A 27-year-old software vulnerability, one that apparently survived decades of manual code review, has become the flashpoint in a legal and policy battle over the future of AI-powered cybersecurity. Anthropic claims its newest AI model, Mythos, flagged the long-buried flaw during a security audit demonstration. The Pentagon, meanwhile, has designated Anthropic itself as a security concern, a classification now under challenge in federal court. Together, these developments are forcing a question that governments and tech companies have circled for years but never resolved: when an AI system can find hidden weaknesses in critical software, who gets to use it, and who decides?
What Anthropic says Mythos can do
Anthropic has publicly stated that Mythos, the company’s latest frontier model, can expose weaknesses in software security that human reviewers have missed for years. The company’s most attention-grabbing example is a vulnerability it says dates back 27 years. According to Anthropic, the flaw evaded detection through successive rounds of professional code auditing before Mythos surfaced it.
That claim, if validated, would represent a significant milestone in automated vulnerability discovery. For context, Google’s Project Zero and DeepMind demonstrated in late 2024 that their AI tool Big Sleep could find a previously unknown, exploitable bug in SQLite, a widely used open-source database engine. Anthropic’s assertion goes further in one respect: the sheer age of the alleged flaw suggests a depth of analysis that traditional static-analysis tools and human auditors failed to reach over nearly three decades.
However, Anthropic has not published a detailed technical report identifying the affected software, the nature of the vulnerability, or any Common Vulnerabilities and Exposures (CVE) identifier. No independent security firm or academic research group has publicly confirmed the finding. Until that verification happens, the 27-year claim should be understood as a company assertion, not an established fact. Anthropic did not respond to requests for additional documentation as of early May 2026.
The Pentagon’s designation and the courtroom challenge
Separately, the Pentagon has classified Anthropic as a security concern, a designation that has triggered legal proceedings and sharp political friction. The Associated Press reported that a federal judge questioned the Defense Department’s rationale for the label, pressing government attorneys on whether the classification rests on concrete evidence of misuse risk or on a broader institutional impulse to control AI development.
Key details remain under seal. The specific court, the presiding judge, and the full evidentiary record have not been made public in available reporting. What is clear from the AP’s account is that the judge found the government’s reasoning sufficiently questionable to warrant closer scrutiny, a signal that the designation may not survive judicial review without stronger justification.
Whether the Pentagon’s concern centers on Mythos specifically or on Anthropic’s broader model portfolio is also unclear. The timing, however, is hard to ignore: the legal dispute has intensified in the same period that Anthropic has been promoting Mythos’s vulnerability-finding capabilities, suggesting the two threads are connected even if the government has not drawn that link explicitly in public filings.
Why the same capability looks different from opposite sides
The core tension is not new, but Mythos sharpens it. Anthropic frames the model as a defensive tool: hand it a codebase, and it helps developers find and patch weaknesses before attackers exploit them. The Pentagon appears to view the same capability through an offensive lens. A model that can surface hidden flaws could, in the wrong hands, generate a catalog of exploitable entry points across critical infrastructure.
This duality has deep roots in cybersecurity policy. For decades, governments have wrestled with how to handle dual-use knowledge, from the 1990s “crypto wars” over strong encryption to the ongoing debate about whether zero-day exploits should be stockpiled for intelligence purposes or disclosed to vendors for patching. The Vulnerabilities Equities Process, the U.S. government’s framework for making those decisions, was designed for individual bugs, not for a general-purpose system that could discover many flaws across many codebases simultaneously.
That scale is what makes the Mythos dispute different. A single zero-day can be evaluated, disclosed, and patched through established channels. An AI model that continuously generates vulnerability discoveries creates a pipeline problem: who reviews the output, who decides what gets disclosed, and how quickly can affected vendors respond? None of those questions have settled answers in current U.S. policy.
What practitioners on both sides are watching
For corporate and government cybersecurity teams, the practical stakes are immediate. A tool that reliably surfaces decades-old bugs could dramatically shorten patch cycles and shrink the window attackers have to exploit known weaknesses. Enterprise security leaders have long complained that the backlog of unpatched vulnerabilities in legacy systems is one of their biggest risks. An AI auditor that chews through old codebases faster than any human team could would be, in their view, a net positive for defense.
But if access to that tool is restricted by a national-security classification, the organizations that need it most, operators of aging infrastructure in energy, transportation, and healthcare, could be locked out. That scenario is not hypothetical. Classified vulnerability information has historically been siloed within intelligence agencies while the affected software remained unpatched in civilian systems, sometimes for years.
On the other side, defense and intelligence officials worry about proliferation. If Anthropic publishes enough about Mythos’s methodology for competitors or adversaries to replicate it, the result could be a global acceleration in offensive vulnerability discovery. Nation-states with active cyber-offense programs, including China, Russia, and North Korea, are already investing heavily in AI-assisted hacking tools, according to multiple threat assessments published by U.S. Cyber Command and allied agencies over the past year.
What remains uncertain
Several critical questions lack clear answers as of May 2026:
- Independent validation: No third-party security firm or academic group has publicly confirmed Mythos’s 27-year vulnerability finding. Without a CVE, an affected-software disclosure, or a peer-reviewed analysis, the claim cannot be independently assessed.
- Responsible disclosure: Whether Anthropic coordinated with the affected software vendor or any government agency before publicizing the vulnerability-finding capability has not been confirmed. Standard practice in cybersecurity research calls for notifying vendors before public disclosure.
- Scope of the Pentagon’s concern: The security-threat designation could apply narrowly to Mythos or broadly to Anthropic’s entire model line. No unclassified Pentagon documents explaining the basis for the label have been released.
- Legislative response: Several members of Congress have signaled interest in new rules governing AI systems that touch sensitive cybersecurity domains, but no specific bill has been introduced as of this writing.
What comes next
The next phase will likely play out on three fronts simultaneously. In court, further hearings may force the Pentagon to reveal more about its internal risk assessment and give Anthropic an opportunity to defend Mythos’s capabilities under oath. In Washington, lawmakers and regulators are looking for signals on whether existing frameworks like the Vulnerabilities Equities Process can absorb AI-scale discovery or whether entirely new rules are needed. And in the technical community, security researchers are debating how to integrate AI-assisted auditing into responsible-disclosure norms without handing adversaries a roadmap.
The outcome will set early precedent for a problem that extends well beyond one company and one model. If the court upholds the Pentagon’s designation, it could open the door to preemptive restriction of any AI tool that touches vulnerability research, chilling both commercial development and academic inquiry. If the court sides with Anthropic, it would establish that capability alone does not equal threat, raising the burden of proof the government must meet before labeling a private company’s technology a national-security risk.
Either way, the Mythos dispute has already accomplished something: it has moved the conversation about AI and cybersecurity from abstract policy papers into a courtroom where real consequences attach to the answers. The same model that might finally flush out a flaw hidden since the late 1990s could also, in less careful hands, map the attack surface of systems that millions of people depend on every day. How that contradiction gets resolved will shape the rules for every frontier AI lab that follows.
More from Morning Overview
*This article was researched with the help of AI, with human editors creating the final content.
