Reports claim Anthropic engineers are helping the NSA use its restricted AI model Mythos, known for advanced cybersecurity capabilities.
This week, the Financial Times reported that Anthropic has placed approximately six “forward-deployed” engineers inside the National Security Agency to help the intelligence agency use Mythos, its most capable cyber model, for offensive operations. Two people familiar with the arrangement told the FT it would be useful for infiltrating networks in countries like China or Iran. Whether those engineers are involved in live operations, or only in customization and setup, remains unclear.
The reported collaboration comes amid tensions between Anthropic and the U.S. government. The company is challenging Pentagon policies over military use of AI, and was labeled a “supply-chain risk” after refusing to allow its models to be used for mass surveillance or autonomous weapons programs.
That designation triggered a procurement ban across the entire DoD, and President Trump has ordered the Pentagon to drop Claude from its systems by August. The NSA arrangement exists because of an explicit carve-out from that ban.
In April, Axios reported that the NSA was already using Mythos Preview.
“The National Security Agency is using Anthropic’s most powerful model yet, Mythos Preview, despite top officials at the Department of Defense — which oversees the NSA — insisting the company is a “supply chain risk,” two sources tell Axios.”
Anthropic’s public position on Mythos has been consistent: the model is too dangerous to release broadly because of what it can do. In an April 7 post, Anthropic’s red team said Mythos Preview could find and exploit zero-day vulnerabilities in “every major operating system and every major web browser” when a user directed it to. A complete exploit pipeline against a complex Linux target ran under a day at a cost below $2,000. Britain’s AI Security Institute, testing independently, found it solved 73% of expert-level tasks that no prior model could complete, and became the first model to finish a 32-step simulated corporate-network attack. That’s why access was limited to roughly 50 vetted organizations under Project Glasswing.
The company’s defenders have a ready answer for the NSA contradiction.
“The best way to build a good defence is to build a good attack.” reports the Financial Times.
A person close to the company told the FT, arguing that adversaries will build their own attack agents regardless. That’s not a bad argument on its merits. It also doesn’t explain why the same model deemed too risky for a security researcher to download is fine to deploy at a signals intelligence agency without public disclosure, legal framework, or congressional oversight anyone has confirmed.
The legal dispute is complicated. In May, a federal appeals court reviewed whether the Pentagon was justified in labeling Anthropic a “supply-chain risk.” One of the judges said she had not seen evidence that Anthropic acted with bad intent, despite Pentagon claims suggesting otherwise. However, the court appeared inclined to keep the designation in place. At the same time, Anthropic engineers were reportedly working with the NSA on Mythos, even though the agency falls under the Pentagon’s oversight.
On June 2, Anthropic expanded Project Glasswing from roughly 50 to approximately 150 organizations across more than 15 countries. The new cohort includes Okta, Samsung, NATO, and the EU’s cybersecurity agency ENISA. Partners have surfaced more than 10,000 high- or critical-severity flaws, and an internal Anthropic scan of 1,000 open-source projects flagged 23,019 potential vulnerabilities, 6,202 of them estimated high or critical. The expansion also added Australia’s Signals Directorate, extending government access beyond the US and UK for the first time.
Not everyone thinks the Mythos alarm was warranted to begin with. Reuters reported in May that fears about the model were overstated, quoting a researcher with early access who said vulnerability-hunting AI had been available for “months if not years.” The controlled rollout didn’t keep the capability rare; it just decided who holds it. Those holders now include a spy agency, a military alliance, and a chip manufacturer, days after Anthropic filed confidentially for an IPO at a valuation near $1 trillion, with annualized revenue on track to hit $50 billion by the end of June.
The NSA declined to confirm or deny the FT’s reporting. Anthropic didn’t respond to a request for comment from TechCrunch. The refusals, as the FT noted, are selective.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, NSA)
