Claude Mythos 5

National Security and Dual-Use AI Risk Assessment

Establish a risk assessment process for AI systems and AI research activities that could constitute dual-use technology — with applications in both commercial and national security or weapons contexts — addressing BIS export control obligations, ITAR compliance for defense applications, dual-use research of concern protocols, and foreign adversarial misuse monitoring.

AI Vendor Due Diligence

Assess AI vendors against security, governance, and compliance criteria before procurement and at defined intervals during the vendor relationship.

Vendor Safety Commitment Verification

Establish a workflow to verify that AI vendors are honoring their published safety commitments, voluntary pledges, and contractual safety obligations on an ongoing basis — not only at the time of procurement.

AI Vendor Concentration Risk Assessment

Assess and manage the risk arising from organizational dependence on a small number of AI vendors or underlying model providers, and maintain a documented supplier redundancy posture to ensure operational continuity if a primary vendor is disrupted, suspends access, or becomes unavailable.

Procurement-Stage AI Governance Conditions

Establish governance preconditions that must be satisfied before AI system procurement is completed, including binding contractual commitments to governance standards, whistleblowing policy requirements, and internal approval workflow triggers that make governance a dependency of procurement rather than a post-hoc addition.

How do we ensure third-party AI vendors meet our standards?

Extending vendor due diligence to cover model transparency, data handling, bias testing, and contractual liability for AI outputs.

What are our obligations under emerging AI regulations?

Tracking the EU AI Act, U.S. executive orders, SEC guidance, and sector-specific rules to understand what AI compliance actually requires.