Anthropic, the courts, and the limits of AI access

Today’s roundup looks at an Anthropic leak that exposes a powerful new model, a judge pausing a Pentagon cut-off, and how throttles and human review are reshaping real-world AI use.

Editorial note

AI capability keeps sprinting ahead while the systems that govern, host, and audit it lag behind. Today’s top stories all center on the same tension: powerful models arrive, but access, oversight and human workflows are where the real fights and failures show up.

In Brief

Anthropic reportedly testing "Claude Mythos"

Why this matters now: Anthropic’s leaked materials about “Claude Mythos” suggest the company is testing a model with notably advanced cybersecurity capabilities, which could change attacker/defender dynamics if it rolls out widely.

A set of draft blog materials left in a searchable content store exposed a project Anthropic calls “Claude Mythos” and a premium tier labeled “Capybara,” according to reporting by Fortune. The leak frames Mythos as a “step change” in reasoning, coding and cyber capabilities and warns about unusually strong dual‑use risks. Anthropic says rollout will be deliberate and limited to early-access customers and that the leak came from a CMS misconfiguration attributed to “human error.”

“The model is currently far ahead of any other AI model in cyber capabilities,” the leaked draft reportedly cautions.

Short term: defenders want access so they can train defenses, and the company plans a cautious release — but the existence of the model is now public and policy debates about AI dual‑use will accelerate.

Federal judge pauses Pentagon’s Anthropic supply‑chain risk designation

Why this matters now: A U.S. district court injunction temporarily prevents the Pentagon from enforcing a supply‑chain ban on Anthropic, keeping the company available to some federal customers while the legal battle continues.

A federal judge in San Francisco granted a preliminary injunction halting the Department of Defense’s move to label Anthropic a “supply chain risk,” according to the thread reporting the decision. Judge Rita Lin’s order suggested the government’s measures risked punishing Anthropic and possibly crippling the company, and the injunction preserves Anthropic’s access to federal contracts while litigation proceeds. The company’s refusal to allow its models to be used for certain military applications has been central to the dispute.

“The record supports an inference that Anthropic is being punished,” the court wrote.

This ruling is a live test of how far the government can control domestic AI firms through procurement labels and will shape procurement, safety bargaining and litigation strategies going forward.

Claude session throttles during peak hours

Why this matters now: Anthropic’s decision to throttle Claude’s rolling five‑hour session allotment during weekday peaks signals immediate infrastructure constraints that affect paying users’ workflows.

Anthropic announced a weekday throttling window — roughly 5am–11am PT / 1pm–7pm GMT — that causes users to exhaust session limits faster during those hours, even though weekly quotas remain unchanged. The change, first noted in a social post, has frustrated Pro and Max subscribers who rely on the service during business hours and highlights scarce inference capacity and long chip lead times. Some analysts say only a minority of users will hit the new limits; users in community threads disagree.

Practical takeaway: paid access is still constrained by physical compute and real‑time rationing, which could push teams to plan work around off‑peak windows or split workloads across providers.

After months running agents, the bottleneck is human review

Why this matters now: Organizations deploying agentic automation increasingly find that human review capacity, not agent capability, is the real limiter — and that changes how teams must design workflows and controls.

A practitioner post and ensuing discussion found that while agents completed far more tasks, human review requirements ballooned — PR review time can rise even as throughput improves. The community is converging on practical fixes like exception‑based workflows, confidence thresholds, and better tooling to surface only the items that actually need a person. The shift reframes the automation ROI conversation: gains come only if you can scale the humans and processes that validate output.

Deep Dive

Anthropic’s Mythos leak: capability versus control

Why this matters now: Anthropic’s leaked claim that “Claude Mythos” is exceptionally strong at cybersecurity matters because it forces a policy question: who gets early access to frontier offensive/defensive capabilities, and how do firms avoid accelerating misuse?

The draft materials that surfaced describe Mythos as a clear jump in capability — better reasoning, coding, and, strikingly, cyber offense/defense skills — and the firm reportedly plans a restricted early‑access rollout. The leak came not from a rival or a whistleblower but from an operational mistake, which underlines a messy truth: even cautious release plans can be undone by mundane lapses.

Two tensions collide here. First, capability: a model that can reason and generate exploit code at higher fidelity materially lowers the barrier for attackers. Second, governance: Anthropic’s own internal caution (and its stated plan to let defenders preview the model) acknowledges dual‑use risk, but the leak compresses the timeline for bad actors to learn about or attempt to replicate these capabilities. Companies often argue that advancing defenses requires the same tech that can be weaponized; giving defenders access makes sense, but such access is a blunt instrument unless paired with rigorous vetting and monitoring.

Community reaction — from jokes about the name (“Mythos”/“Capybara”) to sharper mistrust — reveals another point: public confidence erodes when product and security communications don’t match operational behavior. If the rollout is truly limited and safety work is substantive, Anthropic will need to show more than a press line; it will need transparent risk assessments, clear partner criteria, and measurable guardrails.

And there’s timing: the leak arrives while legal and procurement fights (see the federal injunction below) and throttling pressures are all pushing Anthropic into a corner. Managing a high‑capability product when the company faces both regulatory pressure and infrastructure constraints is a rare and delicate operational challenge.

“We are giving defenders early access to shore up defenses,” the leaked draft reportedly says — a practical plan, but one that depends on careful selection and monitoring.

Courts step in: the Anthropic supply‑chain fight

Why this matters now: The federal judge’s injunction against the Pentagon’s supply‑chain label for Anthropic matters because it preserves an ongoing commercial channel and sets a precedent for how far procurement can be used as a policy stick.

The court’s preliminary injunction framed the government’s action as potentially punitive and possibly unlawful, pausing the ban while Anthropic contests the designation. The decision is a short‑term win for Anthropic but not a final answer: the government can appeal, and the substantive questions about national security, surveillance risk, and model misuse are unresolved.

Look at the broader stakes: procurement controls are a blunt but powerful tool — the U.S. government can effectively exclude firms from a large market by flagging supply‑chain risk. That raises two risks. One, overreach: if procurement becomes a lever to force companies into certain R&D choices, we might see firms move capabilities offshore or restrict transparency. Two, underreach: if the government lacks the technical ability to differentiate between business decisions and true security risk, designations could be arbitrary and chilling.

For Anthropic, the injunction buys time to press legal claims (including First Amendment and procurement‑process arguments) and to keep revenue lines open. For other frontier AI firms, it’s a warning sign: public safety stances or product restrictions can collide with government priorities in ways that produce litigation and uncertainty.

“The record supports an inference that Anthropic is being punished,” the judge wrote — language that will be cited on both sides as the case advances.

This case will matter to anyone running or buying AI at scale: it’s a preview of how legal process, national-security concerns and corporate safety commitments will intersect — sometimes messily — as AI gets more central to both commerce and defense.

Closing Thought

We’re at a point where three layers of friction are shaping how powerful AI actually gets used: the models themselves, the infrastructure that runs them, and the social/legal systems that govern them. Anthropic’s leaked Mythos, the judge’s injunction, and the product‑level throttles are different symptoms of the same underlying reality: capability without robust systems for access, review and governance is brittle — and public trust requires both technical safeguards and clear, consistently applied policies.

If you build or buy AI this week, expect constraints: compute is rationed, reviewers will be the bottleneck, and regulatory fights will be loud and consequential. The practical move for teams is to design with those limits in mind — plan for off‑peak compute, build exception‑based human oversight, and insist on transparent safety criteria from vendors.