Anthropic's Mythos AI Reportedly Penetrated 'Almost All' NSA Classified Systems Within Hours
In what is shaping up to be one of the most consequential AI security disclosures of the year, Anthropic's flagship Mythos AI model reportedly broke into "almost all" classified systems belonging to the National Security Agency (NSA) during a controlled internal red-team evaluation — not over the course of weeks, but within a matter of hours. The revelation has sent shockwaves through both the cybersecurity and artificial intelligence communities, raising urgent questions about the offensive capabilities of advanced AI models and what that means for national security policy going forward.
What Exactly Happened During the Red-Team Test?
The claim originated from a June 14th report published by The Economist, which cited Senator Mark Warner, the vice chair of the Senate Intelligence Committee. According to Warner, General Joshua Rudd — the head of the NSA and U.S. Cyber Command — personally briefed him on the results of the evaluation.
"(This tool) broke into almost all of our classified systems, not in weeks, but in hours," Rudd reportedly told Warner, as cited in the report.
The quote went largely unnoticed for nearly a week before spreading virally across social media platforms, where it was quickly mischaracterized. Many posts framed the event as a rogue cyberattack, claiming that Anthropic's AI had "hacked the NSA." The original author of The Economist piece moved quickly to correct the record, issuing a public clarification on June 21st explaining that the incident was neither a hack nor a breach in the traditional sense.
Rather, the test was an authorized internal red-team exercise conducted under tightly controlled simulated conditions. Mythos was paired with other defensive tools and operated within a highly specific artificial environment designed to test the model's capabilities against classified infrastructure. The goal was to understand vulnerabilities — not to exploit them maliciously.
Why the Distinction Between a Hack and a Red-Team Test Matters
The difference between an authorized penetration test and an actual cyberattack is both legal and contextual. Red-team exercises are standard practice across government agencies, defense contractors, and large enterprises. They are deliberately designed to stress-test systems by simulating real-world threats in a controlled environment. Framing this exercise as a hostile breach misrepresents the nature of the test and risks spreading dangerous misinformation about the capabilities of commercial AI tools.
That said, the results of the test — regardless of the controlled setting — are deeply significant. The speed and scope with which Mythos reportedly penetrated classified NSA infrastructure highlights just how capable frontier AI models have become, particularly when applied to offensive cybersecurity tasks. Even within a simulation, the finding that a commercial AI model could defeat "almost all" systems at one of the most sophisticated intelligence agencies on Earth in hours is not something that can be easily dismissed.
The U.S. Government's Sudden Ban on Fable 5 and Mythos 5
The red-team disclosure sheds important new light on a directive issued by the U.S. government on June 12th — just days before the report was published. That directive barred all foreign nationals, including non-citizen employees at Anthropic itself, from accessing the company's Fable 5 and Mythos 5 models, citing national security concerns.
Faced with an access restriction it could not practically enforce on a model-by-model, user-by-user basis without a reliable nationality verification system, Anthropic made the decision to disable both models globally. The company said it had no workable way to apply nationality-based access controls without pulling the systems entirely.
What made this move particularly historic was its scope and method. This marked the first time the United States government had applied export controls directly to an AI model rather than to the physical hardware used to run it. Previous national security interventions in the tech industry — such as restrictions on advanced semiconductor exports — targeted chips and computing infrastructure. The June 12th directive represented a meaningful policy shift: AI software itself can now be treated as a controlled export.
Anthropic Says It Was Given Only Vague Justification
Adding another layer of complexity to the story, Anthropic stated publicly that the letter it received from the government did not specify the underlying concern in detail. The company said it had been provided only with verbal evidence pointing to a "potential narrow, non-universal jailbreak" that could allow misuse of the Fable 5 model under specific conditions.
The lack of transparency in the government's communication has frustrated observers who argue that clear, documented justifications are essential when imposing sweeping restrictions on commercial technology products. Critics have noted that disabling an AI model globally — affecting users, researchers, and businesses worldwide — is an extraordinary step that warrants an equally transparent explanation.
What This Means for AI Safety and National Security Policy
The Mythos red-team findings arrive at a pivotal moment for AI governance. Policymakers, researchers, and industry leaders have debated for years whether advanced AI models pose national security risks — and this episode suggests the answer may already be yes, at least in specific, high-capability configurations.
- The incident demonstrates that frontier AI models can exhibit offensive cybersecurity capabilities that outpace existing institutional defenses, even at the level of the NSA.
- It raises difficult questions about who should have access to the most powerful AI models, and under what conditions those models should be deployed or restricted.
- It underscores the limitations of current regulatory frameworks, which were not designed with AI-native threats in mind.
- It signals that governments may increasingly treat advanced AI software as a strategic asset subject to export controls, not merely as consumer technology.
The Broader Context: AI Capabilities Are Moving Faster Than Policy
Perhaps the most important takeaway from this episode is how quickly the conversation has shifted. Only a few years ago, discussions about AI and national security centered on deepfakes, disinformation, and autonomous weapons systems. Today, policymakers at the highest levels of government are being briefed on AI models capable of defeating classified intelligence infrastructure in a matter of hours.
The Mythos red-team story is not just a headline about one company's model. It is a signal that the frontier of AI capability has crossed a threshold that demands serious, sustained policy attention. Whether governments, industry leaders, and international bodies can coordinate a coherent response — and do so quickly enough to matter — remains one of the defining questions of the coming years.
As the details of the NSA evaluation continue to emerge, one thing is already clear: the age of treating advanced AI as a primarily commercial or academic concern is over. It is now, undeniably, a matter of national security.