After Project Glasswing: Frontier AI and Sovereign Recovery

Spotlight

• Anthropic’s Mythos and the White House intervention together are turning frontier model access into a question of sovereignty.
• Chinese open-weight models have crossed the sufficiency threshold for most enterprise workloads at a fraction of the price of proprietary models by US AI labs.
• Middle powers need governance frameworks built not around selection, but exit options while preparing for interoperability from the start.

Recent months have marked a new moment in AI development as frontier AI models moved from laboratory research into state-mediated distribution due to a advances in their cybersecurity capabilities. In April 2026, the United States (US) AI company Anthropic unveiled its latest and most capable frontier model Claude Mythos Preview through a programme called Project Glasswing, a consortium of roughly fifty organisations that are granted access to the Mythos model. The decision to limit access was due to the unprecedented performance demonstrated by the model across several benchmarks. Also in April, OpenAI announced GPT-5.5 and classified it as ‘High’ under its Preparedness Framework on cybersecurity capability. OpenAI subsequently expanded its Trusted Access for Cyber programme to vet defenders seeking access to advanced cyber capabilities, while applying stricter automated safeguards to GPT-5.5 itself. Within weeks of the Mythos announcement, the White House had intervened to block Anthropic’s proposal to expand access from approximately 50 organisations to 120 by citing national-security and compute-availability concerns. This marks a shift in the landscape as model access in the market becomes dependent on government approval in addition to availability. Mythos has identified vulnerabilities that have persisted through 27 years of expert testing in the OpenBSD operating system. Meanwhile, GPT-5.5, on independent UK AI Safety Institute testing, became the second model after Mythos to complete end-to-end a multi-step corporate network attack simulation. These capability advances have crossed the threshold separating the questions of model access, cyber defence, and national security.

Recent months have marked a new moment in AI development as frontier AI models moved from laboratory research into state-mediated distribution due to a advances in their cybersecurity capabilities

Frontier model access has become a sovereignty problem with mutually incompatible ecosystems, and that the consuming states’ task now is not to choose between American and Chinese AI but to construct governance frameworks that prevent their dependencies from becoming absolute.

US AI Labs and the Vendor Lock-in Problem

Project Glasswing is one-part containment strategy and one-part marketing tactic but with a distribution list contested between Anthropic and the White House. The gating of Mythos could signal a pivot away from the deregulatory approach to AI development adopted by the Trump administration so far. If this pivot materialises as policy, it could have far-reaching consequences for tech middle powers across the globe.

So far, no non-US company has been publicly announced as having gained entry into Glasswing. Consequently, in the EU, the Deutsche Bundesbank has called publicly for European access to the Mythos model. The European Central Bank has convened risk officers at eurozone lenders while the Swiss regulator FINMA has warned that uncontrolled, broad availability of models such as Mythos would itself constitute a “systemic risk,” voicing a separate concern from the one with access-asymmetry that the Bundesbank has identified.

The pattern extends well beyond Europe. In India, Finance Minister Nirmala Sitharaman convened an emergency meeting on 23 April with the Reserve Bank of India, the National Payments Corporation of India, and CERT-In, describing the Mythos threat as “unprecedented” and directing banks to coordinate a real-time threat-intelligence response. In Singapore, the Monetary Authority convened the chief executives of major banks over Mythos-related cyber risks. Senior Minister of State Tan Kiat How told parliament on 5 May that the government does not have direct access to Mythos and “do not assume that we will always have early access to every frontier model,” a notable small-state acknowledgement that the architecture of Glasswing-style gating may now be a permanent feature rather than a one-off episode.

The gating of Mythos could signal a pivot away from the deregulatory approach to AI development adopted by the Trump administration so far. If this pivot materialises as policy, it could have far-reaching consequences for tech middle powers across the globe.

None of these institutions can compel a private American company to grant them what their domestic regulators believe their financial systems require. The unfolding Mythos episode is making apparent that frontier-model access has the makings of a national security issue.

The Chinese Counter-Offer

April 2026 also witnessed the most coherent counter-positioning of the Chinese AI ecosystem to date. On 24 April, DeepSeek released V4-Pro and V4-Flash under MIT licence with open weights and pricing at approximately one-seventh the cost of Claude Opus 4.7. The US Center for AI Standards and Innovation evaluated V4 and concluded that its capabilities lag the US frontier by approximately eight months. On 27 April, China’s National Development and Reform Commission ordered Meta to unwind its two-billion-dollar acquisition of Manus, a Singapore-headquartered agentic-AI startup that had restructured out of Beijing in mid-2025. The order marked an unprecedented invocation of China’s foreign-investment security review mechanism to reverse a completed cross-border AI transaction. Beijing’s ostensible signal was that corporate restructuring through Singapore would no longer place a China-developed model beyond Chinese regulatory reach.

In parallel, OpenRouter data through April shows Chinese-origin models accounting for over 45percent of weekly token volume across the platform, up from under 2percent in October 2024. Xiaomi alone holding three times OpenAI’s share. Alibaba’s announcement on 2 April of a strategic partnership with Fireworks AI to host Qwen 3.6 Plus on Western infrastructure further clarifies the larger picture. The Chinese domestic stack is no longer a strategic safety-net for domestic industry but is inching closer to a global distribution strategy that offers open-weights at the base layer, enterprise deployment in the middle, and aggressive pricing at the top to counter American offerings.

Convergence at the Deployment Layer

Enterprise deployment is the battleground that will determine whether the American or Chinese stack settles into the workflows of the world’s MSMEs as well as the long-term default procurement pipelines of governments. US labs have identified this as the next phase of the global AI race. On May 4, signalling this, both Anthropic and OpenAI announced separate joint ventures with private equity firms. Anthropic’s US$ 1.5 billion vehicle with Blackstone, Hellman & Friedman, and Goldman Sachs; OpenAI’s US$ 10 billion ‘The Deployment  Company’ with TPG, Brookfield, Advent, and Bain Capital. Anthropic and OpenAI are following the same logic. Private equity firms control portofolios of hundreds of companies, allowing the AI labs to secure a captive pool for deploying their respective enterprise AI models. On the Chinese side, MiMo-V2-Pro and Alibaba’s Qwen 3.6 Plus together held the top of OpenRouter’s coding rankings during the same period, both available free-of-charge to AI development environments.The emerging strategy for American and Chinese labs seems to be converging not on the same buyers but on the same layer—enterprise integration—just through different pricing strategies.

The Chinese domestic stack is no longer a strategic safety-net for domestic industry but is inching closer to a global distribution strategy that offers open-weights at the base layer, enterprise deployment in the middle, and aggressive pricing at the top to counter American offerings.

The strategic implication of this convergence rests on three observations that middle-powers have to confront simultaneously. First, the open-weight model capabilities do not need to match the capabilities of proprietary frontier models. Rather, they just need to be sufficient for handling most enterprise workload, a threshold that Chinese-made open-weight models have already crossed. Second, the cost gap between proprietary and open-weight models dominates the procurement decision once capability sufficiency is established. Third, the AI black-box issue persists since ‘open-weight’ is not ‘open-source’. The training data, fine-tuning recipe, and reinforcement-learning reward structure remain proprietary even in open-weight models, meaning that algorithmic bias, latent backdoors, and unidentified cybersecurity exposures are not eliminated by an MIT licence on the weights. Open-weight models do not address the issue of vendor opacity as much as merely relocating it from the vendor relationship to the model itself. The resulting trade-offs for buyers and enterprises are not between dependency and sovereignty but between two kinds of dependencies.

A Contested Road Ahead

Two consequences can be posited due to the increasing competition at the deployment stage. The first is that the US, having watched Mythos’s distribution list become a White House decision in a month, will move toward strengthening executive control over frontier-model access. This would essentially transform an emergency intervention in April into a procurement architecture over the coming years. The likelihood of this shift will only increase with future, more capable iterations of proprietary frontier models. The second consequence is that consuming states with enterprises integrating Chinese open-weight models at scale will face escalating scrutiny from US trade and security agencies on grounds that mirror the supply-chain logic already applied to Huawei and ZTE across 5G, cloud, and digital-infrastructure procurement in the Gulf and beyond. This could lead to further extensions of the export-control regime already applied to NVIDIA hardware. The two trajectories are not symmetrical. The first consequence would concentrate control inside Washington, and the second would export it. For AI middle powers, the new imperative will be to construct governance frameworks that makes such dependencies recoverable.

Frontier AI capability is becoming increasingly concentrated, gated, and politically contested whereas open-weight capability is sufficient, cheap, but geopolitically conditioned. Enterprise deployment is the battleground that will determine which stack settles into the workflows of the world’s MSMEs, and through them, the long-run default procurement pipelines of governments. The consuming state’s question is not which model to adopt but how to retain the option to adopt a different one.

Siddharth Yadav is Fellow, Emerging Technologies, ORF Middle East.