Anthropic Deploys Engineers to NSA to Implement Mythos in Offensive Cyber Operations

Six Anthropic Engineers at Fort Meade

Financial Times reported on June 5 that approximately six engineers from Anthropic were deployed as forward-deployed staff to the National Security Agency (NSA) headquarters in Fort Meade, Maryland. The mission described by FT is to adapt Mythos, Anthropic's artificial intelligence model focused on offensive cybersecurity, to the agency's specific applications. The NSA had not publicly commented on the operational details by the time this article was published. Anthropic also did not confirm the scope of the operations.

The exact extent remains uncertain. According to a source quoted by FT, Mythos would be "useful for infiltrating networks in countries like China and Iran." The newspaper did not specify whether the engineers are participating in live operations or are limited to customizing and tuning the model. The distinction is legally significant: operating an AI system in active attacks triggers different regimes of export control (EAR/ITAR) and corporate responsibility compared to adapting a model for potential future use.

What Mythos Does and Why Anthropic Kept It Restricted

Mythos is the only model from Anthropic's line that has been kept out of public access since its announcement in April 2026. The reason is technical: the UK AI Security Institute (AISI), affiliated with the UK's Department for Science, Innovation and Technology, assessed the model and concluded that it solves 73% of specialist-level cybersecurity tasks, a figure higher than any other model tested in the same battery. In practice, this means that Mythos can automate tasks that currently require senior red team analysts, from identifying entry vectors to generating functional exploits in controlled environments. Public models like Claude Opus 4.8 and GPT-5.5-Cyber fall significantly short in this task class, according to AISI.

Anthropic distributes Mythos through Project Glasswing, a program that was expanded on June 2 to include 150 additional organizations across more than 15 countries, covering sectors such as energy, water, health, communications, and hardware. This controlled expansion into critical infrastructure, alongside the agreement with the NSA, indicates a selective authorization strategy: access for verified partners instead of open deployment or total prohibition.

The Pentagon's Veto and the NSA's Exception

The agreement with the NSA contrasts with an open conflict with the Department of Defense. In January 2026, during negotiations for a $200 million contract with the Pentagon, the Trump administration demanded that Anthropic authorize the use of its models for "all lawful purposes." The company refused, arguing that the clause would cover mass domestic surveillance and autonomous weapon systems without human oversight. The Department of Defense responded by classifying Anthropic as a "supply-chain risk," blocking the widespread use of its models in military contracts. According to TechTimes, in a report on June 5, Anthropic also filed a lawsuit contesting the ban on Claude in federal government systems.

The arrangement with the NSA exists due to an explicitly negotiated exception that is legally separated from the broader litigation. Emil Michael, the Chief Technology Officer of the Department of War, publicly confirmed in May that the NSA's access to Mythos was distinct from the veto and represents, in his words, "a distinct moment of national security."

AISI, Five Eyes, and Implications for the Global Private Sector

The assessment of Mythos by the UK AISI was conducted within the technological cooperation agreements that structure the Five Eyes alliance among the US, UK, Canada, Australia, and New Zealand. The fact that a British government agency certified the offensive capabilities of an American model before its deployment in a US intelligence agency reveals the level of technical integration of this alliance and points to the still unanswered public question: what NATO nations outside the Five Eyes circle have access to these assessments, and under what conditions?

For CISOs of multinational corporations with branches in the US, Europe, and markets with operators linked to China or Iran, the practical implication is clear: AI specialized in discovering and exploiting vulnerabilities has left the lab and entered an intelligence agency with an active offensive mandate. The People's Liberation Army's Office 61398 and the cyber units of the Iranian Revolutionary Guard Corps have operated for decades with established retaliatory capabilities. The question for the private sector is not whether there will be a cyber response, but where and when it will impact civilian infrastructure. Contracts for the use of AI signed with American suppliers need to clearly specify—something that most currently do not—the usage limits that CISOs and boards need to be able to defend in front of European and American regulators.