The head of the National Security Agency and U.S. Cyber Command reportedly told lawmakers that Anthropic’s advanced AI model Mythos broke into almost all of the agency’s classified systems — not over weeks or months, but in just hours.
This revelation, shared by Sen. Mark Warner (Vice Chair of the Senate Intelligence Committee) citing Gen. Joshua Rudd, underscores both the extraordinary offensive cyber capabilities of frontier AI models and the urgent national security questions they raise.
What Happened
In a controlled red-teaming exercise, Mythos (Anthropic’s specialized cybersecurity model, also referred to as Claude Mythos or Mythos Preview) was tested against NSA systems. According to the report, the AI rapidly identified vulnerabilities and successfully penetrated the vast majority of the agency’s classified networks at a speed that surprised even seasoned cyber operators.
The quote attributed to the NSA/Cyber Command leadership was blunt: Mythos didn’t need the slow, methodical approach typical of human red teams. It achieved widespread access in a matter of hours.
This wasn’t a real-world breach by a foreign adversary. It was a demonstration of the model’s capabilities in a defensive testing environment. Still, the implications are significant.
What Is Mythos?
Mythos is Anthropic’s frontier model optimized for cybersecurity tasks. It excels at:
- Discovering zero-day vulnerabilities
- Generating sophisticated exploits
- Analyzing complex code and network architectures
- Automating aspects of both offensive and defensive cyber operations
Unlike general-purpose models, Mythos was built with deep capabilities in understanding and manipulating computer systems. Anthropic had restricted its release to a small number of trusted organizations precisely because of its offensive potential.
Despite these restrictions — and despite the Pentagon previously designating Anthropic a “supply chain risk” — the NSA has reportedly been actively using and integrating Mythos, including by embedding Anthropic engineers inside classified facilities to help operationalize the model.
Why This Matters
This incident highlights several critical developments in 2026:
1. AI Has Crossed a New Threshold in Cyber Capabilities The speed at which Mythos operated — hours instead of weeks — shows that advanced AI models can now outperform human experts in certain cyber tasks by orders of magnitude. This compresses the timeline for both attack and defense dramatically.
2. Dual-Use Reality Is Here The same model that can help the U.S. government find and fix vulnerabilities in its own systems can also be used (or misused) for offensive operations. The line between defensive red-teaming and offensive cyber capability is becoming extremely thin.
3. Proliferation Risk Is Growing Anthropic and the U.S. government have taken steps to control access to Mythos (including recent export controls on advanced versions). However, the model’s demonstrated power makes it highly desirable to other nation-states. Reports suggest China is roughly a year behind in comparable capabilities.
4. Government Use Despite Internal Friction The fact that the NSA has been deploying Mythos even as other parts of the Defense Department raised concerns about Anthropic illustrates the intense internal debate within the U.S. government about how aggressively to adopt frontier AI for national security missions.
The Bigger Picture: AI and Cybersecurity in 2026
The Mythos episode is part of a larger shift. AI is no longer just a tool that helps humans do cyber work faster — in some domains, it is beginning to operate at a level where human oversight becomes a bottleneck rather than a safeguard.
This creates new challenges:
- Defensive: How do you protect systems against AI that can find and exploit vulnerabilities faster than traditional security teams can respond?
- Offensive: How do you maintain escalation dominance when AI can generate novel attack techniques at machine speed?
- Proliferation: How do you prevent these capabilities from spreading to adversaries when the underlying technology is advancing so quickly?
The NSA’s experience with Mythos suggests that even the world’s most sophisticated intelligence agencies are still adapting to this new reality.
What Comes Next
Following the revelation and related concerns, the U.S. government has moved to tighten controls on advanced versions of Mythos and related models. Export restrictions have been expanded, and there is growing discussion in Congress about how to regulate the most powerful AI systems when they have clear national security implications.
At the same time, the demonstrated effectiveness of models like Mythos is accelerating interest in AI-augmented cyber operations across both offensive and defensive missions.
Bottom Line
The NSA’s test of Anthropic’s Mythos didn’t just show that AI can hack systems. It showed that frontier AI can do so at a speed and scale that fundamentally changes the threat landscape.
When an AI model can compromise “almost all” classified systems in hours rather than weeks, it signals that the era of AI-driven cyber operations has arrived — whether we are fully prepared for it or not.
For national security agencies, the question is no longer whether to use these tools, but how to use them responsibly while preventing adversaries from gaining similar advantages. The Mythos episode is likely just the first public glimpse of capabilities that are already reshaping modern cyber conflict
Leave a Comment