An anonymous inside source has told the Financial Times that Anthropic has quietly dispatched engineers to the National Security Agency (NSA) to aid in adoption and training in use of the powerful new Mythos AI. This would imply that the government has granted a waiver for its use in at least some intelligence and espionage cyber operations, a reversal from its designation as a “supply chain risk” that federal agencies and defense contractors must not make use of.
The Department of War hit Anthropic with the ban in March, after the company declared it would not support use of Mythos AI or other such future powerful tools in the operation of autonomous weapons or domestic surveillance programs. The move does not necessarily mean Anthropic has compromised those principles, as the NSA primarily conducts intelligence gathering and hacking against foreign adversaries. However, it does raise questions about to what degree the government is now planning to embrace Mythos AI and would appear to be a powerful confirmation of the system’s cyber capabilities.
Anthropic reportedly dispatches a handful of Mythos AI engineers to the NSA
The Financial Times report indicates about “half a dozen” Mythos AI engineers have been dispatched to the NSA to help it with “certain applications.” The source did not go into further detail about the exact cyber operations the agency is applying the Mythos AI to, nor did they specify if the engineers are directly participating in operations.
What is known is that this is not the NSA’s first brush with Mythos AI use. In spite of the March ban by the Department of War, Axios reported on April 19 that the NSA was quietly making use of the powerful new AI. That story also originated from two anonymous government sources, and was thin on details about what was actually being done with the AI.
However, it is a safe bet that the NSA has been exploring the vaunted vulnerability scanning capabilities of Mythos AI for itself. Anthropic’s Project Glasswing, which has been running since early April and involves most of tech’s biggest names as well as major cybersecurity firms and banks, has impressed (and at times terrified) with its results in very quickly identifying deeply hidden vulnerabilities in target systems. The advance testing has caused an upheaval in the cybersecurity community under the assumption that once this (and comparable models from OpenAI and Google) become broadly available, organizations will essentially be forced to switch to fully automated patching and remediation to keep pace with attack attempts.
John Carberry, Solution Sleuth at Xcape, expands on the technical likelihoods: “For enterprise defenders, this deployment signals a sharp escalation in software supply chain risk, as adversarial nation-states will inevitably field comparable automated auditing pipelines to scan enterprise software perimeters. Security leaders can no longer rely on traditional vulnerability disclosure windows because the timeline between a zero-day discovery and an automated campaign is shrinking to near-zero. To mitigate this systemic threat, organizations must aggressively minimize their public-facing attack surfaces, deprecate or isolate legacy Internet-facing applications, and pivot toward behavior-based detection engineering that intercepts post-exploitation activity rather than relying on stale, signature-based indicators.”
At the end of February President Trump issued a social media post calling Anthropic a “radical left woke company” that he accused of attempting to “strong arm” the Department of War and indicated he would be implementing a six-month phase-out of the company’s products in response. In early March, Secretary of Defense Pete Hegseth made this official by formally designating the company as a supply chain risk, which not only restricts federal agencies from using it but also any contractors or suppliers they are engaging for defense or military work. Anthropic followed up by filing suit against the government.
NSA cyber operations range from legal interception to “hack forward” offensive attacks
The Pentagon’s chief technology officer has previously said that Anthropic’s Claude has been used for summarizing masses of information into shorter and more digestible reports for analysts, and for logistical planning. Some reporting (again from anonymous sources) says that use of it was continued during the attacks in Iran even after the ban had been announced by the Secretary of Defense.
The NSA is believed to have used the Mythos AI to scan its own systems for vulnerabilities, and have similarly scanned the Microsoft systems widely used by the federal government. The big question is whether use of it progressed beyond these relatively basic applications, which may well not violate Anthropic’s ban on use for autonomous weapons or domestic spying, to more active cyber operations involving attacks on foreign rivals.
Project Glasswing just underwent a major expansion, to 150 participants from the original 40. This includes organizations in EU countries as well as a handful of other nations such as Japan, South Korea and India. The EU’s lead cybersecurity agency is among these. Anthropic appears to be aggressively expanding preview testing of cyber operations in the wake of its IPO filing; while it has yet to set a date for the rollout of Mythos AI to the public, it has said that it at least expects a similarly powerful competitor to be widely available within the next year.
While Anthropic still appears to be operating out of a general sense of public responsibility, critics have taken issue with even the appearance of it possibly taking part in US cyber operations after its initial ethical stand.
But Jacob Krell, Senior Director: Secure AI Solutions & Cybersecurity at Suzu Labs, points out that this is a development that is virtually mandatory given the unique circumstances: “Embedding Anthropic engineers on-site tracks with how these programs have always operated. Offensive cyber programs are among the most tightly compartmented activities in government because exposure of active operations against foreign targets could create significant diplomatic and national security consequences. Cleared contractor personnel have always worked alongside operators in these environments. The tool changed. The operating model did not.
“The NSA reportedly carved out an exemption to continue using Mythos despite the Pentagon’s supply-chain risk designation of Anthropic,” Krell adds. “If accurate, that suggests the operational value assessment inside the intelligence community differs substantially from the public risk posture attached to the vendor. Industrialized vulnerability discovery is here. The question is whether the policy decisions around it will be driven by operational reality or by politics.”
