Report: Anthropic's Mythos AI allegedly breached NSA systems in hours

Key Takeaways

• An Anthropic AI model reportedly penetrated NSA classified systems in hours during an authorized red-team security evaluation
• The U.S. government issued a directive barring foreign nationals from accessing Anthropic's flagship models, citing national security concerns
• Anthropic disputes the severity, calling it a 'narrow jailbreak' that rival models also exhibit

An Anthropic AI model reportedly broke into 'almost all' classified NSA systems during an authorized red-team test, completing the penetration in hours rather than weeks. The claim comes from Sen. Mark Warner, vice chair of the Senate Intelligence Committee, who said Gen. Joshua Rudd, head of the NSA and U.S. Cyber Command, briefed him directly on the model's capability.

The Economist published the report on June 14, though it initially drew little attention. The story went viral about a week later, generating headlines that Anthropic's model 'hacked the NSA.' The original author issued a clarification on June 21: the breach occurred during a controlled internal evaluation, not a real-world attack.

What actually happened during the red-team test?

According to the report, Anthropic's Mythos model was paired with other defensive tools under highly specific simulated conditions. The security evaluation took place on June 11, one day before the U.S. government issued a directive barring all foreign nationals, including Anthropic's own non-citizen employees, from accessing the Fable 5 and Mythos 5 models.

The directive marked the first time the United States applied export controls directly to an AI model rather than to the hardware powering it. At the time, the government provided no detailed public evidence for the move.

How does Anthropic respond to the breach claims?

Anthropic responded to the ban by disabling the models globally. The company said it could not practically enforce nationality-based access restrictions without pulling the systems for everyone. In a statement, Anthropic said the letter it received did not specify the underlying concern. Officials gave the company only verbal evidence of a 'potential narrow, non-universal jailbreak' that could allow Fable 5 to identify software vulnerabilities.

The company disputes the severity of what occurred. According to Anthropic, the flagged behavior amounted to asking the model to analyze a codebase and fix identified issues. This process revealed a few minor, already known bugs. It did not constitute a genuine autonomous offensive intrusion, the company says.

Anthropic also points out that rival models, including OpenAI's GPT-5.5, exhibit similar behavior. The company says it is working to restore access and is preparing a collaborative risk-management framework with the White House.

Why did the government issue a ban so quickly?

The timeline is telling. The security evaluation happened on June 11. The ban came on June 12. The quote from Gen. Rudd now appears to supply the missing context for why the government acted so fast.

'(This tool) broke into almost all of our classified systems, not in weeks, but in hours,' Rudd reportedly told Warner. For an intelligence agency that guards some of the nation's most sensitive secrets, that kind of capability, even in a controlled test, apparently warranted immediate action.

What does the public think about the NSA breach report?

Reaction on the ClaudeAI subreddit has split into roughly three camps. The largest group sees the story as an indictment of government cybersecurity. They cite the government's inability to hire top talent and its history of leaks.

A second group remains skeptical. They consider the claim sensationalist or even an Anthropic marketing stunt. They point to the lack of details about the supposed break-in and question whether the NSA chief possesses the technical expertise to evaluate what happened.

A minority pushes back against the skeptics. They argue that observers underestimate the exponential growth in AI capabilities. Cybersecurity experts have claimed that AI has compressed attack timelines from hours to minutes. Even well-maintained open-source projects are seeing large numbers of vulnerabilities surface.

Anthropic still works closely with the NSA

Despite the dispute and the broader restrictions, Anthropic continues to work closely with the NSA under a specialized arrangement. The Financial Times reported earlier in June that roughly six Anthropic engineers are embedded directly inside the agency as forward-deployed staff through Project Glasswing.

These engineers are adapting and customizing Mythos for specific operational applications. Sources told the Financial Times that the work could extend to infiltrating networks operated by countries including China and Iran. The dual nature of this relationship, Anthropic both alarming the government and serving as its contractor, adds complexity to the story.

Frequently Asked Questions

Did Anthropic's AI actually hack the NSA?

No. The reported breach occurred during an authorized internal red-team test under controlled conditions, not a real-world cyberattack. The original report's author clarified this after the story went viral.

Why did the U.S. government ban Anthropic's AI models?

The government cited national security concerns after the AI demonstrated the ability to identify software vulnerabilities during testing. Officials issued the directive one day after the red-team evaluation.

Are Anthropic's Mythos and Fable models still available?

Anthropic disabled the models globally because it could not enforce nationality-based access restrictions. The company says it is working with the White House to restore access.

Does Anthropic still work with U.S. intelligence agencies?

Yes. About six Anthropic engineers are reportedly embedded at the NSA through Project Glasswing, customizing AI tools for intelligence operations.

Source: Latest from Tom's Hardware