Mythos Allegedly Breaches Almost All NSA Classified Systems

The Economist first published the account, citing Senator Mark Warner (vice chair, Senate Intelligence Committee), who said NSA director Gen. Joshua Rudd told him Anthropic's Mythos ("Mythos 5") "broke into almost all of our classified systems, not in weeks, but in hours" during an authorized red-team evaluation on June 11. The Economist editor Shashank Joshi, who wrote the original passage, later stated on X that his report had been widely misread - the claim "should not be read literally," as it depended on Mythos working in conjunction with other tools under particular conditions, per BeInCrypto's June 21 reporting of Joshi's clarification.

On June 12 at 5:21 PM ET, Anthropic received a Commerce Department export-control directive barring all foreign nationals - including Anthropic's own non-citizen employees - from accessing Fable 5 and Mythos 5, per Fortune and Anthropic's own statement. Because selective compliance would have required blocking part of its own staff, Anthropic suspended both models for all users globally. Access to less powerful models, including Claude Opus 4.8, was not affected, per Fortune. CybersecurityNews notes this marks the first time the United States has applied export controls directly to an AI model rather than to hardware or chips - a landmark regulatory precedent in AI national security governance. Allied Five Eyes governments were reportedly caught off guard, with permissions revoked for agencies, banks, and major firms without prior warning, per CybersecurityNews.

Anthropic states the directive did not provide specific details of the government's national security concern. Officials told Anthropic the decision was triggered by a technique to bypass Fable 5 safeguards - a narrow jailbreak consisting of asking the model to read a codebase and fix identified flaws, per Fortune. Anthropic says the same jailbreak elicits similar behavior from OpenAI's GPT-5.5, and argues that "if this standard was applied across the industry, we believe it would essentially halt all new model deployments for all frontier model providers." Anthropic called the government's position "a misunderstanding" and said it is working to restore access and drafting a shared risk framework with the White House (Fortune, BeInCrypto).

The BBC reported in April that Anthropic was "investigating a report claiming unauthorized access to Claude Mythos Preview through one of our third-party vendor environments," and at that time had no evidence its own systems were affected. BBC coverage framed that earlier incident as likely involving misuse of legitimate access rather than classical intrusion.

BitGo CEO Mike Belshe publicly rejected the viral breach claim as false (BeInCrypto). Digg aggregated expert skepticism that observed red-team behavior reflected autonomous model capability rather than exploitation of existing software vulnerabilities. Analyst Kyle Chase noted the red-team result was a controlled test, and a separate narrow jailbreak flagged by Amazon was cited as the government's direct trigger, per BeInCrypto. Independent forensic corroboration of the full red-team scope remains outstanding.

For security and governance teams, the episode highlights three separable risk vectors:

• •model-in-the-loop capability to discover or weaponize software vulnerabilities in a directed red-team setting
• •export-control governance now applied at the AI model level rather than at the hardware level for the first time
• •the operational risk of third-party vendor access controls. The policy response illustrates that contested red-team claims can trigger near-immediate access restrictions at commercial scale