Operational technology providers are feeling ‘annoyance’ at exclusion from Anthropic’s Mythos rollout, sources say

Operational technology providers and their industry groups have been pressing for access to Anthropic’s cybersecurity-focused Mythos Preview model, arguing the initial rollout — which focused on major tech and finance firms under a global vulnerability patching effort — left out a widely exposed segment of critical infrastructure that’s often targeted by hackers.

In recent weeks, OT industry representatives have expressed frustration during roundtables and listening sessions about their initial exclusion from Project Glasswing, Anthropic’s initiative with major companies designed to secure critical software across the globe using the Mythos model, according to four people familiar with the discussions. 

The processes for these firms to be granted access are ongoing, two of the people said. All of the sources requested anonymity because the discussions are private.

American Water, one of the nation’s largest regulated U.S. water and wastewater utilities, is among several organizations that have recently met with the Office of the National Cyber Director to discuss Mythos and broader AI-cybersecurity threats, said one of the people. American Water heavily relies on and oversees complex operational technology systems to manage its water treatment and distribution infrastructure. 

“There’s definitely an annoyance in the OT world,” that person said. “That doesn’t mean people aren’t considering the needs of OT,” they noted, but decisionmakers dictating initial Glasswing access “weren’t thinking in those terms.”

Nextgov/FCW has asked Anthropic, ONCD and American Water for comment.

Operational technology, which is embedded in critical infrastructure everywhere, is a constant point of concern for cyberdefenders because it underpins essential everyday services like energy, water and transportation. Disruptions to those systems can have immediate real-world consequences.

Amid the U.S.-Israel war against Iran, Tehran-backed hackers exploited and disrupted operational technology control systems embedded in multiple U.S. critical infrastructure sectors, targeting equipment manufactured by Rockwell Automation, according to a government advisory issued last month.

DARPA recently concluded a two-year-long competition where teams built AI models to autonomously identify and patch vulnerabilities in open-source code used in critical infrastructure systems. Many major AI firms, including Anthropic and OpenAI, provided model infrastructure to participants.

Even when access is granted to Mythos, that doesn’t automatically mean all vulnerabilities in a network are fixed, said Cynthia Kaiser, a former senior FBI cybersecurity official, adding that firms will have to prioritize what to patch once they can test their infrastructure against the model.

“It’s not just about getting access. People need to think about — when they get it, where do they start?” said Kaiser, now senior vice president at Halcyon’s Ransomware Research Center. 

Physical operational systems are often harder to patch than IT because they usually can’t be easily taken offline to apply fixes, and they rely on aging, vendor-controlled equipment that makes rapid patching difficult.

Regardless, “the fact that boards and CEOs have been asking about this — and that the requests aren’t coming from [Chief Information Security Officers] — shows that the release of Mythos means companies are taking cybersecurity more seriously,” she added. “I think it’s good and important that they’re thinking about this now.”

Mythos has been deemed a major turning point for cybersecurity and AI practitioners because it demonstrates how advanced models can be purpose-built for real-world cyber operations, including those planned inside the intelligence community. In the wrong hands, it could be used to carry out sophisticated cyberattacks against government networks, critical infrastructure or other key U.S. systems.

The Pentagon labeled Anthropic a supply chain risk earlier this year — and the White House later ordered a governmentwide phaseout of its technology — after the AI company declined to ease restrictions on its products being used in domestic surveillance and fully autonomous weapons.

The company has legally challenged the supply chain risk label. A federal judge issued a temporary injunction on the designation and ban in late March, which the government has said it intends to appeal.