One of Anthropic’s AI models identified vulnerabilities in highly sensitive, classified US government computer systems during a testing exercise, a US official has told the Associated Press.
The model in question was Mythos, Anthropic’s most capable system, and it surfaced the flaws within hours. Crucially, finding a weakness within hours is not the same as exploiting it within hours, and the official did not say the model did the latter.
The framing matters because a more dramatic version has been travelling faster than the facts. The testing was a red-team exercise, an organisation probing its own defences, in which intelligence agencies ran Mythos against their own classified environments to see what it would find.
It was not an intrusion from outside, and there is no claim that any real system was compromised. The AP’s account attributes the finding to a single unnamed official.
The exercise sits inside Project Glasswing, the controlled-access scheme through which Anthropic has given Mythos to a vetted set of organisations rather than releasing it publicly.
The model was built to find, and in tests exploit, software vulnerabilities, and it has done so at a scale that unnerved the people who saw it.
In earlier evaluations it turned up thousands of zero-day flaws across major operating systems and browsers, including a 27-year-old bug in OpenBSD.
The classified-systems claim entered public view through a Senate hearing. On June 11, Senator Mark Warner, vice-chair of the Senate Intelligence Committee, said General Joshua Rudd, who leads the NSA and Cyber Command, had told him Mythos* “broke into almost all of our classified systems, not in weeks, but in hours.”*
Whether or not the more colourful account holds, the underlying capability is not in dispute. The UK’s AI Security Institute assessed Mythos as substantially more capable at cyber offence than any model it had previously tested.
What is contested is how to read a red-team result against classified networks, an unsettling demonstration of speed, not evidence of a breach actually suffered.
The episode lands inside a tangle the US government has not resolved. The NSA has been authorised to keep using Mythos on classified networks, and parts of the intelligence community and the Cybersecurity and Infrastructure Security Agency have been testing it.
At the same time, the administration forced Anthropic to disable Mythos and its public sibling Fable 5 worldwide on June 12, after a separate dispute over a reported jailbreak, an order now being challenged in court.
The same government that depends on the model has also restricted it, opposed expanding it, and earlier branded its maker a national security supply-chain risk.
That contradiction is the throughline of the past three months. Anthropic’s Mythos has been moving between governments faster than any of them can decide what it is for: used by the NSA, courted by the Treasury, opposed by parts of the White House, and fought over by the Pentagon.
Warner, for his part, cited the testing not to condemn Anthropic but to argue for mandatory pre-release evaluation of frontier models, which is a different point than the one that went viral.
Anthropic has not disclosed what the test found, and the agencies involved have said little on the record. The company has finished training a successor to Mythos, a sign the capability is advancing regardless of how the politics settle.
For now, the verifiable core is narrow and the inferences around it are wide: a powerful model, pointed at hard targets in a controlled setting, found weaknesses fast. What that means for everyone not running a red-team exercise is the part still being argued over.
Get the TNW newsletter #
Get the most important tech news in your inbox each week.