The Boomerang Completes
Anthropic shipped Opus 4.8 and announced a $65 billion Series H at a $965 billion post-money valuation on May 28, told customers Mythos-class capability is coming in the next few weeks, and on June 1 offered ENISA access to the same gated model the White House tried to fence off four weeks earlier. The boomerang that the May 4 post said was already in flight, and that the May 11 follow-up tracked through five frontier labs and an FDA-style EO trial balloon, has now landed. The prediction completes. The regime is the policy default.
The interesting wrinkle is that the executive order itself never got signed. Trump postponed the signing in late May after Axios reported the draft would require a 90-day pre-release government review of covered frontier models, with Mythos and GPT-5.5-Cyber named as catalysts. The draft is the policy default anyway. Five frontier labs are inside the voluntary CAISI regime. The first foreign cyber agency is inside Project Glasswing. The capability disclosures are public artifacts updating in real time. The signature line on a single piece of paper turns out not to be the binding constraint.
What shipped between May 11 and June 1
Four beats compress the window.
May 20. Axios broke that the draft executive order had circulated to NEC and OSTP staff. The substantive provision: a 90-day pre-release federal review for covered frontier models, with Mythos and OpenAI's GPT-5.5-Cyber explicitly named as the capability tier the rule is calibrated to. Trump postponed the signing later that week. CNN reported that the President didn't like certain aspects without specifying which. The voluntary clearinghouse framework, with five labs already inside CAISI, kept running in the absence of a signed rule.
May 28. Anthropic released Opus 4.8. The blog post is short and the operative sentence is short: Anthropic expects to bring Mythos-class models to all of its customers in the coming weeks. Opus 4.8 itself holds the $5 input / $25 output per million tokens of 4.7, with a fast-mode tier at $10 / $50. The pricing for Mythos Preview, already disclosed at $25 input / $125 output per million tokens, signals where the GA tier will land. Roughly an order of magnitude above Opus.
May 28 (same day). Series H closes at $65B for $965B post-money. Altimeter, Dragoneer, Greenoaks, and Sequoia lead. Anthropic discloses a run rate that crossed $47B earlier in May. The capacity commitments named in the release: 5 GW of AWS, 5 GW of Google plus Broadcom TPU, and incremental SpaceX Colossus GPU access. The April 30 WSJ objection that Anthropic does not have enough compute to serve 120 enterprises without degrading federal access gets retired on the same day the GA promise is made. Ten gigawatts is not a hedge. It is the direct answer to that exact sentence.
June 1. Bloomberg and the FT confirmed that Anthropic communicated to the European Commission over the weekend that ENISA, the EU's cybersecurity agency, will get Mythos access through Project Glasswing. ENISA is the first non-US agency in the program. Access is restricted to defensive use. The framing inside Anthropic, per the Bloomberg piece, is allied cyber-defense parity. The same logic that put NSA and CISA on the program is now extended to one Brussels institution, four days after the GA commitment lands.
Those four beats are independent facts. Together they describe a regime that has stopped being contested.
The compute objection is now retired
The April 30 WSJ story listed two reasons for the White House blocking the Glasswing expansion. The first was a national security argument. The second was that Anthropic could not serve 120 enterprises without degrading federal access. The first reason was the one everyone talked about. The second one was the one that bound.
A capability concern can be answered with a policy decision. Don't release the model. A capacity concern can only be answered with capacity. That is what the $65B raise paid for. The Series H disclosure names specific numbers: 5 GW from AWS, 5 GW of TPU through Google and Broadcom, and SpaceX Colossus access stacked on top. A 5 GW data-center buildout takes years to deliver under any normal supply assumption, but the financing closes in days. Anthropic now has the announced capacity to serve federal customers, Project Glasswing partners, ENISA, and a general-availability Mythos-class customer base in parallel. The federal-access-degradation veto runs out of leverage when the capacity stack is named at twice the size of the federal slice.
The valuation is what bought the right to ship Mythos at general availability without degrading any of the three institutional customer bases the executive branch cares about. The $965B post-money number is not pricing a software product. It is pricing capacity sufficient to satisfy the federal customer, the Glasswing partner roster, and a commercial GA base simultaneously. Read against the April 30 framework, the Series H is the answer to the question the WSJ story posed. The answer is ten gigawatts of named, dated, vendor-committed capacity.
The disclosure dashboard is now the regulator's exhibit
The other thing that happened during the window is that the coordinated vulnerability disclosure dashboard Anthropic shipped in early May kept publishing. As of May 22 at 10:27 PT, the public counter shows 1,596 vulnerabilities disclosed across 281 open-source projects, with 97 patched and 88 assigned CVE or GHSA identifiers. SecurityWeek and Help Net Security both report the broader pool: 23,000 potential vulnerabilities surfaced, 1,900 reviewed by external firms, 1,726 confirmed, and more than 1,000 rated high or critical.
That is the artifact the FDA-style framing Hassett floated on May 6 was always going to need. The pharmaceutical pre-approval model works because there is a body of evidence about harm potential calibrated to a specific molecule. The CVD dashboard is the cybersecurity analogue, calibrated to a specific model. A 90-day review regime that has nothing to review is a press release. A 90-day review regime that has 1,596 named CVEs and 23,000 candidate findings to sample against is an institution.
The post on May 11 covered the Mozilla retrospective: 423 Firefox bugs in April, primarily attributed to Mythos. That was the demonstration that the capability is real. The CVD dashboard is the next layer up. It is the running ledger that supplies evidence at the cadence the proposed review regime is calibrated to.
Read this carefully: the dashboard does not, on its own, prove that gating was necessary. It proves that the capability is real and quantifiable. The case for gating is interpretive on top of the dashboard. The dashboard itself is the substrate the interpretation runs on, and it is a substrate the federal regulator did not have to build. Anthropic built it and ships updates to it. The vendor is supplying the audit trail the regime is reading.
ENISA changes the geography
The May 11 post argued that US directional tightening had flipped past EU directional tightening. The Omnibus deferral on August 2, 2026 obligations bought Brussels 16 months of slack, while the US administration was building an institutional regime in weeks. ENISA joining Glasswing complicates that read in one specific way.
ENISA joining Glasswing is a customer-access decision rather than a regulatory move. But it puts a foreign cybersecurity agency on the inside of the same access program the White House tried to use access-control over. The leverage point in April was that Mythos access was a US executive-branch decision applied to a US company. By June 1, that frame has loosened on two sides at once. GA distribution is going to commercial customers in coming weeks, and Glasswing access is being extended to allied institutional users with no US executive sign-off in the public record.
The strategic logic is allied parity. The same argument that justified putting CISA and NSA on Glasswing applies to ENISA if you read European cyber-defense as part of the US-allied perimeter. That is a coherent doctrine. It is also a doctrine that puts the EU's regulator-adjacent cyber agency inside an Anthropic program five months before its own continent's AI Office takes a position on Mythos in EU markets.
The May 11 post asked which way the EU would face. ENISA-via-Glasswing is one answer. The EU joined as a customer of the gated capability before its own regulator weighed in. The AI Office position is still pending. Watch for that.
The May 4 prediction, scored
The May 4 post made four claims. The May 11 follow-up scored three as holding and one as needing revision. Six weeks later, the score is more decisive.
Claim 1. Glasswing is a regime change in US frontier AI distribution. Confirmed. Five labs in CAISI. ENISA in Glasswing. Draft EO calibrated to the capability tier. The regime is the default, signed or not.
Claim 2. The enforcement model is fragile against open-weight asymmetry. Holds in principle, less urgent in practice. DeepSeek has not shipped a V5 or a V4-Pro-Cyber variant as of June 1. The capability gap to Mythos remained wider than the May 4 post estimated through the window. The gate has lasted longer than the open-weight door would suggest, because the open-weight door did not advance as fast as expected. That is a temporary asymmetry that will close. It lasted long enough to let the regime cement.
Claim 3. The two-month vendor-gated lead would be the leverage window. Confirmed and exhausted. The window closed on May 28 when Mythos-class GA capability went on record. The leverage was used. CAISI got built. Five labs got enrolled. The draft EO got circulated. ENISA got admitted to Glasswing. By the time the model goes wide, the regime around it is established.
Claim 4. The administration would attempt to harden gating into rulemaking. Confirmed, with the caveat that the rulemaking is in unsigned-draft form. The signed-EO threshold was wrong. The functional threshold of five labs voluntarily inside a pre-deployment evaluation framework is met without a signature. The institutional infrastructure is what binds. The paper is downstream of the institutions.
What this changes for builders
Two practical implications for anyone building inside or against this regime.
The first is that frontier AI now has a defined institutional tier in US policy. The CAISI clearinghouse covers cybersecurity, biosecurity, and chemical-weapons risks. The draft EO names a 90-day review window. Models that clear the capability bar (currently Mythos and GPT-5.5-Cyber as the named catalysts, with the universe of covered frontier models growing as other labs ship comparable variants) get reviewed before release. Models below that tier do not. The line is drawn at offensive cyber capability calibrated to the disclosure dashboards Anthropic and the AISIs publish. Build with that line in mind.
The second is that valuation has become a structural input to who gets to ship at the top tier. Anthropic's $965B post-money is what bought the right to ship Mythos at GA without degrading federal customers, NSA programs, or Glasswing partners. The capability was already shipped; the capacity was the constraint. Below that level of capitalization, the federal-access-degradation question has no good answer. Above it, the question can be retired the way Anthropic retired it on May 28. That is a structural barrier to entry that scales with compute rather than with model quality. Anyone trying to ship a Mythos-class capability to general availability without ten-gigawatt-scale capacity commitments is going to find the gating apparatus much less voluntary than Anthropic did.
The boomerang has landed. The next throw is already in someone's hand: the EU AI Office position on Mythos in EU markets, the OpenAI release tier for GPT-5.5-Cyber, the eventual DeepSeek V5.