The intersection of artificial intelligence and national security has produced a startling revelation that has sent shockwaves through Washington and the global cybersecurity community. During a controlled testing exercise, one of Anthropic’s most advanced, unreleased artificial intelligence models identified critical vulnerabilities inside highly sensitive, classified United States government computer systems.
The test, conducted under a restricted joint initiative named Project Glasswing, paired Anthropic’s frontier model, known as Mythos, with the country’s top intelligence agencies. The goal was to evaluate how next-generation AI systems could affect public safety, critical infrastructure, and national security. The results were both impressive and alarming. Within hours of beginning the evaluation, the AI model surfaced security flaws across almost all of the participating classified networks, compressing a defensive auditing process that typically takes human engineering teams weeks to complete.
The disclosure has triggered an intense debate over the role of autonomous agents in national defense. While government officials clarified that the model only identified these software flaws and did not actively exploit or compromise any systems, the sheer speed of the model has unnerved policymakers. The development comes at a time of mounting tension between Anthropic and the federal government, raising difficult questions about who should control the world’s most powerful cyber capabilities.
The Shocking Revelation: Weeks into Hours
The public first learned of the Project Glasswing testing through a Senate hearing. During a session before the Senate Committee on Banking, Housing, and Urban Affairs, Senator Mark Warner of Virginia, the vice-chair of the Senate Intelligence Committee, shared a brief but dramatic update. Warner revealed that General Joshua Rudd, who leads both the National Security Agency (NSA) and U.S. Cyber Command, informed him about the outcome of the exercise.
According to Warner, General Rudd stated that the Mythos tool broke into almost all of the government’s classified systems, executing the task not in weeks, but in hours. This statement immediately ignited speculation that a commercial AI model had bypassed the security defenses of the nation’s most sensitive military and intelligence databases.
Following the hearing, a United States official clarified the exact nature of the exercise to the press. The official, who spoke on the condition of anonymity, explained that the model did not execute an outside, hostile breach. Instead, the testing was a highly controlled “red-team” exercise, where an organization uses advanced tools to safely probe its own defenses and locate weaknesses. Crucially, identifying a vulnerability is not the same as actively exploiting it, and the official stressed that the model did not compromise or damage any live government systems. However, the underlying capabilities of the model remain undisputed, demonstrating that frontier AI can identify complex software weaknesses at a speed and scale that humans cannot match.
Decoding the Mythos Architecture and its Cyber Capabilities
To understand how the model achieved this level of success, it is necessary to examine the technological architecture of Anthropic’s latest systems. Mythos (specifically the Mythos 5 iteration) sits at the very top of Anthropic’s product lineup, representing a major leap in reasoning and autonomy.
Stepping Beyond the Claude Opus Line
Most commercial AI users are familiar with Anthropic’s public Claude models, which are designed for general-purpose text generation, translation, and basic coding help. Mythos, however, belongs to a separate class of “frontier” models that Anthropic keeps tightly guarded due to safety concerns.
Unlike standard language models that require constant human prompts to complete a task, Mythos acts as an autonomous agent. In parallel tests with Fable 5, a slightly more limited version of the model, researchers observed the AI running complex coding tasks autonomously for up to 20 minutes at a time. During these runs, the model can catch its own logical errors, write its own testing protocols, debug its own code, and deliver working software on the first run. This level of sustained, independent reasoning allows the model to analyze massive software architectures without needing constant human guidance.
The Zero-Day Bounty Hunter
The primary strength of the Mythos model in a cybersecurity context is its ability to locate zero-day vulnerabilities. A zero-day is a software flaw that is completely unknown to the software developers or the public, meaning no patch or defense exists to stop an exploit. Finding these flaws typically requires highly specialized human security researchers to spend months reverse-engineering code.
In prior private evaluations, the model demonstrated an extraordinary talent for locating these hidden bugs. The AI identified thousands of zero-day flaws across major operating systems, security networks, and web browsers. In one notable instance, the model discovered a 27-year-old security vulnerability buried deep within the code of OpenBSD, an operating system famous for its security-focused design. This track record made the model an ideal candidate for the NSA’s red-team testing, as the agency sought to find and patch its own zero-day flaws before foreign intelligence services could discover them.
The Double-Edged Sword of Automated Penetration Testing
The success of the Project Glasswing test highlights the double-edged nature of autonomous hacking tools. Traditional vulnerability scanners, such as those used by corporate IT departments, rely on a static database of known signatures. They scan a network to see if any out-of-date software matches those signatures, but they cannot adapt to unique, custom-built environments.
An agentic model like Mythos operates completely differently. It reads and understands the custom source code of classified systems, maps out how different programs interact, and formulates a unique strategy to locate weak points. Because the model can chain together multiple minor software bugs to create a major security opening, it can find pathways into a system that human engineers would easily overlook. This capability makes the model an invaluable tool for defensive cybersecurity, but it also means the model is, by definition, a highly potent offensive cyberweapon if its safety protocols are bypassed.
Project Glasswing: The Restricted AI Security Alliance
Because Anthropic recognized the immense destructive potential of the Mythos system, the company chose not to release the model to the public. Instead, it established Project Glasswing as a highly secure, restricted-access sandbox.
Structuring a Guarded Sandbox for Frontier Models
Project Glasswing was designed to bring together a vetted group of organizations, including top technology giants, research institutions, and U.S. intelligence agencies. Through this program, Anthropic allowed authorized security researchers to run controlled evaluations on Mythos to understand the model’s capabilities and limits.
By keeping the model in a closed, monitored environment, Anthropic hoped to prevent the software from being leaked, stolen, or copied by adversarial nation-states. The program allowed defensive teams to use the AI to scan critical public safety systems, transportation grids, and financial networks, locating and patching severe software flaws before they could be exploited to cause real-world economic or physical harm.
Evaluating the Severe National Security and Public Safety Risks
The Project Glasswing evaluations focused heavily on assessing the “severe” fallout that an unrestricted release of Mythos could pose. Anthropic’s safety researchers wanted to determine whether the model could be used by low-skilled actors to develop biological weapons, orchestrate devastating cyberattacks on electrical grids, or execute autonomous campaigns to take control of external computer networks.
The model’s performance during these tests confirmed the company’s worst fears. The AI’s ability to find and chain together complex software vulnerabilities proved that, without strict access controls, a bad actor could use the system to execute mass, automated cyberattacks at a scale that would quickly overwhelm human defenders. This realization prompted Anthropic to implement some of the most restrictive safety policies in the tech industry, setting off a major conflict with the federal government.
The Growing Political Standoff Between Anthropic and Washington
Despite their cooperation during the Project Glasswing exercises, relations between the California-based AI safety company and the federal government have grown increasingly rocky. The dispute centers on a fundamental disagreement over how advanced AI systems should be used and who has the right to control them.
Refusing Military and Surveillance Applications
Anthropic was founded by former OpenAI researchers who left the company specifically because they believed the industry was prioritizing commercial speed over safety. The company’s core philosophy is built around “constitutional AI,” a method of training models to follow a strict set of ethical principles and safety guidelines.
As part of this ethical stance, Anthropic has consistently resisted pressure from national security agencies to allow its models to be used for domestic surveillance or fully autonomous weapons systems. The company’s leadership argues that using advanced, autonomous agents to conduct military operations or monitor citizens carries catastrophic risks. This refusal to cooperate with certain defense programs has frustrated government officials, who argue that the United States must weaponize these technologies to keep pace with rapid AI developments in rival countries.
The Export Control Directive and Foreign National Bans
The political standoff escalated dramatically on June 12, 2026, just one day after Senator Warner’s public comments in the congressional hearing. The U.S. Department of Commerce issued an emergency export control directive targeting Anthropic’s flagship models, Fable 5 and Mythos 5.
The directive ordered Anthropic to immediately suspend and block access to these two models for any foreign national, regardless of whether they were located inside or outside the United States. This unprecedented ban applied to international allies and blocked the UK AI Security Institute—the primary international body responsible for testing frontier models—from accessing systems it was actively evaluating.
More damagingly for Anthropic, the ban also applied to foreign nationals within the company’s own engineering teams. Because the modern tech industry relies heavily on international talent, Anthropic was forced to suddenly cut off several of its own core developers from accessing the systems they had spent months building. To comply with the government’s sweeping mandate, Anthropic had no choice but to disable access to Fable 5 and Mythos 5 for all of its customers worldwide.
Corporate Friction and the Loss of NSA Access
Reports indicate that the federal government’s aggressive clampdown was partially instigated by corporate lobbying. Amazon, which has invested billions of dollars in Anthropic, reportedly saw its Chief Executive Officer, Andy Jassy, raise urgent safety concerns directly with the White House. Jassy’s warnings about a “potential narrow, non-universal jailbreak” in the Fable 5 model allegedly prompted the administration to bypass standard regulatory channels and issue the sudden export ban.
This escalating political fight has had major consequences for the government’s own security operations. As a direct result of the export restrictions and the rising legal disputes between Anthropic and the Department of Commerce, the NSA has lost its direct access to the Mythos model. The suspension of this access means that the very intelligence agencies that lauded the model’s ability to locate security flaws can no longer use the tool to protect their own networks, leaving a critical national security program in a state of limbo.
The Future of Offensive AI and Defensive Counter-Strategies
The dramatic results of the Project Glasswing test prove that the cybersecurity landscape has entered a new, highly volatile era. The ability of an AI agent to locate security flaws across classified networks in a matter of hours represents a fundamental shift in the balance of power between attackers and defenders.
Redefining the Speed of Cybersecurity Defenses
On the defensive side, tools like Mythos represent an extraordinary breakthrough. Traditionally, securing a massive, complex government or corporate network is a slow and reactive process. Security teams must wait for a developer to release a patch, manually install it, and then run slow scans to ensure the system is secure.
With an autonomous AI agent, defensive teams can run continuous, real-time audits of their entire software infrastructure. The AI can find zero-day flaws, write the necessary patch code, test the fix in a simulated environment, and deploy the security update across the entire network in hours. This capability allows organizations to close security openings before human adversaries even realize they exist, potentially ending the cycle of endless data breaches that have plagued the digital economy for decades.
The Nightmare Scenario of Autonomous Cyberweapons
However, the same technology presents an unprecedented offensive threat. If a highly capable model like Mythos is successfully jailbroken or leaked to hostile nation-states, the consequences would be devastating.
Unlike human hackers, who are limited by time, sleep, and physical resources, an AI cyberweapon can run thousands of automated intrusion campaigns simultaneously. A hostile actor could feed the AI a target network, and the model would automatically identify, write, and execute custom zero-day exploits to shut down electrical grids, disable communication systems, or compromise financial markets in a matter of hours.
Because the AI can adapt to defensive measures in real time, traditional firewall and antivirus systems would be completely useless. The only viable defense against an offensive AI would be a defensive AI of equal capability, setting off a lightning-fast, fully automated cyber war that would play out completely beyond human control.
A New Era of National Defense
The successful Project Glasswing test has made one thing undeniably clear: frontier AI models are no longer just business productivity tools; they are strategic national assets and highly potent cyberweapons. The ability of Anthropic’s Mythos model to uncover critical security flaws inside the nation’s most secure, classified systems within a few hours has shattered traditional assumptions about cybersecurity.
As Washington struggles to balance national security with private industry freedom, the ongoing standoff between Anthropic and the government highlights the urgent need for a clear, standardized regulatory playbook. Simply banning access or cutting off international allies is a short-term, reactive measure that does little to address the long-term reality of autonomous software.
To navigate this new era safely, governments and technology developers must find a way to cooperate. They must build secure, monitored testing environments that allow defensive teams to harness the extraordinary power of AI to protect critical systems, while ensuring that these digital double-edged swords never fall into the hands of those who would use them to cause global chaos.
