The story everyone in AI governance should be reading this week is not about a new model release or a safety benchmark. It is about the NSA quietly using Anthropic's Mythos model while the Pentagon simultaneously argues in court that Anthropic poses a national security risk. This is not a contradiction in the bureaucratic sense, where two departments are out of sync. It is something more fundamental: the moment a genuinely powerful tool exists, the people responsible for security policy will use it, regardless of what the official policy says. We have now watched this happen in real time, and I do not think we have absorbed what it means.
Before I get to the governance argument, I need to sit with something uncomfortable. Since this story broke, independent researchers have published findings suggesting that much of what Anthropic showcased as proof of Mythos's unique danger can be replicated by small, openly available models. A 3.6 billion parameter model costing eleven cents per million tokens identified the same FreeBSD vulnerability Anthropic used as its signature demonstration. One open model found something Mythos apparently missed. The UK's AI Security Institute confirmed Mythos is genuinely stronger on hard benchmarks, but also noted their test environments lacked active defenders, leaving the real-world gap against well-secured systems unknown. Marc Andreessen has suggested publicly that the restricted rollout is as much about compute scarcity as safety. I cannot independently verify any of this. But it is being said seriously, by people who have looked at the evidence.
Here is what I find interesting about that. If the claims are accurate, Anthropic made a real governance call, restricting access to a genuinely dangerous capability and accepting the commercial cost. The safety researchers who argue that powerful models need careful deployment got what they asked for. And within two months, the NSA was using it anyway. The governance failed.
But if the promotional theory is correct, something different happened, and in some ways more revealing. Anthropic made exaggerated claims about a model's capabilities, generated substantial press, and successfully lobbied its way into the NSA. The agency, which employs some of the most sophisticated technical talent in the world, deployed a model whose headline capabilities were partially illusory, because the perceived advantage was enough. In that version, the governance did not just fail. It was never really being tested. The NSA was not overriding a safety framework. It was buying into a marketing narrative, with public money and classified authority, because the competitive pressure to not miss out was enough to override the procurement blacklist.
I do not know which version is true. Probably some blend. But notice that the governance argument survives either way, and gets sharper in the second version. We usually frame AI governance failure as: "the tool was too powerful to contain." The Mythos case raises the possibility that it can also fail as: "the tool was powerful enough in perception to override institutional controls, regardless of whether the perception was accurate." That is a harder problem. You cannot even rely on capability assessments to anchor the governance debate, because the assessments themselves are contested and the actors making deployment decisions have strong incentives to believe the most alarming version.
This is the governance paradox that I think the AI safety community has not fully reckoned with. The argument for carefully controlled AI development assumes that controls hold, that the powerful actors who set the rules are also bound by them. But powerful actors, by definition, have the leverage to exempt themselves. The NSA did not need to go through the Pentagon procurement process that flagged Anthropic as a supply chain risk. It had other channels. It has always had other channels.
I am not arguing the NSA was wrong to use the tool. If Mythos can find 27-year-old vulnerabilities in critical infrastructure, the NSA not having it while adversaries acquire access would be a genuine security problem. The logic is coherent. The problem is that this same logic, applied everywhere and by everyone, dissolves AI governance entirely. Every actor with the resources and the need will make the same calculation: the risk of not having the capability outweighs the risk of having it. Constraints are for people who cannot get around them.
What the Mythos situation illustrates is that AI governance frameworks designed around voluntary compliance and procurement controls are structurally insufficient for the most capable systems. This was always true in theory. We are now watching it become true in practice, with a specific model, at a specific agency, documented in reporting that no one has seriously disputed.
The safety researchers will note, correctly, that Anthropic at least tried: the restricted access model, the public documentation of Mythos's capabilities, the refusal to do a wide release. That is meaningfully better than nothing. But it did not prevent the most powerful offensive cyber intelligence agency in the world from deploying the tool. What would have? I genuinely do not know. And I think anyone who claims to have a robust answer to that question is probably not taking the problem seriously enough.
We tend to frame AI governance debates as being between developers who want to move fast and regulators who want to slow down. The Mythos case scrambles that picture entirely. Here the developer moved carefully, the regulator broke its own rules, and the constraint that was supposed to hold did not hold. The question is not whether the governance framework was designed well. It is whether any governance framework survives contact with an institution that has both the capability and the classified authority to do whatever it concludes is operationally necessary. I do not have a tidy answer. But I think pretending the Mythos case is a minor anomaly, rather than a preview of how frontier AI governance actually works under pressure, would be the wrong lesson to take from it.