Mara ReyesOn May 18, three facts landed within hours of each other. The Vatican confirmed that Anthropic co-founder Christopher Olah will join Pope Leo XIV on May 25 to launch the Pope's first encyclical, framed around the AI age. The Financial Stability Board, the G20's coordinating body for global financial regulation, asked Anthropic for a briefing on vulnerabilities its Mythos model uncovered in the world's financial systems. Ten weeks earlier, the US Department of Defense designated the same company a national-security supply chain risk.
Two Summons, Same Day
The Holy See, drafting a moral framework for AI, asked Anthropic to come to Rome. The FSB, drafting systemic-AI-risk guidance for the IMF and central banks, asked Anthropic to come to Basel. Both calls were treated as routine — a press release from the Vatican, a sourced FT story — because by May, Anthropic had become the default routing for frontier-AI safety questions.
The list of institutions already on Anthropic's calendar this spring: the US National Security Agency, testing Mythos to find vulnerabilities in Microsoft software. The Pentagon, despite a blacklist. The UK AI Security Institute, certifying Mythos's 73% success rate on expert-level cybersecurity challenges no model could complete a year earlier. The forty-plus critical-infrastructure firms — AWS, Cisco, Palo Alto Networks, Nvidia — invited into Mythos's restricted-access tier on April 8. Christian leaders, consulted in March on Claude's moral and spiritual development.
The Designation
In February, the Pentagon's posture was different. The DOD had been using Claude in operations — including a Maduro-regime raid in Venezuela that Anthropic publicly objected to — and wanted unrestricted access. Anthropic refused. The two off-limits use cases, the company said, were mass surveillance and fully autonomous weapons. Everything else was negotiable. The Pentagon found that unacceptable.
The Pentagon's response was the most aggressive state action ever taken against an American AI lab. Defense Secretary Hegseth gave Anthropic until Friday to comply or face the Defense Production Act. On February 28, the DOD designated Anthropic a national-security supply chain risk — a label normally reserved for foreign-controlled or compromised suppliers. OpenAI signed the contract Anthropic wouldn't. On March 10, Anthropic sued the Pentagon. On March 11, it opened the Anthropic Institute and a Washington office.
-
FEB 16An administration official says the Pentagon may sever the relationship over Anthropic's safeguards. The fight goes public.
- Feb 24 Hegseth gives Anthropic until Friday: unfettered access or the Defense Production Act.
-
FEB 28DOD designates Anthropic a supply chain risk on social media. OpenAI announces a DOD deployment agreement the same night.
- Mar 10 Anthropic sues the DOD in the Northern District of California.
- Mar 11 Anthropic Institute launches. Washington office opens.
-
APR 8Mythos Preview launches to forty-plus critical-infrastructure partners. General availability is not the plan.
- Apr 20 Sources: the NSA is using Mythos Preview; sources say it is also "widely used within the DoD, despite the supply chain risk designation."
-
MAY 12Pentagon deploys Mythos to patch software vulnerabilities across the US government, "while planning to ditch the firm."
-
MAY 18Vatican announces Olah will launch Pope Leo's first encyclical. Anthropic agrees to brief the FSB.
The arc was supposed to read as constraint. The company that built a public framework for restricting AI deployment had been refused as a defense supplier because of that framework. The market read the same facts differently — enterprise spending on Anthropic surged in the weeks the designation took effect. But the headline action was unambiguous. The state was applying its strongest available label.
The Quiet Adoption
The constraint did not hold. Through the spring, the same federal apparatus that had blacklisted Anthropic kept reaching for its models. By April 20, sources told Axios that the NSA was using Mythos Preview and that the model was being "widely used within the DoD, despite the supply chain risk designation." On May 1, Bloomberg reported the NSA had been running Mythos specifically against Microsoft products — finding flaws no other model could surface. On May 12, Reuters reported the Pentagon was deploying Mythos across the US government, "even as it works on a transition away from Anthropic."
The phrase is structurally revealing. The Pentagon was both deploying the model and announcing it would stop using the company. The first clause was operational reality. The second was political language. Stopping would require a model with capabilities only Mythos had shipped — and no other lab had shipped one.
The blacklist didn't demonstrate Anthropic could be punished. It demonstrated Anthropic was already inside the supply chain.
The Valuation
The market priced what the state couldn't quit. When the dispute went public in February, VC interest in Anthropic was at $380B. By mid-April, with the lawsuit pending and Mythos newly restricted to forty partners, offers reached $800B. On April 24, Forge Global's secondary-market price implied a $1 trillion valuation — passing OpenAI's $880B on the same exchange.
OpenAI still generates more revenue and dominates daily coverage. But by April the secondary markets had stopped pricing OpenAI as the more valuable AI company. The reason is structural. Revenue is the present. Institutional dependency is the future. The Pope does not call OpenAI. The FSB does not call OpenAI. The NSA buys general-purpose AI services from OpenAI; for the work of finding zero-days in deployed software, the NSA buys Mythos. The trillion-dollar valuation priced the institutional traffic — what comes after the consumer-AI revenue race ends.
What the Designation Was For
Every system has an original purpose. The DOD's supply chain risk framework was built to keep American military procurement out of Chinese-controlled or otherwise compromised suppliers. The label was designed to push companies out of the supply chain. When the Pentagon used it on an American AI lab, the framework did something it had never done before: it sorted the lab into a category that confirmed centrality rather than enforced exclusion. To be a supply chain risk to the US national-security apparatus, a company has to first be in the supply chain.
Each phase looked like an ending. The blacklist was supposed to end Anthropic's federal trajectory. It became a sorting step. The lawsuit was supposed to be the last resort. It became an institutional positioning event. The April Mythos restriction was supposed to limit access. It turned Anthropic's safety governance into the architecture by which the federal government, the FSB, and the Vatican identify the company they trust. Not because anyone wanted that outcome. Because the conditions changed: when Mythos's cyber capabilities crossed a threshold no other lab had reached, the cost of routing around Anthropic became higher than the cost of accepting its terms.
The Catholic Church, an institution that thinks in centuries, has chosen the AI lab whose moral framework most resembles its own — not as audience for the encyclical but as participant. The FSB, which coordinates central banks against systemic risk, has identified its first AI counterparty. The Pentagon, which called Anthropic a supply chain risk in February, is now deploying its model across the US government. The risk designation was correct. It just described the supplier the state cannot replace.