A U.S. official told The Associated Press on Tuesday that one of Anthropic’s artificial intelligence models had identified vulnerabilities in highly sensitive and secure U.S. government computer systems during a testing exercise.
The official, who spoke on the condition of anonymity to discuss the matter, said Anthropic had teamed up with U.S. intelligence agencies to conduct tests using the company’s Mythos model. It had identified certain vulnerabilities within hours, but that does not mean the model was able to exploit them within that time, the official said.
The official said the testing was done through an Anthropic initiative called Project Glasswing, which brought together tech giants and other companies in hopes of securing the world’s critical software from “severe” fallout that the Mythos model could pose to public safety, national security and the economy.
Democratic Sen. Mark Warner of Virginia had briefly mentioned the testing during a June 11 hearing before the Senate Committee on Banking, Housing, and Urban Affairs. Warner had said, “This tool broke into almost all of our classified systems, not in weeks but in hours.” He attributed the information to the head of the National Security Agency and U.S. Cyber Command, who is Gen. Joshua Rudd.
The NSA declined to comment on the matter in an email. An Anthropic spokesman also declined to comment.
Despite the recent cooperation between Anthropic and U.S. agencies to test for vulnerabilities, tensions between the California company and the Trump administration have been growing. Anthropic has raised concerns over how the U.S. military would use its AI, while the administration has restricted the use of some of Anthropic’s models.
The administration issued a directive earlier this month requiring Anthropic to prevent foreign nationals from using its latest artificial intelligence models, known as Fable 5 and Mythos 5. Anthropic released Fable widely earlier this month. That model is a limited version of the more advanced Mythos, to which the company has tightly limited access due to cybersecurity fears.
The directive came 10 days after President Donald Trump signed an executive order to establish a framework for the federal government to vet the national security risks of the most advanced AI systems for up to a month before their public release. Participation by AI developers would be voluntary, the order said.
Anthropic said it disabled the models for all of its customers to comply with the administration’s directive. The AI giant said it did not believe the steps taken by the government were warranted by the concern it flagged about a potential security issue.
A group of cybersecurity executives has also asked the Trump administration to lift its directive, saying the move could help U.S. adversaries more than it hurts them. More than 100 cybersecurity experts and leaders from companies including Adobe and Nvidia told the government in a letter that Anthropic’s Mythos models are “quite good” at finding flaws in software and weaponizing exploits — but they are ”not uniquely good at these tasks.”
Many of the letter’s signatories said they regularly use other foundation and open-source models for security audits and training. The letter said it is dangerous to take away the best cyber defense capabilities “without a good reason” when America’s adversaries are rapidly advancing.
Learn More at the AI Risk Summit | Ritz-Carlton, Half Moon Bay
Related: Anthropic: Mythos Detected 23,000 Potential Vulnerabilities Across 1,000 OSS Projects
Related: Mythos Proves Potent in Vulnerability Discovery, Less Convincing Elsewhere
Related: The Mythos Moment: Enterprises Must Fight Agents with Agents
