Anthropic Helps NSA Use Mythos for Cyberattacks

The US National Security Agency (NSA) is deploying Mythos, Anthropic's most advanced AI model, in offensive cyber operations, the Financial Times reported on June 5, citing sources familiar with the matter. Unlike standard defensive assessments, offensive operations involve infiltrating adversary networks and exploiting software vulnerabilities.

Anthropic has embedded approximately six 'forward-deployed engineers' within the NSA to assist with the technology and customize Claude Mythos for specific missions. The report noted, however, that it remains unclear whether these engineers are directly participating in active cyber operations.

The collaboration stands in contrast to Anthropic's legal disputes. The startup is currently locked in litigation with the Department of Defense, the NSA's parent department. The legal battle highlights a dual posture: Anthropic is suing to block military use on one front while supporting an intelligence agency's offensive cyber operations on another.

Pentagon Litigation, NSA Collaboration

The roots of this conflict trace back to late February, when negotiations between Anthropic and the Department of Defense collapsed. Anthropic had sought to prohibit its Claude model from being used for mass surveillance of US citizens or in autonomous weapons systems lacking human-in-the-loop control, while the Pentagon insisted on authorization for all lawful uses.

Following the impasse, the Pentagon designated Anthropic a 'supply chain risk' company. According to CNBC, this was the first time a US firm received the supply chain risk label. The designation carries severe consequences, as it can legally compel defense contractors and affiliated organizations to terminate their use of Claude.

In response, Anthropic filed two lawsuits on March 9, alleging the designation was retaliatory and exceeded statutory authority. Although a federal appeals court denied Anthropic's emergency stay in April, leaving the restriction in place, arguments continued into May. Anthropic's cooperation with the NSA surfaced while this supply chain risk dispute was still active.

Mythos as a Double-Edged Sword

The NSA's interest in Mythos is driven by its advanced capabilities. Claude Mythos is capable of autonomously identifying and exploiting software vulnerabilities. In evaluations conducted by the UK AI Safety Institute (AISI), a preview version of Mythos successfully identified multiple previously undisclosed vulnerabilities across major operating systems and web browsers.

However, these cyber capabilities are inherently dual-use: the same model can patch a vulnerability or exploit it. A source close to the matter noted that Mythos is considered highly effective for penetrating networks in countries such as China or Iran.

Anthropic has managed this duality through two distinct channels. For allied nations, the company expanded access to 150 organizations across 15 countries under its defensive initiative, Project Glasswing, which secures critical infrastructure in nations like Australia, Canada, France, and Japan. This aligns with its prior decision to open access for the EU's regulators. The NSA engagement, by contrast, focuses on offensive support.

Unresolved Questions Before a Trillion-Dollar IPO

These revelations coincide with Anthropic's march to the public markets. The company confidentially filed for an American IPO on June 1. A May funding round valued it at about $965 billion, and secondary-market trades have since pushed it past $1 trillion. A core national-security tool is set to become one of the largest market debuts ever.

Federal policy has shifted in tandem. On June 2, President Trump signed an executive order establishing a voluntary pre-release security review process for AI models and instructing the Treasury Department to establish an AI cybersecurity clearinghouse. Offense or defense, the directive makes the drive to put AI at the core of national security unmistakable.

Nevertheless, confirmed details remain limited to the placement of six engineers at the NSA, the deployment of Claude Mythos in offensive cyber operations, and the ongoing 'supply chain risk' lawsuit with the Pentagon. The precise scope of the engineers' involvement and the specific targets of Mythos's activities remain undisclosed. The report outlines the structure of a partnership rather than an active operational log.