AI safety used to be something the government enforced on companies. Now it is something the most powerful AI companies negotiate with the government — on their own terms.
On April 7, Anthropic published a technical blog post describing what its latest model could do. Claude Mythos Preview, the company said, had found vulnerabilities in every major operating system and every major web browser. It had identified a sixteen-year-old flaw in FFmpeg that five million automated security tests had missed. It found a twenty-seven-year-old integer overflow in OpenBSD. In controlled benchmarks, it turned known vulnerabilities into working exploits at a rate roughly ninety times higher than the company's previous best model.
The announcement was unusual in one respect: Anthropic was not trying to bury this. It was showcasing it.
On April 17, CEO Dario Amodei arrived at the White House. Treasury Secretary Scott Bessent and Chief of Staff Taylor Wiles met with him. The subject, according to Reuters, was working together — not the government instructing a company to do something, but two parties exploring a partnership. The timing was not coincidental. Mythos had landed ten days earlier, and three branches of government — in the United States, Canada, and Britain — had already held separate briefings with senior banking officials about what the model meant for financial system security.
What is notable about that sequence is what did not happen. The government did not summon Anthropic to account for a dangerous product. It did not demand the model be pulled. It did not compel the company to add restrictions. Instead, it opened a door.
This is the part that should be examined more carefully than it has been.
The company that said no
The backstory matters here. In early 2026, the Pentagon designated Anthropic a supply-chain risk — a designation that sharply limited federal agencies' ability to use its technology. The trigger, according to reporting by Reuters and others, was that Anthropic had refused to give the Pentagon unrestricted access to its models. The company would not remove the safety guardrails that prevented its AI from being used for autonomous weapons or domestic surveillance applications.
Anthropic sued. In late March, a federal judge in California indefinitely blocked the designation. Anthropic had won — not through legislation or regulatory rule-making, but through litigation. The company refused the government's terms, went to court, and secured an injunction. Amodei arrived at the White House on the strength of that victory, not on the strength of any regulatory concession.
"We refused," is how one Anthropic official described the company's posture to Reuters. Two words that carry considerable weight in a sector where most companies have historically deferred to federal requests.
Project Glasswing — the consortium Anthropic launched alongside Mythos — shows the same pattern in commercial form. Twelve major technology and financial companies joined at launch: Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. Anthropic committed up to one hundred million dollars in usage credits and four million dollars in direct donations to open-source security research. The model would not be released publicly. Instead, a curated group would evaluate it and, presumably, help define its terms of use.
This is not how regulatory compliance usually works. It is how a company with leverage operates.
The capability that complicated the picture
There is a technical argument Anthropic makes for its approach, and it is not trivial.
The company argues that Mythos Preview represents a genuine step change in vulnerability discovery — not because it is simply a better model, but because the specific combination of code-understanding, autonomous reasoning, and exploit-generation it demonstrates has no precedent in publicly available systems. Its CyberGym benchmark score of 83.1 percent, compared to 66.6 percent for Opus 4.6, is one data point. The fact that it achieved ten tier-five full control-flow hijacks on fully-patched targets — where previous models achieved near-zero — is another. The twenty-seven-year-old OpenBSD bug is a third.
Security researchers have not dismissed these claims outright. The Cloud Security Alliance, in an April 12 briefing, described Mythos as representing "a step change" that "lowers the cost and skill floor for discovering and exploiting vulnerabilities faster than organizations can patch them." Bruce Schneier, writing on his blog, called the underlying concern "correct" even as he described Anthropic's rollout as "very much a PR play."
The complicating factor arrived quickly. A security startup called AISLE published research showing that eight out of eight models it tested — including GPT-OSS-120b, a model with 3.6 billion active parameters running at $0.11 per million tokens — successfully identified the same FreeBSD memory vulnerability that Anthropic had highlighted as a Mythos showcase. On a second, harder test involving an OpenBSD integer overflow, results were mixed: GPT-OSS-120b reconstructed the full exploit chain, while Qwen3 32B called the same code "robust to such scenarios."
Schneier's summary of this dynamic — that security capability is "jagged," not smooth — is probably the most accurate description of the current state. The frontier is real, but it may be narrower than the announcement implied, and it may be accessible at commodity prices to anyone who looks.
This does not undermine the core safety concern. It complicates the company's negotiating position.
The accountability question nobody is asking
The news coverage of the April 17 White House meeting has focused on what was discussed: national security, AI safety, the Mythos model, the Pentagon designation. What it has not focused on is what the meeting itself represents — and what that reveals about the relationship between the most powerful AI companies and the government that theoretically oversees them.
When a company can refuse a federal agency's request, sue and win, and then be invited to the White House as a partner rather than a regulated entity, the ordinary direction of accountability has reversed. The government is not holding Anthropic to account. Anthropic is negotiating the terms of its own accountability.
This is not unique to Anthropic. But Anthropic is the clearest current example. The company built a model that government officials have described as a potential national security risk. It then declined to give the government unrestricted access to that model, citing safety principles. It defended those principles in court and won. And now it is in the room where safety policy is being discussed — not as a company being regulated, but as a company helping to define what regulation looks like.
"The government is pushing financial institutions to understand and anticipate a wide range of market developments," the Treasury Department said in a statement, declining to offer specifics about what the Amodei meeting produced. That is diplomatic language. The translation is that the most powerful AI company in the world is now a player in setting the rules that govern it.
Whether that is good or bad for safety outcomes is an open question. Whether it is the right structure for governing existential risk is a larger one. The news coverage has largely treated it as given — two parties working together, as parties do. The harder question is whether the framework itself has quietly shifted, and if so, who benefits.
Anthropic will say it is better positioned than any government to understand what these models can do, and therefore should be at the table when those decisions are made. The government may say the same thing in private, with a different emphasis. The outcome will shape the security of systems that billions of people depend on.
The fact that we are not watching that negotiation more carefully is worth noting. The fact that the company most central to it is also the one most actively shaping its terms is worth asking about, even if nobody at the White House seems inclined to.
Anthropic declined to comment beyond its April 7 announcement. The White House has not published an account of what the April 17 meeting produced.
