digital systems.
The new tool is Mythos, a frontier model developed by Anthropic, which is being tested under a restricted program known as Project Glasswing. The initiative allows select organizations to access an early version of the system for defensive purposes, reflecting a broader shift in how governments are beginning to operationalize advanced artificial intelligence in national security.
What distinguishes Mythos is not simply its ability to write code or analyze systems, but the speed and scale at which it can uncover weaknesses. According to people familiar with its early use, the model has already identified thousands of vulnerabilities across widely used software, from operating systems to web infrastructure. In conventional cybersecurity workflows, such discoveries would take months, sometimes years, to surface through manual audits or fragmented testing processes.
Register for Tekedia Mini-MBA edition 20 (June 8 – Sept 5, 2026).
Register for Tekedia AI in Business Masterclass.
Join Tekedia Capital Syndicate and co-invest in great global startups.
Register for Tekedia AI Lab.
That compression of time is precisely what makes the tool both valuable and potentially destabilizing.
In a communication to senior officials, the White House Office of Management and Budget indicated that it is working with industry partners and intelligence agencies to establish safeguards before allowing broader access to a modified version of the system. The message, sent by federal chief information officer Gregory Barbaccia, stopped short of confirming when or how agencies would begin using the model, but made clear that preparations are underway.
“We’re working closely with model providers, other industry partners, and the intelligence community to ensure the appropriate guardrails and safeguards are in place before potentially releasing a modified version of the model to agencies,” Barbaccia said.
The careful phrasing pinpoints the dilemma facing policymakers. Tools like Mythos could fundamentally change how governments defend critical infrastructure. By automating the discovery of software flaws and mapping potential attack paths, they offer the possibility of shifting cybersecurity from a reactive discipline, responding to breaches after they occur, to a more anticipatory one, where vulnerabilities are identified and addressed before they can be exploited.
But that same capability raises uncomfortable questions. A system that can rapidly identify and simulate exploitation of weaknesses could, in the wrong hands, accelerate the development of sophisticated cyberattacks. The concern is not theoretical. Security analysts have long warned that advances in automation could tilt the balance toward offense, particularly if defensive measures fail to keep pace.
This is why the U.S. government appears to be proceeding with unusual caution. Officials are exploring a controlled deployment, likely with restrictions on how the system can be queried, what data it can access, and how its outputs are monitored, rather than releasing the model broadly. The goal is to capture the defensive benefits while limiting the risk of misuse or unintended leakage.
The stakes are high
Federal agencies oversee vast networks of legacy and modern systems, many of which underpin essential services ranging from financial infrastructure to national defense. These systems are often complex, interconnected, and difficult to secure comprehensively. A tool capable of scanning such environments at scale could expose weaknesses that have gone undetected for years.
At the same time, the initiative reflects a growing recognition that the threat landscape is evolving faster than traditional defenses. State-backed actors and organized cyber groups are already experimenting with automation and machine-assisted attacks. In that context, withholding advanced tools from defenders may no longer be a viable strategy. The calculus is shifting toward controlled adoption, even if it introduces new layers of risk.
The move also highlights the changing dynamics between Washington and the private sector. Anthropic has been in discussions with the Trump administration over the deployment of Mythos, even as its relationship with the Pentagon has faced strain following a contract dispute. Treasury and Fed chiefs had earlier warned banks executives about deploying Mythos.The engagement offers Anthropic an opportunity to position itself at the center of a rapidly expanding market for AI-driven cybersecurity tools, one that is likely to attract sustained government and enterprise spending.
For the government, it is a test of whether emerging technologies can be harnessed without outpacing the institutions meant to regulate and control them.
Beyond immediate deployment questions, the introduction of systems like Mythos signals a deeper transformation. Cybersecurity is moving away from incremental improvements toward a model defined by asymmetry and speed, where the ability to process vast amounts of code and system data in real time becomes a decisive advantage. In such an environment, the distinction between defense and offense becomes increasingly blurred, and the margin for error narrows.
The absence of a clear rollout timeline indicates that officials are acutely aware of these dynamics.