The Mythos story has a new chapter. As of April 14, two federal agencies, Treasury and the DoD, have reportedly moved from observing the Anthropic access dispute to actively seeking access themselves, according to reporting from MobileWorldLive. The White House briefing on Mythos was covered in prior reporting here. What’s new is the agency-level escalation, and one specific designation that changes the legal texture of this dispute.
The DoD reportedly designated Anthropic as a “supply chain risk” in March 2026, according to reporting attributed to IAPP, a designation that could not be independently confirmed from primary government sources. That framing matters. Supply chain risk designations in federal contracting carry specific procedural implications: they can restrict an agency’s ability to use a vendor’s products, trigger formal review processes, and affect existing contracts. If confirmed, this is no longer simply a debate about who gets access to a powerful AI model. It’s a federal procurement dispute.
Anthropic’s current access structure limits Mythos to a restricted partner tier. Amazon, Apple, Nvidia, and Google are reportedly among the authorized organizations, according to The Next Web’s coverage. What Treasury and DoD are asking for, and what Anthropic’s response has been, is not confirmed from available sources.
The model at the center of this dispute is not a general-purpose assistant. Anthropic states that Mythos Preview identified thousands of previously unknown zero-day vulnerabilities across major operating systems and browsers during testing, a claim secondarily reported by Hacker News and other outlets, all attributing it to Anthropic directly. That capability description, if accurate, explains why government agencies are paying attention. It also explains why access restriction is a defensible position: a model that can reliably discover novel vulnerabilities at scale is precisely the kind of tool that creates risk if it reaches the wrong hands.
The ECI benchmark score reported for Mythos, reportedly around 156 per Epoch AI, cannot be confirmed. The Epoch AI evaluation URL associated with this item returned a broken link during source verification. Treat any published ECI figure for Mythos as unverified until Epoch confirms.
Background: This brief is a follow-up to two previously published pieces: *”Anthropic Briefed the Trump Administration on Mythos, The Cybersecurity AI Too Dangerous to Release Publicly”* and *”Who Decides Which Organizations Get Access to Frontier Cybersecurity AI?”*, both available on the Technology pillar page. Readers new to this story should start there.
What to watch: whether the DoD supply chain designation gets confirmed via primary government sources; whether Anthropic responds publicly to the agency access demands; and whether Treasury or DoD pursue formal legal mechanisms to compel access. A deep-dive stakeholder analysis covering all parties in this dispute, Anthropic, DoD, Treasury, and the partner tier, is publishing alongside this brief.
The synthesis: the Mythos access dispute is no longer a story about AI safety philosophy. It’s a story about government contracting, supply chain law, and who has legal authority to demand access to a privately held AI capability. That shift has implications well beyond Anthropic.