The Government Is Now Testing AI Before You See It — Here's Why Anthropic's Mythos Model Changed Everything

For the first time in American history, the most powerful AI models in the world are being quietly handed to government testers , with their safety guardrails removed , before you ever get the chance to see them. This is not a hypothetical or a policy proposal. It is happening right now, under a little-discussed agreement between the Center for AI Standards and Innovation and three of the most influential AI companies on the planet. And the reason it is happening , the event that made it necessary , is a model that most people have never heard of, built by a company that is not yet sure it wants anyone to use it.

What Actually Happened

On May 5, 2026, the National Institute of Standards and Technology announced that its Center for AI Standards and Innovation (CAISI) had signed pre-deployment testing agreements with Google DeepMind, Microsoft, and Elon Musk's xAI. These agreements grant CAISI the ability to evaluate frontier AI models in a classified environment before those models are released to the public. The announcement builds on CAISI's previous partnerships with OpenAI and Anthropic, originally signed in 2024 and now renegotiated under directives from Commerce Secretary Howard Lutnick and America's updated AI Action Plan.

The scope of these evaluations is significant. To perform thorough national security assessments, CAISI receives versions of models with reduced or entirely removed safeguards , meaning it is testing what these models can actually do when unconstrained, not what they are permitted to do when deployed to consumers. CAISI has already completed more than 40 such evaluations, including assessments of cutting-edge models not yet available to the public. The evaluations are designed to identify potential threats to critical infrastructure, national security vulnerabilities, biological or chemical weaponization risks, and advanced cybersecurity exploitation capabilities. The government is, in effect, running red-team exercises on the world's most powerful AI systems in secret, before those systems reach anyone outside a classified facility.

Why This Matters More Than People Think

The surface-level reading of this announcement is reassuring: the government is taking AI safety seriously and building the institutional capacity to assess risks before deployment. That is genuinely important. But the deeper reading raises questions that the policy community has been dancing around for months. If CAISI is testing models with guardrails removed in classified environments, and those models are "not yet available to the public," then by definition the government has already seen capabilities that the public has not been told about. The question is not whether those capabilities exist , the existence of these agreements all but confirms they do , but how the government intends to act on what it finds, and whether there is any mechanism for the public to know what is being discovered.

The practical implications for enterprise buyers are significant. If your company is evaluating frontier AI models for deployment , for code generation, customer service automation, or supply chain optimization , you are making purchasing decisions based on the publicly available, safety-filtered version of these models. The version the government is testing may have meaningfully different capabilities. That gap between what is deployed and what is possible is now, for the first time, being systematically measured by an official government body. Whether that measurement eventually translates into disclosure , or remains classified indefinitely , is a question that enterprise buyers should be asking their AI vendors directly.

The Competitive Landscape

The CAISI testing framework now covers five of the most significant AI developers in the United States: OpenAI, Anthropic, Google DeepMind, Microsoft, and xAI. Conspicuously absent from the announced agreements are the major Chinese AI labs , DeepSeek, ZhipuAI, Moonshot, and MiniMax , as well as European developers like Mistral. This geographic boundary is not incidental. The CAISI framework is explicitly oriented toward national security evaluation, and the agency's mandate does not extend to foreign-developed models that the US government cannot compel to submit for testing.

This creates a structural asymmetry in the AI regulatory landscape. American labs that participate in CAISI evaluations face compliance costs, potential capability disclosures in classified settings, and the possibility that evaluation findings could inform future deployment restrictions. Foreign labs that do not participate face none of these constraints , their models reach global markets without undergoing the same scrutiny. If CAISI's evaluations eventually lead to capability restrictions on American models , for example, limits on cybersecurity capabilities that can be included in commercial products , that could create a competitive disadvantage for US labs relative to Chinese counterparts who face no equivalent oversight. The policy challenge of applying national security testing frameworks asymmetrically to an inherently global technology is one that no one in Washington has yet solved.

Hidden Insight: The Mythos Effect and What It Signals About the Frontier

The driving force behind the acceleration of CAISI's testing program is not, as official statements imply, a general concern about AI safety. It is one specific model: Anthropic's Mythos. According to reporting from multiple sources, Anthropic's Mythos model is "far ahead" of any publicly available or privately disclosed model in cybersecurity capabilities. The company has stated it does not feel comfortable releasing Mythos publicly and has restricted access to a small number of approved organizations. It has briefed senior US government officials , including at the NSA and White House , on the model's capabilities. Those briefings, by all accounts, were alarming enough to accelerate the CAISI agreements with the three additional AI companies announced this week.

What makes the Mythos situation genuinely unprecedented is what it implies about the capability gap between frontier AI and everything else. Anthropic's previous publicly-discussed model, Claude Opus 4.7, is already considered best-in-class for complex reasoning tasks. If Mythos represents a meaningful step beyond Opus 4.7 in cybersecurity specifically , a domain where the attack surface implications are existential , then the government's reaction suggests that the frontier is advancing faster than existing institutional frameworks can track. CAISI's 40+ evaluations represent a serious effort, but the agency was not designed for a world in which a private company could develop a model that requires briefing the National Security Agency before deployment.

The second-order effect is worth naming explicitly: the Mythos situation has effectively made AI capability disclosure a matter of informal national security protocol. Anthropic is briefing the NSA. Google, Microsoft, and xAI are submitting to classified pre-deployment testing. OpenAI has been in the CAISI framework since 2024. The AI industry , at least the American frontier of it , is now operating under a de facto capability disclosure regime that has no statutory basis, no formal appeals process, and no public accountability mechanism. That may be the right policy choice given the stakes. But it is a policy choice that has been made quietly, by agreements signed in May 2026, with almost no public debate about what it means for innovation, competition, or democratic oversight of transformative technology.

There is also a commercial implication that cuts against the safety narrative. Companies that submit to CAISI testing are implicitly acknowledging that their unrestricted models may have capabilities that require classified assessment. That acknowledgment , even if never made public , changes the regulatory and liability posture of these companies in ways that are difficult to fully anticipate. If a future AI incident involves a capability that CAISI had previously evaluated and cleared, the company that submitted the model gains some protection. If it involves a capability that was never disclosed, the legal and reputational exposure is potentially catastrophic. Participating in CAISI testing has become, among other things, a form of liability management for the frontier AI industry.

What to Watch Next

The most important indicator to track is whether CAISI's evaluation findings ever result in public disclosure , either through congressional testimony, declassified reports, or voluntary company disclosures. Current agreements give CAISI the right to test and evaluate but do not appear to require any form of public reporting on findings. If Congress begins pushing for mandatory disclosure of CAISI evaluation results , even in summary form , that would represent a significant escalation in AI oversight with direct implications for how frontier labs communicate capability advances to investors and the public.

The second indicator is whether Anthropic ever publicly discloses Mythos or the terms under which restricted access is granted. The company has said access is limited to "a select group of approved organizations." Watch for reports of which organizations have been approved, and what use cases they are deploying Mythos for. If critical infrastructure operators , energy grids, financial clearing systems, defense contractors , are among the approved users, that would indicate the government has made a calculated decision that offensive cybersecurity capability in trusted hands is preferable to leaving that capability advantage to adversaries. That is a consequential policy choice that deserves far more public scrutiny than it has received.

The government is now testing AI models with their safety guardrails removed in classified facilities , and the fact that this feels necessary is the most important signal about where the AI frontier actually is right now.

---