Two stories landed within hours of each other on 29 April. Bloomberg reported that Anthropic and OpenAI are both expanding their London office footprints in a leasing wave — Anthropic taking 100,000+ square feet in central London, OpenAI matching the move. Axios broke the news that the Trump White House is drafting executive guidance to bypass Anthropic’s “supply chain risk” designation and onboard Claude Mythos for US federal civilian agencies.
For UK public-sector buyers, those two stories sit on the same map. The London office expansion is Anthropic’s signal that the UK is a strategic market — and the policy reversal in Washington tells you that even when an AI vendor takes the most principled stance possible (refusing to remove restrictions on autonomous weapons and mass surveillance, in Anthropic’s case), state customers still find their way back to the table within 60 days.
If you’re inside the Government Digital Service, the Crown Commercial Service, an arm’s-length body running its own AI procurement, the AI Safety Institute, the NCSC, or any of the regulators starting to pull AI rules into licensing requirements, here’s what this week’s news means for your buying decisions through summer.
Why the US story matters in Whitehall
Three reasons the Anthropic-Washington story is worth UK buyers’ time.
One: The UK’s AI Safety Institute (AISI) has done its own evaluation of Claude Mythos’s cyber-offensive capabilities. AISI’s published assessment is part of the open conversation in the US — Bruce Schneier’s commentary cites it, the CETaS team at the Alan Turing Institute have referenced it in their work. The assessment that informs the US policy debate also lives in the UK’s policy infrastructure. That gives UK buyers cleaner, faster access to the underlying evaluation than the US buyers actually have.
Two: The UK government’s procurement framework is more vendor-neutral than the US’s. The Crown Commercial Service framework agreements — G-Cloud 14 for software-as-a-service, the Cabinet Office AI Marketplace — don’t have a parallel to the OMB directive that flagged Anthropic specifically. That means you’re already in a position the US is trying to engineer back to. The lesson worth taking: don’t write Anthropic-specific exclusions into framework agreements; write function-based controls that survive vendor-by-vendor news cycles.
Three: Anthropic’s London expansion is real. The Bloomberg figure — 100,000+ square feet, central London, mid-2026 occupation — is the kind of commitment that comes with named UK leadership hires, regional pricing, and the UK-specific compliance posture that Anthropic does not yet publicly document. If you’re a public-sector buyer expecting a UK customer-success contact and a UK data-residency commitment, this is the quarter to ask.
The 90-day timeline (for context)
Both stories sit on a longer arc:
| Date | What happened |
|---|---|
| 27 February 2026 | President Trump directs all US federal agencies to phase out Anthropic AI within six months |
| 3 March | US Department of War formally designates Anthropic a “supply chain risk” (first time for a US company) |
| 9 March | Anthropic sues the DoW |
| 26 March | Federal judge grants preliminary injunction; designation likely violates First Amendment |
| 8 April | DoW appeals; D.C. circuit denies emergency stay |
| 16 April | White House Chief of Staff Wiles + Treasury Secretary Bessent meet Anthropic CEO Amodei. Bloomberg reports White House moving toward Mythos federal access |
| 28 April | Pentagon-Google AI deal announced |
| 28-29 April | Axios scoop: White House drafting executive guidance + convening industry “table reads” |
| 29 April | Bloomberg: Anthropic + OpenAI expanding London offices in major leasing wave |
| NSA today | Already using Mythos through the entire dispute |
Note the timing. The Anthropic London expansion landed the same week as the policy reversal in Washington. Whether by coincidence or design, Anthropic now has a much stronger UK story to tell — and the UK government has a much clearer reason to engage directly rather than waiting on US procurement signals.
Where this lands in UK public-sector AI procurement
The UK doesn’t have a single equivalent to the US OMB directive. Instead, AI procurement signals come from several places at once. Track them in this rough hierarchy:
Crown Commercial Service — frameworks G-Cloud 14, Digital Outcomes 7, AI Marketplace. These define which vendors can sell to UK central government and arm’s-length bodies. None currently exclude Anthropic, but framework refreshes usually adjust risk language at each cycle.
Government Digital Service (GDS) — issues guidance to departments on AI usage patterns. The recent GDS AI Adoption Playbook (Q1 2026) identifies Claude as a recommended option for specific workflow types alongside Microsoft Copilot and Google Gemini. The playbook does not yet address Mythos specifically.
AI Safety Institute (AISI) — evaluates frontier models against safety criteria. AISI’s published Mythos evaluation flagged frontier-class cyber-offensive capabilities. That assessment is the most serious public technical evaluation of Mythos available to UK buyers. Read it before any pilot.
NCSC — issues technical guidance to UK central government on cybersecurity. NCSC has not yet published Mythos-specific guidance, but the AISI evaluation feeds into NCSC’s risk framing.
Sector regulators — FCA (financial services), MHRA (medicines), CQC (care quality), Ofcom (communications), each pulling AI requirements into their licensing frameworks at different speeds. FCA is furthest ahead; CQC is the next material step.
The practical implication: a UK public-sector buyer evaluating Mythos for a cybersecurity workflow has more authoritative signal to work with than a US buyer does. AISI’s evaluation, NCSC’s framing, and the Cabinet Office AI procurement guidance all sit independent of any US OMB cycle.
What changes if a US executive order drops
Three outcomes worth planning around.
Outcome 1 — US EO clears Mythos for federal civilian agencies. Most likely scenario based on the Wiles–Bessent meeting and the table-reads pace. UK reading: AISI’s evaluation gets re-cited; NCSC may update its framing. Anthropic’s London expansion likely accelerates direct UK engagement. UK procurement timeline shifts from “monitor” to “active evaluation” for cybersecurity-adjacent workflows.
Outcome 2 — US partial waiver process. Slow-roll deployment in the US, but the precedent that Mythos-derived federal access is possible moves the global vendor narrative. UK reading: lower urgency, but the underlying market signal still ratchets toward broader Mythos commercial availability.
Outcome 3 — No US action; status quo. UK reading: AISI’s evaluation remains the primary technical anchor. UK procurement continues at its own pace. Anthropic’s London expansion still happens; UK buyers still have direct engagement options through the new office.
In all three outcomes, the UK story remains in the same place: Anthropic is investing in the UK, the AI Safety Institute is the authoritative evaluation source, and the Crown Commercial Service framework framework remains the right vehicle for procurement decisions.
What UK public-sector buyers should do this week
Six practical steps. None of them depend on the US executive order shipping. All of them save time the week it does.
1. Read the AISI Claude Mythos evaluation. It’s the single most useful technical document available to UK public-sector buyers right now. The evaluation is published; read it.
2. Audit your current AI vendor governance for OMB-style language. UK governance documents sometimes inherit US procurement language by reference, especially in defence-adjacent or US-corporate-derived templates. If yours does, plan for revisions to function-based controls instead of named-vendor exclusions.
3. Map your sector regulator’s current AI position. FCA principles are public; MHRA’s draft is in consultation; CQC has a 2026 update due. Know where your sector currently stands so you can position pilots accordingly.
4. Engage Anthropic’s UK team directly. With 100,000+ square feet of London office signed, Anthropic’s UK customer-success and partner-success organisations are now standing up. Direct engagement on UK data-residency commitments, UK-specific contracting language, and UK pilot support is meaningfully easier this quarter than last.
5. Check Crown Commercial Service framework alignment. Framework agreements refresh at predictable cadences. If you’re planning a Mythos-related procurement decision in the next 12 months, time it against the next framework refresh — that’s when risk language updates land.
6. Document who has signature authority for new AI vendor approvals. In central government this often means GDS, departmental SROs, or arm’s-length-body chief executives depending on the workstream. Make sure the chain is mapped before any vendor expansion request hits the system.
The cybersecurity question UK CISOs should be asking
Mythos is a frontier cybersecurity model that Anthropic intentionally restricted to an 11-organisation Project Glasswing consortium because the AISI evaluation flagged frontier-class cyber-offensive capabilities. The same model the White House now wants federal civilian agencies to onboard is the model that’s been intentionally kept out of broad commercial release.
For UK CISOs in regulated industries (financial services, telecoms, energy, water, healthcare), this matters. The procurement question is not “can we use Mythos” — it’s “should we use Mythos for this specific use case, and if so, under what risk-management framework”. The AISI evaluation is the right starting point for that conversation. NCSC’s wider AI guidance is the right end-state.
A pragmatic posture: pilot Mythos-derived API access on internal red-team workflows where the cyber-offensive capabilities are an asset, not a liability. Do not pilot it on customer-facing or production workloads until UK regulator guidance specifically addresses it. The line between those two pilots is where this story will live for UK buyers through Q3 2026.
What it can’t tell you
The honest framing on this story for UK readers: nobody outside the White House knows whether the executive guidance will drop in May, slip into the summer, or get shelved entirely. The Axios reporting is solid; the timeline is genuinely uncertain.
Three things specifically that the current reporting does not answer:
Whether the US Department of War will eventually align. The DoW litigation continues. A White House EO does not bind the Pentagon. UK defence-adjacent buyers should not assume DoD alignment until the US appeals are resolved.
What “Mythos” SKUs UK public-sector buyers will actually get. The route could be a Glasswing consortium tier, an Amazon Bedrock or Google Vertex managed-cloud variant inheriting the hyperscaler’s UK-government accreditation posture (e.g. UK G-Cloud), or direct Anthropic licensing through the new London office. Each path has different security and data-residency implications.
Whether Anthropic will publish UK-specific compliance commitments. Anthropic has not yet published a UK data-residency policy or NCSC-aligned security posture. The London expansion suggests both are coming; the timing is open.
The bottom line
The Anthropic supply-chain-risk story in Washington is the most consequential AI procurement event of 2026 in the US. Anthropic’s London expansion is a quiet companion story that gives UK public-sector buyers significantly better access to the vendor than they had a quarter ago.
If you’re inside Whitehall, in an arm’s-length body, in a regulated industry, or running AI procurement for a sector that follows Crown Commercial Service framework guidance, the next 30 days are the cheapest window you’ll have to update your governance documents, framework alignment, and vendor signature authority. You don’t need to know what Washington’s executive guidance will say. You need to know which of your documents needs updating the week any of this lands — and you need to know that AISI’s Mythos evaluation, not the US OMB directive, is the document that should anchor your UK risk framing.
For the financial story behind why Anthropic now has the gravity to pull a London expansion and a Washington reversal in the same week, see our piece on the $900B Anthropic round. For the procurement-side analysis of the parallel Pentagon story, see our Anthropic vs Pentagon vendor audit.
Sources:
- Anthropic, OpenAI Splurge on London Offices in Leasing Wave — Bloomberg, 29 April 2026
- Scoop: White House workshops plan to bring back Anthropic — Axios, 29 April 2026
- White House is drafting plans to permit federal Anthropic use — Government Executive, 29 April 2026
- White House Works to Give US Agencies Anthropic Mythos AI — Bloomberg, 16 April 2026
- Our evaluation of Claude Mythos Preview’s cyber capabilities — UK AI Safety Institute
- Claude Mythos: What Does Anthropic’s New Model Mean for the Future of Cybersecurity? — Centre for Emerging Technology and Security (CETaS), Alan Turing Institute
- Claude Mythos Preview — Anthropic
- What Anthropic’s Mythos Means for the Future of Cybersecurity — Schneier on Security
- Anthropic Supply Chain Risk Designation Takes Effect — Mayer Brown, March 2026
- Where things stand with the Department of War — Anthropic
