On June 2, Anthropic announced it was expanding access to its Claude Mythos model to roughly 200 organizations — adding 150 new partners. These organizations cover power grids, water systems, telecommunications, healthcare, and hardware industries across more than 15 countries, including Japan, South Korea, India, France, and Germany. Samsung and NATO are reportedly among the new additions.
Mythos is no ordinary AI model. Its core capability is finding vulnerabilities — identifying systemic weaknesses in governments, banks, hospitals, and critical infrastructure at scale. White House officials learned about this capability as early as February and immediately organized high-level meetings to discuss responses. When Mythos first launched in April, it was only available to a small handful of partners, including Apple. Today, roughly 200 organizations using Mythos have already discovered more than 10,000 "high-severity or critical" security vulnerabilities.
Anthropic is still using a controlled release strategy — new partners must pass security reviews. The company also predicts that "within the next 6 to 12 months, many other AI companies will have Mythos-level models." That means AI-powered vulnerability discovery is about to become an industry standard.
Trump's Response: The 30-Day Review Executive Order
Mythos's vulnerability-finding capabilities triggered immediate action from the White House. On the same day Anthropic expanded its partnership program, President Trump signed an executive order titled "Promoting Advanced Artificial Intelligence Innovation and Security."
The core mechanism is simple. AI companies can voluntarily grant the government access to advanced models for up to 30 days before public release for security assessment. The order explicitly states this does not establish mandatory licensing or pre-approval systems. The Treasury Department, NSA, and CISA will jointly create an "AI cybersecurity information exchange platform" to work with industry on identifying and fixing software vulnerabilities. Within 60 days, the government will develop a benchmarking process to determine which capability thresholds define "covered frontier models."
But here's the backstory. The draft order originally required a 90-day review period. Hours before the signing was scheduled, Trump canceled it. The person who made the call was David Sacks, Trump's former AI policy chief. He told Trump the 90-day window would "slow down U.S. AI development and let China get ahead." After industry lobbying, the review period was cut by two-thirds — from 90 days to 30.
The Lobbying Battle: From 90 Days to 30
On May 20, Trump was scheduled to sign the 90-day review order. Hours beforehand, he pulled the plug. Sacks detailed the process on social media: he called Trump directly, arguing that a 90-day review would drag down U.S. AI progress and give China an opening. Trump was convinced — his stated reason was that he didn't want to do anything that would hurt America's lead over China.
The episode revealed a three-way internal struggle. Sacks represented the deregulation faction, pushing for the shortest possible review window. Defense Secretary Hegseth led the "AI hawk" faction, worried about national security risks and wanting longer reviews. Chief of Staff Wiles played the middleman, balancing both sides. The final 30-day window was a compromise — OpenAI and Google had even pushed for a 14-day window.
Sacks called the 30-day review a "game-changing" adjustment. But critics argue that even 30 days will slow U.S. AI innovation.
Industry Reactions: Welcome, Disappointment, and Concern
Microsoft president Brad Smith said he "welcomes this effort." OpenAI's chief global affairs officer Chris Lehane emphasized that "safety and innovation must go hand in hand." Google's public affairs president Kent Walker called it an "important step." These responses aren't surprising — all three companies lobbied for the shorter window and got most of what they wanted.
But criticism was equally strong. Virginia Democratic congressman Don Beyer called it a "disappointing Wild West regulatory environment." Future of Life Institute CEO Anthony Aguirre was more direct: "Voluntary frameworks are not enough. We must authorize the government to prevent the release of systems that pose unacceptable national security risks."
Anthropic's position is especially delicate. On one hand, its Mythos model triggered the executive order. On the other hand, Anthropic itself has been flagged by the Pentagon as a "supply chain risk." The same government that demands access to Anthropic's models for security assessment is also assessing Anthropic's own security. That is a strange loop.
The Deeper Story: How Mythos Changed Policy
Mythos's vulnerability-finding capability exposed a fundamental contradiction. If an AI model can find system vulnerabilities, it can also exploit them. Who is responsible?
Anthropic is giving 200 organizations access to Mythos to "find vulnerabilities," effectively turning AI into a cybersecurity tool. But if those vulnerability reports fall into the wrong hands, the consequences would be catastrophic. That is why the White House moved so quickly — to build a regulatory framework before AI-powered vulnerability discovery becomes widespread.
From 50 organizations to 200. From Apple to Samsung. From NVIDIA to JPMorgan. Mythos is becoming the "doctor" for critical infrastructure. Trump's executive order is establishing national standards for that inspection process. Together, they point to one trend: AI-powered vulnerability discovery is moving from "optional feature" to "standard configuration," and government security review of AI is moving from "temporary measure" to "routine process."
Anthropic predicts that within 6 to 12 months, many AI companies will have Mythos-level models. That means AI-powered vulnerability discovery is about to become a commodity. When that happens, Trump's 30-day review window will become the standard process for all advanced model releases. Silicon Valley shortened the timeline. But it did not change the direction.
The Logic Behind the One-Two Punch
Put Mythos and Trump's executive order side by side, and AI safety regulation is forming a closed loop. On the technical side, Anthropic is using AI to check critical infrastructure for vulnerabilities. On the policy side, Trump is establishing a pre-release review standard for advanced AI models. The two seem independent, but they are mutually reinforcing.
Mythos showed what AI can do — find vulnerabilities. It also showed what AI could do — exploit them. The executive order tries to create a buffer between finding vulnerabilities and exploiting them, using a 30-day government review to assess risk.
This one-two punch marks a shift. The AI industry is moving from "self-regulation" to "government intervention." Tech giants successfully lobbied to cut the review period from 90 days to 30. But they did not stop regulation from happening. The door to U.S. AI regulation is now open — not mandatory licensing, not hands-off either.
For companies, the next 6 to 12 months are critical. Before Mythos-level models become widespread, building internal security compliance systems may be the best strategy for dealing with upcoming regulation. For the government, the real test is whether the 30-day review window works, whether it is enough, and whether it needs adjustment. We will find out soon enough.
P.S. One model found 10,000 vulnerabilities. One president signed an executive order. The year is 2026. The AI story is writing itself faster than anyone can keep up.
