Since Anthropic's confidential IPO filing and the NSA's reported interest in its Mythos AI model surfaced earlier this week, the coverage has focused almost entirely on revenue figures, gross margins, and who's going public first.

The critical gap in that coverage: what happens if the AI itself is compromised before it's deployed?

The Threat Hiding Inside the Training Data

Data poisoning is not a theoretical concern. It is a well-documented attack vector in which malicious actors corrupt the training data used to build an AI model — subtly, deliberately, and in ways that can be nearly impossible to detect after the fact.

The attack doesn't require hacking Anthropic's servers at deployment. It requires corrupting the data pipeline upstream, during training. The model learns from poisoned inputs and behaves normally in 99.9% of cases. But in specific, adversarially-chosen scenarios, it does exactly what the attacker intended.

For a commercial chatbot, that's a PR problem. For an AI system running NSA cyber operations, that's a national security catastrophe.

Why Anthropic's Government Ambitions Make This Urgent

The NSA's interest in Mythos — reported this week — puts Anthropic squarely in the business of national security infrastructure. That's a fundamentally different risk profile than selling API access to startups.

Government AI systems are high-value targets. China's intelligence services, for example, have demonstrated both the intent and capability to compromise Western technology supply chains — see the 2020 SolarWinds attack, or the ongoing campaign to penetrate U.S. semiconductor supply chains documented by the FBI.

An AI model trained on data that China, Russia, or any other adversary has quietly corrupted would represent the most consequential supply chain attack in American history. ZERO of the mainstream IPO coverage this week mentioned this risk in the context of Anthropic's government contracts.

The Problem With "Claude Writes 80% of Its Own Code"

Anthropic's own disclosure — that Claude now writes roughly 80% of its own code — compounds the concern. When AI systems are generating the code used to train and refine subsequent AI systems, the attack surface expands. A poisoned model contributing to its own successor's training data creates a compounding vulnerability.

AI researchers at Google DeepMind and MIT have published peer-reviewed work demonstrating that model-generated data used in subsequent training rounds degrades reliability and introduces unpredictable failure modes. The phenomenon has a name: model collapse.

Add an adversary who is actively trying to exploit that process, and the risk profile moves from theoretical to operational.

What Investors Aren't Pricing In

Anthropic's reported $47 billion annualized revenue run rate is impressive. But government contracts in the national security space come with strings. The NSA, CIA, and Department of Defense all require rigorous supply chain security assessments — the kind that have historically slowed, shrunk, or killed commercial AI deployments.

The gross margin question — which is legitimate and important — may ultimately be secondary compared to whether Anthropic can demonstrate to government auditors that its training data pipeline is clean. That is an enormously expensive and time-consuming process, and it is not baked into any of the public revenue projections circulating this week.

If Anthropic cannot certify its supply chain to government standards, the NSA deal doesn't happen. Or it happens in a dramatically more limited form. Either way, the valuation math changes.

What Mainstream Coverage Got Wrong

The financial press — Bloomberg, Reuters, and others covering the IPO filing — treated the NSA interest as a straightforward revenue catalyst. "Government contracts = more money." That's the entire analysis.

Left-leaning outlets focused on civil liberties concerns about the NSA using AI for offensive cyber operations. A legitimate concern, but not the primary risk for investors and policymakers trying to assess actual vulnerability.

Neither side spent meaningful time on the technical vulnerability at the center of this story: the AI supply chain itself is not secure, the industry has NO universal standard for detecting data poisoning at scale, and the companies racing to go public in 2026 have financial incentives to downplay that fact.

What Regular People Should Take From This

You probably don't care about Anthropic's IPO directly. Here's the practical stakes:

The U.S. government is moving fast to deploy AI in defense and intelligence operations. The pressure to deploy is enormous — because China is moving fast too. Speed and security are in direct tension. When that tension resolves in favor of speed, as it historically does in competitive environments, the result is vulnerable systems embedded in critical infrastructure.

SolarWinds. OPM breach. Colonial Pipeline. These are the patterns.

The question isn't whether AI supply chains will be targeted. They already are. The question is whether anyone in Washington is slowing down long enough to verify that what we're deploying is what we think it is.

Right now, the answer looks like no.