- NSA Use: The National Security Agency is reportedly using Anthropic’s cybersecurity-focused Mythos model for offensive cyber operations.
- Engineer Role: Embedded Anthropic engineers appear to be customizing Mythos, but their role in live missions remains unclear.
- Glasswing Scale: Project Glasswing has expanded to about 150 organizations after partners found more than 10,000 serious flaws.
- Policy Risk: Anthropic’s Pentagon dispute keeps access rules, target approval, and classified deployment oversight unresolved.
Anthropic expanded Project Glasswing on June 2, bringing its restricted cybersecurity deployment program to roughly 150 new organizations in more than 15 countries. That expansion now sits beside a separate Financial Times report identifying National Security Agency use of Anthropic’s Mythos AI model for cyber attacks. The arrangement appears to involve offensive operations with help from about half a dozen Anthropic engineers embedded inside the agency.
Anthropic and the National Security Agency (NSA) have not publicly confirmed the arrangement. Anthropic expanded Project Glasswing around the same cybersecurity-focused model family now central to the agency claim.
Mythos helps find and validate flaws in software and so far Project Glasswing partners found more than 10,000 security flaws with the model before the NSA claim surfaced. Embedded engineers may be customizing the model for agency needs, but their role in live missions remains unclear.
How Mythos Could Shift Cyber Operations
Inside the NSA claim, embedded engineers are the operational hinge. Anthropic staff appears to customize Mythos for NSA applications, while a possible China or Iran network-intrusion target would move the model from defensive scanning into foreign-intelligence exploitation if the expected use is accurate.
For vulnerability research, Mythos can shift work from manual review toward autonomous testing. The claimed workflow lets Mythos read source code, generate hypotheses about unpatched software flaws, run test cases, and confirm exploitable bugs. An unpatched flaw, often called a zero-day vulnerability, is especially valuable because attackers can exploit it before a fix exists.
On the dual-use question, an unnamed person close to Anthropic described the rationale as “the best way to build a good defence is to build a good attack”. Cybersecurity company CrowdStrike summarized the same tension in earlier comments about Mythos: “Frontier models raise the ceiling for both offense and defense.” For agencies and defenders, Mythos-class systems can harden software, while organizations with access to the tools can also make exploitation faster.
Before the NSA claim surfaced, earlier Mythos exploit-generation capabilities had already made the model sensitive. Frontier AI cyber models are moving from research benchmarks into restricted government and infrastructure-security deployments, with Project Glasswing showing how quickly that access can widen.
Project Glasswing and the Pentagon Dispute
In Anthropic’s public rollout, controlled defense work remains the stated direction so far. Many new Glasswing participants operate key infrastructure partners in power, water, healthcare, communications, and hardware. As Anthropic confirmed, fast AI models with strong cyber abilities are approaching quickly, giving the company a reason to favor tightly managed access over less restricted deployments.
That controlled-access argument collides with Defense Department friction. Anthropic is still struggling with a Pentagon blacklist dispute over broad defense access while at the same time it seems to be supporting a classified cyber use case for an intelligence agency.
When that dispute heated up, Anthropic CEO Dario Amodei argued that some AI uses can undermine democratic values rather than defend them. The NSA arrangement does not erase that position. It narrows the boundary Anthropic must defend between unacceptable broad access and a classified deployment it may view as controlled.
Controls Around Classified Cyber AI
CrowdStrike’s 2026 threat research put adversary use of AI 89% year over year, giving agencies and vendors a concrete reason to treat cyber models as urgent infrastructure. Inside a classified setting, the NSA claim adds pressure around model capability, target approval, and vendor involvement.
For vendors and agencies, control now turns on live-operation involvement. If Anthropic engineers are only adapting Mythos for classified agency systems, the dispute centers on access rules and oversight. If they touch live operations, agencies and regulators must define who approves targets, how model actions are logged, and how deployment governance applies inside classified systems. Approval authority and audit logs will define whether Mythos stays a controlled deployment or becomes an operational intelligence tool.
