← May 6, 2026
tech power

The Government Wants to Test AI Before You Get It

The Government Wants to Test AI Before You Get It
Insurance Journal / Adobe Stock

What happened

On May 6, Microsoft, Google, and xAI agreed to give the U.S. Center for AI Standards and Innovation early access to unreleased AI models for national security testing. The agreements extend a Biden-era program that already covered OpenAI and Anthropic. The proximate cause is Anthropic's Claude Mythos, a restricted frontier model that found thousands of zero-day vulnerabilities across major operating systems and browsers, achieved a 73% success rate on expert-level offensive cybersecurity tasks, and was subsequently accessed by unauthorized users through a contractor's credentials. CAISI Director Chris Fall framed the expanded partnerships as essential for understanding frontier AI before deployment.

The government is not gaining oversight of AI. It is gaining a seat at the table for the models that companies are willing to share, while the model that actually alarmed everyone stays mostly beyond its reach.

Prediction Markets

Prices as of 2026-05-06 — the analysis was written against these odds

Will a Claude Mythos model be released by April 30, 2026?

Polymarket · as of 2026-05-06

0%

yes

The Hidden Bet

1

Pre-deployment testing by CAISI meaningfully reduces national security risk from frontier AI

Mythos was already accessed by unauthorized users within weeks of its restricted rollout. The gap between CAISI evaluation and actual proliferation is measured in weeks, not the months or years that meaningful defense requires. Testing informs; it does not contain.

2

Voluntary agreements with three additional companies represent a stable governance framework

These are renegotiated extensions of Biden-era commitments, not new statutes. Companies can withdraw, renegotiate scope, or share stripped-down versions. Anthropic is not in this round precisely because it is in a separate dispute with the Pentagon over military guardrails.

3

The U.S. retaining preferential access to the most capable models preserves a strategic advantage

Open-source models from Qwen and DeepSeek are closing the gap on cybersecurity tasks at 1/50th the cost. Restricting Anthropic's Mythos accelerates the incentive for others to build unrestricted alternatives. The access-control strategy contains the problem temporarily while hardening the competition.

The Real Disagreement

The actual fork is whether dangerous AI capabilities can be governed by controlling distribution, or whether the only durable answer is preventing them from being built in the first place. Access control is the current bet: restrict Mythos to 50 vetted organizations, test models before deployment, and hope that defensive applications outpace offensive proliferation. The alternative view is that once a capability exists, containment is a fiction. Anthropic's own unauthorized access incident supports the second view. But the first camp argues that slowing proliferation by weeks or months still matters when defenders need time to patch. I lean toward the second position: Mythos is less than two months old and has already leaked. The window for access control as meaningful governance is closing faster than the testing programs can be designed.

What No One Is Saying

Anthropic is in a dispute with the Pentagon over military guardrails, so the company that actually triggered the panic is not in the agreement announced today. The government expanded its testing program with the three companies that were easiest to work with, not necessarily the ones posing the most immediate risk.

Who Pays

Small and mid-sized software vendors

Immediate and worsening over the next 12-18 months as open-source models acquire similar capabilities

Mythos can find exploitable flaws faster than quarterly patching cycles. Less than 1% of Mythos-identified vulnerabilities have been patched so far. Organizations without continuous patching capacity face growing exposure as these capabilities proliferate to adversaries.

Startups building AI security products

Now, with access gaps widening as CAISI agreements extend preferential partnerships

The governance model favors large companies with government relationships. Project Glasswing includes Amazon, Apple, Google, Microsoft, and Nvidia. If restricted-access programs set the distribution standard, smaller competitors are structurally excluded from the most capable defensive tools.

Scenarios

Testing holds the line

CAISI pre-deployment evaluations become the norm for frontier models. Companies accept light-touch government review in exchange for regulatory certainty. Mythos-class capabilities remain restricted long enough for defensive deployments to mature.

Signal White House issues executive order formalizing model review; other AI companies join voluntarily before legislation requires it

Open-source overtakes the framework

Within 12 months, open-source models reach near-parity with Mythos on offensive cybersecurity tasks. Restricted-access governance becomes irrelevant because the capabilities are freely available. The CAISI agreements are revealed as kabuki rather than containment.

Signal Australian Signals Directorate or independent researchers confirm open-source model replication of Mythos techniques at scale

Anthropic becomes a de facto national security contractor

NSA and Pentagon negotiate exclusive or priority access to Mythos updates. Anthropic's commercial independence narrows as government becomes its primary client and regulator. The company's safety mission is subordinated to intelligence community requirements.

Signal Anthropic signs a classified contract with DoD; Pentagon drops national-security-supply-chain designation in exchange for access terms

What Would Change This

If CAISI's evaluations demonstrably slowed the time between vulnerability discovery and weaponization by adversaries, the access-control model would have more merit. Right now, the evidence runs the other direction: unauthorized Mythos access happened within weeks, and the agency conducting the evaluations has completed only 40 reviews in its existence. The framework would need to be orders of magnitude faster to matter.

Sources

Insurance Journal / Reuters — Straightforward news report on the CAISI agreements with Microsoft, Google, and xAI; notes the Mythos alarm as the trigger
SiliconAngle — Notes the administration's previous hands-off posture and frames this as a reversal driven by public fear around Mythos
The Autonomous — Deep analysis of Anthropic's Project Glasswing access-control strategy; argues the governance model has shifted from capability restriction to access management
ResultSense — Details Mythos capabilities: 181 Firefox exploits, 27-year-old OpenBSD flaw, unauthorized access through private channels
Security Affairs — Covers Anthropic's defensive response: Claude Security public beta as the commercial mirror to the restricted offensive Mythos

Topics

AI national security Anthropic regulation cybersecurity

Related

power

The White House Wants an FDA for AI. The Problem Is That Anthropic Wrote the Prescription.

 power

Trump Wants to Regulate AI Now. The Industry It Threatened Is Thanking Him.

 power

OpenAI Gives the Government Access to Its Cyber Weapon. Anthropic's Already Leaked.

 conflict

The Weapon Anthropic Won't Hand Over