A U.S. official says Anthropic’s Mythos model, used in government-linked testing under Project Glasswing, identified vulnerabilities in highly sensitive classified computer systems within hours. The disclosure lands as tensions between Anthropic and the Trump
On Tuesday, a U.S. official said Anthropic’s AI had flagged vulnerabilities in highly sensitive, secure U.S. government computer systems during a testing exercise—finding weaknesses within hours.
The official, speaking on the condition of anonymity, said the company had teamed up with U.S. intelligence agencies to run the tests using Anthropic’s Mythos model. The official stressed that identifying vulnerabilities quickly did not mean the model could exploit them within that same time window.
The effort was carried out through an Anthropic initiative called Project Glasswing. The goal, according to the description of the program, was to help secure the world’s critical software against “severe” fallout that the Mythos model could pose to public safety, national security and the economy.
Sen. Mark Warner of Virginia had already pointed readers to the scale of the concern earlier this year. During a June 11 hearing before the Senate Committee on Banking. Housing. and Urban Affairs. Warner said. “This tool broke into almost all of our classified systems. not in weeks but in hours.” He attributed that statement to the head of the National Security Agency and U.S. Cyber Command, Gen. Joshua Rudd.
The National Security Agency declined to comment by email. An Anthropic spokesman also declined to comment.
The new details arrive at a time when the relationship between Anthropic and the Trump administration has grown strained. Anthropic has raised concerns about how the U.S. military might use its AI, while the administration has restricted the use of some of Anthropic’s models.
Earlier this month, the administration issued a directive requiring Anthropic to prevent foreign nationals from using its latest AI models, Fable 5 and Mythos 5. Anthropic released Fable widely earlier in the month, while Mythos remained subject to tighter access controls due to cybersecurity fears.
The directive was issued 10 days after President Donald Trump signed an executive order aimed at creating a framework for the federal government to vet national security risks of the most advanced AI systems for up to a month before their public release. The order said participation by AI developers would be voluntary.
Anthropic said it disabled the models for all of its customers to comply with the administration’s directive. The company said it did not believe the steps taken by the government were warranted by the concern it flagged about a potential security issue.
Behind the policy fight, a separate dispute is playing out among cybersecurity professionals. A group of cybersecurity executives has asked the Trump administration to lift its directive. arguing the move could help U.S. adversaries more than it would harm them. In a letter to the government. more than 100 cybersecurity experts and leaders—including from companies including Adobe and Nvidia—told officials that Anthropic’s Mythos models are “quite good” at finding flaws in software and weaponizing exploits. but “not uniquely good” at those tasks.
Many of the letter’s signatories said they regularly use other foundation and open-source models for security audits and training. The letter warned that it is dangerous to take away the best cyber defense capabilities “without a good reason” while America’s adversaries are rapidly advancing.
As Anthropic’s Project Glasswing testing underscores, the question now isn’t only what the Mythos model can discover, but what happens next—who gets access, what limits are imposed, and whether those limits improve or degrade the country’s ability to defend itself.
Anthropic Mythos model Project Glasswing classified systems cybersecurity NSA U.S. intelligence agencies Sen. Mark Warner Gen. Joshua Rudd Trump administration Fable 5 Mythos 5 executive order cyber defense software vulnerabilities
Hours?? so basically it hacked it already.
“Didn’t mean it could exploit” ok sure. If it can find the holes that fast, someone’s gonna try, right? Also why is a private company even in our classified stuff.
Warner said it “broke into almost all classified systems” which sounds like the model did the breaking. Then they say it’s just testing lol. I don’t get how “vulnerabilities in hours” is different from actually getting in unless they unplugged it the second it found stuff.
This Glasswing thing makes it sound like a sci-fi program, like the AI is poking classified servers for fun. Meanwhile the Trump admin is restricting the models from foreign nationals… but aren’t we the ones letting them run tests? Sounds like blame and politics more than security. Also “Mythos” is a weird name for something that apparently touches NSA/Cyber Command level systems.