NSA Mythos classified systems breach
“Broke into almost all of our classified systems, not in weeks, but in hours.” That is how Senator Mark Warner, Vice Chair of the Senate Intelligence Committee, relayed what General Joshua Rudd, who leads the NSA and US Cyber Command, told him about Anthropic’s Mythos model during a recent Senate hearing. The Economist reported the exchange directly, and it has since been corroborated by Axios’s own reporting.
This is the latest chapter in a story we have been following closely since the UAE sat at the G7 AI table this month, and it sharpens a question we raised then: who actually gets access to capability like this, and on what terms.
| VERDICT: A real, corroborated account, of an authorized security test, not an uncontrolled breach, that still raises the exact access questions this guide has been tracking. Mythos was tested against the NSA’s own classified systems in sanctioned red-teaming, not a malicious or unauthorized attack. The capability itself is real and substantial, built specifically to find and exploit software vulnerabilities. The NSA kept using the model afterward despite the Pentagon separately labelling Anthropic a supply-chain risk, securing its own carve-out. The dual-use reality this confirms, the same capability that finds and patches vulnerabilities can also be used to create them, is precisely the access-tiering question raised by Amodei and Hassabis at this month’s G7. |
What Actually Happened
Mythos Preview was introduced by Anthropic in April as a frontier model purpose-built to find and exploit software vulnerabilities. According to Anthropic’s own published red-team assessment, the model can identify and exploit zero-day vulnerabilities across every major operating system and web browser. One specific example the company has cited: Mythos discovered and fully autonomously exploited a 17-year-old remote code execution flaw in FreeBSD after a single prompt, with no further human guidance.
The NSA tested this capability against its own classified networks in what multiple reports describe as authorized red-teaming, a sanctioned security exercise rather than an uncontrolled incident. According to Warner’s account of what the NSA and Cyber Command director told him, the result was that Mythos penetrated nearly all of the tested systems within hours rather than the weeks a comparable human-led red-team exercise might typically take. The reported date, June 11, places this on the same day Amazon’s researchers reportedly discovered the jailbreak in the public-facing Fable 5 model that triggered the Commerce Department’s export control order issued the very next day, the order we covered in detail in our companion piece.
Why the NSA Kept Using It Anyway
This is the part of the story that reveals the most about how the US government is actually weighing this risk in practice, separate from its public rhetoric. The Pentagon formally labelled Anthropic a supply-chain risk in March, barring federal agencies from using its products. According to Axios’s reporting, the NSA secured its own carve-out to continue using Mythos despite that designation, and Anthropic has reportedly embedded approximately six of its own engineers inside the NSA to help the agency deploy and customise the model.
The logic, according to sources described in that reporting, is straightforward arms-race calculus: if adversarial states will eventually develop comparable offensive cyber capability, the US intelligence community wants it first. Senator Warner’s fuller remarks reflect that framing directly, describing relief that this capability exists in American hands rather than alarm that it exists at all, while simultaneously acknowledging the tension in arguing both that Anthropic poses a security risk and that the NSA needs continued access to its most capable model.
Anthropic’s Position
Anthropic has disputed how serious the underlying jailbreak issue actually was, describing it as a narrow, non-universal bypass and noting that comparable techniques work against rival frontier models from other labs as well. The company has not disputed the substance of the NSA testing result itself, and continues to argue, consistent with statements made publicly by CEO Dario Amodei at this month’s G7 summit, that frontier AI capability of this kind needs structured international governance precisely because it is this powerful, not despite it.
Why This Matters for the UAE Specifically
We have made the case repeatedly this month that the architecture being proposed for global AI governance, a US-led coalition controlling structured access to frontier models, is not an abstract policy idea for the UAE. It is the precise arrangement the country has already built its strategy around through G42’s Microsoft partnership and Stargate UAE’s reliance on US chips and platforms.
This story sharpens exactly that stake. Mythos and Fable 5 are both currently subject to the export control order suspending foreign national access entirely, which means UAE-based researchers, companies, and government entities have no access to this specific capability regardless of the country’s broader alignment with the US AI ecosystem. The NSA’s carve-out, granted despite the Pentagon’s own restriction, demonstrates that access to frontier capability like this is negotiated case by case, agency by agency, inside the US government itself, not granted uniformly even domestically. For a country positioned outside that government entirely, however close the partnership, the practical reality is that the most capable tier of this technology remains, for now, simply unavailable, on terms set unilaterally and revisable at any time.
What Warner Was Actually Arguing
Warner’s point, in fuller context, was more specific than relief that this capability exists in American hands. He was making a case for mandatory testing requirements on frontier AI models, arguing that voluntary self-testing by AI companies is not sufficient given what Mythos demonstrated. His remarks pushed for tighter, government-mandated security evaluation before models of this capability are released at all, using the NSA result as the clearest evidence yet of why he believes voluntary testing alone cannot be trusted to catch what matters.
That detail matters because it reframes the story slightly. This was not simply a senator expressing alarm or relief about one company’s model. It was a senator using a specific, startling result to argue for a regulatory change, mandatory testing, that would apply to every frontier AI lab, not just Anthropic.
The Honest Read
Authorized testing against your own systems, however startling the result, is a fundamentally different event from an actual hostile breach, and that distinction matters enormously for how seriously to weigh this story. It is not evidence Anthropic lost control of its own model, and it is not evidence of an attack. It is evidence that a capability this advanced now genuinely exists, that the agency responsible for US cyber defence considers it serious enough to use directly rather than only study, and that the question of who else gets to use it, on what terms, decided by whom, remains entirely unresolved more than a week after the export control order that was supposed to settle exactly that question.
That unresolved status is the throughline connecting every piece in this series so far, the G7 lunch, the export control order, Trump’s softened tone, and now this. The technology keeps moving. The governance keeps lagging behind it.
Sources
• The Economist: Donald Trump’s blocking of Anthropic is capricious and chaotic — https://www.economist.com/briefing/2026/06/14/donald-trumps-blocking-of-anthropic-is-capricious-and-chaotic
• Axios: Scoop, NSA using Anthropic’s Mythos despite Defense Department blacklist — https://www.axios.com/2026/04/19/nsa-anthropic-mythos-pentagon
• Glitchwire: The NSA’s Mythos moment forces a reckoning on AI release timelines — https://glitchwire.com/news/the-nsas-mythos-moment-forces-a-reckoning-on-ai-release-timelines/
• Senator Mark Warner, remarks during Senate Intelligence Committee proceedings, June 2026
Robius.news — Dubai, UAE — 2026 | Built to be first. Built to be trusted.
