NSA Has Lost Access to Anthropic's Mythos AI After the Government Banned the Model That Cracked Its Own Systems

Since Senator Mark Warner's account of the NSA red-team breach in June, a clearer picture of the fallout has emerged: the agency that authorized the test is now cut off from the tool it was evaluating.

On June 11, Anthropic's Mythos AI model participated in a controlled, authorized red-team exercise against NSA systems. According to The Economist's June 14 report, Gen. Timothy Haugh, head of the NSA and U.S. Cyber Command, briefed Sen. Mark Warner on the results. Haugh's assessment: the model broke into "almost all" of the NSA's classified systems "not in weeks, but in hours."

On June 12, one day later, the Trump administration issued a directive barring all foreign nationals, including Anthropic's own non-citizen employees, from accessing Fable 5 and Mythos 5. Anthropic responded by disabling both models globally, stating it had no practical way to enforce access restrictions by nationality without pulling the systems entirely.

The result, reported by the New York Times and confirmed by Politicalwire, is that the NSA now has no access to the model, despite describing it internally as both impressive and alarming.

Anthropic's Rebuttal

Anthropic disputes the severity of what the red-team test actually demonstrated. According to Tom's Hardware, the company argues the flagged behavior was a narrow jailbreak, not an autonomous offensive intrusion. The company says it amounts to asking the model to analyze a codebase and identify vulnerabilities, which surfaced a handful of already-known bugs. Anthropic also points out that OpenAI's GPT-5.5 exhibits the same behavior under similar prompting conditions.

The company says the letter it received from the government cited only a "potential narrow, non-universal jailbreak" as the stated concern, and that it was given only verbal evidence of the vulnerability, with no written technical specification. Anthropic says it is working to restore access and preparing a collaborative response with the government.

If the behavior is reproducible in competing models and limited to known bugs, the export control as applied may be disproportionate to the actual risk. Whether that argument will move the administration is an open question.

The Panic vs. the Strategic Argument

The broader debate over what this means has split along familiar lines. Washington's instinct has been alarm. The Five Eyes alliance, comprising the U.S., Britain, Canada, Australia, and New Zealand, issued a joint warning this month that frontier AI models will transform offensive and defensive cyber capabilities on a timeline measured in months, according to Newsweek.

But Anne Neuberger, former White House deputy national security adviser for cyber and emerging technology and now a general partner at Andreessen Horowitz, pushes back on the panic framing. "Fundamentally, AI is a dual-use technology," Neuberger told Newsweek. "It helps our adversaries and it helps us. It helps offense and defense."

Neuberger's argument is that American-built frontier models carry a structural advantage: the country that builds the dangerous tool gets the first painful look at its own vulnerabilities. Every flaw the red team finds in U.S. infrastructure can be fixed before adversaries exploit it. "I do believe that it's asymmetrical in our favor when there are U.S. models, if we use them for both offense and defense," she told Newsweek.

The red-team test, embarrassing as its results were, did exactly what it was supposed to do: it found the holes before Russia or China did. Cutting NSA access to the model doesn't patch the vulnerabilities. It just removes one of the tools for finding them.

A First in U.S. Export Control History

The June 12 directive is notable on its own terms. According to Tom's Hardware, this marked the first time the United States applied export controls directly to an AI model, as opposed to the chips or hardware required to run one. That is a significant policy shift, and it arrived without detailed public evidence or written technical justification sent to Anthropic.

The mechanism is also new enough that no one, inside or outside government, has fully worked out how to enforce it. Anthropic's decision to pull the models globally rather than attempt selective nationality-based restriction reflects a technical reality: current AI deployment infrastructure wasn't built to screen users by citizenship in real time.

What Remains Unresolved

No charges have been filed against Anthropic, and no formal regulatory enforcement action beyond the export control directive has been announced as of June 23. The company says it is cooperating and working toward restored access.

The unresolved question with real consequences is whether the government and Anthropic can agree on a technical framework that gives intelligence agencies controlled access to frontier AI tools without exposing them to foreign adversaries. If they can't, the NSA loses the red-team dividend Neuberger describes, and future vulnerability mapping goes back to slower, less capable methods, while China and Russia continue advancing their own frontier models with no equivalent self-imposed restriction.