What does 'trusted organization' actually look like in the audit trail?

Reading about Anthropic releasing Mythos to 'trusted' US orgs — from a forensic perspective, that framing feels like a control that'll be tested the first time someone inside a trusted org decides to finagle the model for something off-label. Curious if anyone here works with access-control classification like this and sees the same gaps I do, or if I'm just being paranoid from years of finding the line item that doesn't match.