According to an unnamed U.S. official who spoke to the Associated Press, Anthropic partnered with U.S. intelligence agencies to test the Mythos model against classified government computer systems. The result: Mythos identified vulnerabilities within hours. Sen. Mark Warner (D-VA) described it at a June 11 hearing as: “This tool broke into almost all of our classified systems, not in weeks but in hours.”
The testing was conducted through Anthropic‘s“Project Glasswing” initiative, which brings together tech companies to secure critical software from potential threats posed by advanced AI models.
The official emphasized that identifying vulnerabilities is not the same as exploiting them. The model found weak points but didn’t demonstrate the ability to breach them within that timeframe. Still, the speed of discovery caught attention at the highest levels.
The critical context: the test was conducted in a classified replica environment, not live military networks — a distinction that has been largely lost in coverage.
The Irony
Five days before Warner‘s comments, on June 12, the same U.S. government issued an emergency directive requiring Anthropic to cut off non-U.S. access to Fable 5 and Mythos 5. The administration cited national security concerns about the model’s potential capabilities. The directive came 10 days after President Trump signed an executive order establishing a voluntary 30-day review framework for advanced AI systems.
Anthropic complied by taking both models offline globally — including for its own foreign-born employees. The company disagreed with the decision, saying the government‘s concerns did not justify the action.
The sequence of events is difficult to ignore: a model capable of finding vulnerabilities in classified systems is the same model the government is trying to keep away from allies and even its own foreign-born staff. The logic is circular: the model is dangerous, so we need to understand it — but by using it to test our systems, we confirm it’s too dangerous to be used.
So the government has simultaneously confirmed that Mythos is powerful enough to help secure national infrastructure and too powerful to let anyone else use. That‘s a definitional contradiction that no one in Washington has explained.
The Cybersecurity Backlash
More than 100 cybersecurity experts and leaders from companies including Adobe and Nvidia have now sent a letter to the Trump administration asking it to lift the restrictions. Their argument is pragmatic: Mythos is“quite good” at finding flaws, but it’s“not uniquely good at these tasks.” Many signatories said they already use other foundation and open-source models for security audits and training.
The letter warns that restricting the best cyber defense tools without a good reason is dangerous — especially when U.S. adversaries are rapidly advancing their AI capabilities.
The administration‘s decision is not just about safety. It’s about availability. The people who could use Mythos to secure critical infrastructure are now locked out. And the people who would use it for offense are not.
What This Actually Means
The Mythos test results and the government‘s export restrictions are two sides of the same coin — and neither side is acknowledging the contradiction. Mythos is powerful enough to find holes in classified systems. That’s why the government needs to test it. That‘s also why the government needs to keep it away from others. Both statements are true. But if the model is that capable, it’s also a matter of national security. And securing a system is not the same as securing access to the model that found the holes.
The government is validating Mythos‘ capability by using it to test its own security. At the same time, it’s trying to keep other countries from doing the same. The contradiction is not technical. It‘s strategic.
P.S. Mythos found vulnerabilities in classified government systems in hours. The same government banned the model five days earlier. If Mythos is dangerous enough to keep away from allies, why is it safe enough to point at America’s own networks? The answer might be simpler than it seems: the government trusts itself with the model, but not anyone else. That‘s not a security policy. That’s a monopoly.
