Mythos Allegedly Breaches Almost All NSA Classified Systems
This episode is a lesson in how fast a contested, secondhand account of an AI red-team result can trigger national policy action, and how quickly that action can unwind once the evidence is reviewed. The Economist, citing Senator Mark Warner (vice chair, Senate Intelligence Committee), reported that NSA and Cyber Command director Gen. Joshua Rudd told him Anthropic's Mythos "broke into almost all of our classified systems, not in weeks, but in hours" during a June 11 authorized red-team exercise; the Economist reporter who wrote that line, Shashank Joshi, said about a week later it "should not be read literally" and depended on Mythos working alongside other tools under specific conditions. On June 12, the US Commerce Department ordered Anthropic to cut off foreign nationals, including its own staff, from Fable 5 and Mythos 5; unable to comply selectively, Anthropic suspended both models worldwide and disputed the stated trigger as a narrow jailbreak that also affects rival models. The government lifted the controls by July 1. Security researchers, including BitGo's Mike Belshe, publicly challenged the literal breach framing, noting the NSA's most sensitive networks are typically air-gapped.
This episode is a case study in how quickly a contested, secondhand characterization of an AI red-team result can outrun the evidence behind it, and in how governments can now act directly on an AI model rather than on the hardware underneath it. Within a day of a senator's account of a classified briefing becoming public, the US Commerce Department issued the first export-control directive ever applied to an AI model rather than to chips or hardware; within about three weeks, that same directive was reversed. For security and AI-evaluation practitioners, the more durable lesson is not whether Mythos "broke into" the NSA, since the reporter who wrote that line says it was over-read. It is that red-team results relayed through a chain of secondhand retellings, from a general to a senator to a journalist to the public, are now capable of triggering national-level policy action before independent forensic verification exists, and that the same ambiguity can just as quickly reverse a decision once vendors, industry coalitions, and government evaluators re-examine it together.
What was claimed
The Economist first reported the claim, citing Senator Mark Warner (vice chair, Senate Intelligence Committee), who said NSA and US Cyber Command director Gen. Joshua Rudd told him that Anthropic's Mythos "broke into almost all of our classified systems, not in weeks, but in hours" during an authorized red-team exercise on June 11. The Economist journalist who wrote that line, Shashank Joshi, said on X about a week later that the claim was being widely misread: he had accurately quoted Warner, but "it would be a mistake to read that literally... It surely depends on using Mythos alongside other tools under very particular conditions... it was a mistake not to have added caveats." Other reporting indicates the test ran against a replica of NSA systems, alongside other tools and with engineers present, consistent with a controlled evaluation rather than an unsupervised intrusion into live production networks. Independent forensic confirmation of the full scope was not available, and multiple security researchers publicly challenged the literal framing, noting that the most sensitive classified networks are typically air-gapped, which is difficult to reconcile with an autonomous "break-in... in hours" as literally described; BitGo CEO Mike Belshe was among those who publicly called the viral version of the claim false.
Government action and Anthropic's dispute
On June 12 at 5:21pm ET, Anthropic received a Commerce Department export-control directive ordering it to cut off all foreign nationals, including its own non-citizen employees, from its Fable 5 and Mythos 5 models. Because it had no reliable way to verify user nationality in real time, Anthropic suspended both models for all users worldwide; access to other Claude models, including Opus 4.8, was unaffected. Per Anthropic's own account, the government's stated trigger was a report, originating with Amazon researchers, describing a technique for bypassing Fable 5's safeguards by asking the model to review a codebase and fix flaws it found. Anthropic said the same prompting pattern elicited comparable output from multiple other models it tested, including OpenAI's GPT-5.5 and several smaller Claude models, and argued that applying this standard industry-wide "would essentially halt all new model deployments for all frontier model providers." The directive also cut off Five Eyes government partners, including the UK's AI Security Institute, without advance warning, according to multiple outlets.
Resolution
The Commerce Department lifted the export controls in stages: Mythos 5 access was restored for a set of US organizations on June 26, broader controls were lifted on June 30, and Fable 5 returned to global users on July 1 (subject to weekly usage-limit terms), per Anthropic's own account. Anthropic said it had trained an improved safety classifier that blocks the specific reported technique in more than 99 percent of cases, and it is now working with Amazon, Microsoft, and Google to draft a shared industry framework for scoring the severity of AI jailbreaks, an attempt to replace the kind of ad hoc, single-incident judgment call that triggered this directive.
Implications for practitioners
For AI-safety evaluators, this sequence shows that red-team results are only as reliable as the chain that reports them: a real, authorized test produced a headline that its own author disavowed within days, yet the claim still moved a national government to act within hours of surfacing. For security teams evaluating frontier models, it reinforces a recurring pattern: models that can meaningfully assist in finding software vulnerabilities need graded, transparent severity frameworks rather than binary "safe or dangerous" characterizations, since the underlying capability, finding known classes of bugs, is shared across major model providers rather than unique to one lab. For policy-watchers, the durable takeaway is structural: a government can now order a single AI model disabled worldwide within hours of a contested claim, and can reverse that order within weeks once technical review catches up. Accounts differ on the specifics, whether the observed behavior reflected a genuine autonomous intrusion or known-vulnerability discovery under supervised, replica conditions, and that underlying capability question should be treated as contested pending independent forensic disclosure.
Key Points
- 1The Economist reported Sen. Warner relayed NSA chief Gen. Rudd's claim that Mythos breached almost all classified systems within hours.
- 2The Economist's own reporter said the quote was misread, yet it still triggered the first US export ban ever applied to an AI model.
- 3Security teams should treat AI red-team claims as contested until forensically verified, and expect graded jailbreak-severity standards rather than binary bans.
Scoring Rationale
This remains a major story: the US government's first-ever export control applied directly to an AI model rather than hardware is a genuine regulatory landmark, and the underlying claim reached the level of a Senate-relayed national security concern that briefly cut off Five Eyes partners. The score is tempered slightly from the original because further verification confirms the core 'breach' framing was walked back by the reporter who wrote it, faces substantial technical skepticism over air-gapped network architecture, and the episode was fully resolved within about three weeks with both models restored, indicating a contained and reversed regulatory event rather than a lasting rupture.
Sources
Primary source and supporting public references used for this report.
View 15 more sources
- Donald Trump's blocking of Anthropic is capricious and chaoticeconomist.com
- Statement on the US government directive to suspend access to Fable 5 and Mythos 5anthropic.com
- Anthropic disables Fable and Mythos AI models after U.S. government bars it from giving foreigners accessfortune.com
- Anthropic's Mythos model found vulnerabilities in classified US government systems, official saysapnews.com
- N.S.A. Lost Access to Powerful A.I. Model Amid Anthropic Disputenytimes.com
- The Hacker Sent by Anthropic to Calm the Government's Nerves About AI Safetywsj.com
- Anthropic's Mythos AI reportedly cracked NSA classified systems in hours, that would explain the bantechspot.com
- Anthropic's Mythos AI broke into almost all NSA classified systems in hourssecurityaffairs.com
- Anthropic's Mythos AI Model Reportedly Breached NSA Classified Systems in Hourscybersecuritynews.com
- Anthropic's powerful Mythos AI reportedly breached 'almost all' NSA classified systems within a few hours during red-team testtomshardware.com
- Claude Fable 5 Resurfaces in Android App as NSA Breach Testimony Reshapes Bantechtimes.com
- Crypto Executive Disputes Claims Anthropic's Mythos Breached NSA Systemsbeincrypto.com
- Experts dispute Senator Mark Warner's claim that Mythos breached classified NSA systemsdigg.com
- Claude Mythos AI unauthorised access claim probed by Anthropicbbc.com
- NSA chief says Mythos breached 'almost all' classified systems in hoursbankwatch.ca
Practice interview problems based on real data
1,625 SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems
