Anthropic’s most powerful cybersecurity model is coming back online only for a controlled group of U.S. organizations, just as Asian AI companies are using the disruption around Mythos to pitch alternatives built for a more fragmented AI market.
The U.S. government has cleared Anthropic to redeploy Claude Mythos 5 to selected cyber defenders and infrastructure providers after a two-week shutdown, according to reporting from WIRED and The Verge. The broader directive remains in place, Fable 5 is still unavailable, and access now resembles an approved-partner regime rather than a normal commercial model rollout.
That matters because Mythos is not just another chatbot. Anthropic’s Project Glasswing materials describe Mythos Preview as an unreleased frontier model that found thousands of high-severity vulnerabilities across major operating systems, browsers, and other important software. The same capability that makes it valuable to defenders also makes governments nervous: automated vulnerability discovery compresses the time between finding a flaw and turning it into an exploit.
The new carveout is an attempt to split that difference. Anthropic gets a path to serve approved defenders again, but the model is no longer treated like a standard cloud API that customers can simply buy. For software vendors, critical infrastructure operators, and security teams that were considering Mythos-class tools, the last two weeks turned access reliability into a first-order buying question.
Sakana’s Fugu Turns Dependency Risk Into a Product Pitch
Sakana AI leaned directly into that concern with Fugu, launched June 22 as a multi-agent orchestration model delivered through a single OpenAI-compatible API. Rather than presenting Fugu as one giant standalone model, Sakana describes it as a language model trained to coordinate a pool of other models, delegate tasks, verify work, and synthesize the result behind one endpoint.
The company’s own launch language is unusually explicit about geopolitics. Sakana says Fugu is designed to deliver frontier-level performance without single-vendor dependency, and it points to export controls on Anthropic’s Fable and Mythos models as evidence that access to a critical AI provider can change quickly. The claim is not just that Fugu can score well on benchmarks, but that a model-routing layer can help customers route around unavailable providers over time.
That framing is persuasive, but it also creates a new set of governance questions. Sakana’s product page says the standard Fugu model lets users opt specific models out of the agent pool for privacy, data, or compliance reasons, while Fugu Ultra uses a fixed pool to maximize performance. The same FAQ says users cannot see which underlying models were selected for a query because the routing is proprietary.
For ordinary coding help, that opacity may be acceptable. For vulnerability discovery, regulated data analysis, or security operations, it is much more consequential. A buyer may need to know whether a prompt touched a particular model provider, whether data crossed a regional boundary, whether a high-risk task triggered a stronger model, and how the system logged the chain of reasoning, artifacts, and intermediate outputs.
360’s Tulongfeng Shows the Security Race Is Becoming Regional
The pressure is not limited to orchestration startups. Chinese cybersecurity firm 360 Security Technology used the ISC.AI 2026 conference in Beijing to introduce two AI security tools under the Yitian Tulong name, according to Reuters coverage republished by Insurance Journal. One system, Tulongfeng, is positioned as a domestic answer to Mythos for automated vulnerability discovery. The other, Yitianzhen, targets automated cyber defense and incident response.
That announcement is important even if 360’s performance claims require independent validation. It shows how quickly a restricted capability can become a national technology objective. Once one frontier lab demonstrates that AI can find serious vulnerabilities at scale, other countries and security vendors have an incentive to build comparable systems, especially if access to U.S. models is uncertain or politically constrained.
The result is a strange market shape: the most sensitive cyber models may be less globally available, but the capability category itself becomes more visible. Export controls can slow access to a specific model, yet they can also advertise the strategic value of that class of model to competitors, cloud providers, governments, and large security vendors.
What Security Teams Should Ask Before Adopting AI Cyber Models
The immediate lesson for security leaders is not to avoid AI vulnerability tools. It is to evaluate them like operational security infrastructure, not like a productivity feature. These systems may touch proprietary code, exploit hypotheses, undisclosed vulnerabilities, incident data, credentials, network diagrams, and remediation plans. That makes access control, logging, provider transparency, and data handling as important as benchmark performance.
Teams testing Mythos-class systems or orchestration tools should ask who can use the model, whether access can be revoked by a vendor or government directive, and what happens to active investigations if a model disappears. They should also ask whether outputs are reproducible, whether the system preserves enough evidence for human review, and how generated vulnerability findings are separated from verified flaws.
For multi-model systems such as Fugu, the audit questions are sharper. Buyers should understand whether they can block specific providers, whether routing policies are visible enough for compliance, whether prompts or generated artifacts can be used for training, and whether the vendor can document which systems handled a sensitive task after the fact. A single OpenAI-compatible endpoint is convenient, but convenience does not remove accountability for where security data goes.
For governments, the past week points to a harder policy problem. Restricting access to a frontier cyber model may reduce misuse risk in the short term, but it also pushes the market toward regional substitutes and opaque orchestration layers. A durable framework will have to answer not only which labs may release powerful models, but how model routing, auditability, cyber safeguards, disclosure workflows, and cross-border access should work when the same task may be handled by several models behind the scenes.
Mythos 5’s limited return gives approved U.S. defenders some access back. Sakana’s Fugu and 360’s Tulongfeng show why that will not settle the broader race. AI cyber capability is moving from a single-model contest into a contest over who controls the model supply chain, who can prove where sensitive work is processed, and who can keep access stable when policy changes overnight.
