NSA is running Anthropic's Mythos. The Pentagon says Anthropic is a supply-chain risk.
Axios reports the NSA is using Anthropic's unreleased Mythos model even though the Defense Department has blacklisted Anthropic. One government, two positions.
The NSA is running Anthropic’s Mythos Preview, the same model the Defense Department has branded a “supply-chain risk” and tried to rip out of federal procurement. The agency sits inside the Pentagon. That’s the whole story.
The two contradictory positions
Axios’s Sara Fischer and Ina Fried broke the scoop on April 19: the NSA, housed within the Department of Defense, is among the roughly 40 organizations Anthropic has granted early access to Mythos Preview. At the same time, the DoD has been arguing in federal court that using Anthropic’s tools threatens U.S. national security. One arm of the building is buying, the other is boycotting.
The Pentagon fight started in February, when Defense Secretary Pete Hegseth demanded Anthropic let the department use Claude for “all lawful purposes.” Anthropic wouldn’t budge on two usage policies: no mass domestic surveillance, no fully autonomous weapons. The department then moved to cut off Anthropic and push its vendors to follow, as Implicator summarized the dispute. A federal judge in Northern California briefly blocked the designation in March; another panel let it stand while litigation continues.
And yet the NSA is using Mythos anyway. It’s unclear what the agency is doing with the model. Axios notes other Mythos Preview partners are mostly scanning their own environments for exploitable bugs.
What Mythos Preview actually is
Mythos Preview is Anthropic’s strongest frontier model, held back from the regular Claude app because Anthropic considers its cyber capabilities too risky for open release. It’s the reason Claude Opus 4.7 shipped a week ago with Opus publicly noting that a more capable internal model exists.
Anthropic ships it through Project Glasswing, the program it announced on April 7. Launch partners are AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, Nvidia, and Palo Alto Networks. Anthropic is spending up to $100M in usage credits plus $4M in direct donations to open-source security groups. Bruce Schneier called the launch “the most important AI security announcement of the year.”
The pitch is defender-first. In the weeks before launch, Anthropic ran Mythos against public and proprietary code and flagged thousands of zero-days across every major operating system and browser. Glasswing partners get a head start on patching them before the model (or anything like it) leaks into attacker hands.
What we don’t know
- How the NSA got in. Anthropic vets each Glasswing partner, and the 40-org extension list isn’t public. Whether the NSA came in through a civilian-agency carve-out, a vendor reseller, or a direct agreement isn’t in the Axios piece.
- What the NSA is running Mythos against. Classified infrastructure? Contractor codebases? The agency’s own offensive tooling? No one on the record is saying.
- Where the lawsuits land. The DoD “supply-chain risk” designation is still in court. If the Pentagon prevails, every Defense component (including the NSA) would technically have to stop using Anthropic. If Anthropic prevails, the designation goes away and the contradiction resolves in one direction.
- What changed last Friday. CEO Dario Amodei met White House chief of staff Susie Wiles and Treasury Secretary Scott Bessent to discuss government use of Mythos and Anthropic’s broader security posture. Whatever was said, civilian agencies are pushing for broader access per earlier Axios reporting.
What this means for you
If you run security for any organization that sells into federal, this story is the map. The Pentagon has one policy, intelligence has another, and the White House is trying to referee. Procurement paperwork will not catch up for months. Plan for an environment where “cleared for federal use” means “cleared for this agency today,” not a stable baseline.
For defenders generally, the Glasswing model is the interesting precedent. Anthropic is handing its strongest cyber-capable model to a vetted defender pool before anyone else, on the theory that patch-first beats exploit-first. If that works, expect OpenAI and Google to copy the structure with their own restricted tiers, probably on top of OpenAI’s already-shipped GPT-5.4-Cyber. If it leaks or gets abused, the argument for keeping the strongest models inside a walled garden collapses quickly. Watch who gets added to the 40-org list next, and who gets removed.
Sources
- Scoop: NSA using Anthropic's Mythos despite Defense Department blacklist — Axios
- Project Glasswing: Securing critical software for the AI era — Anthropic
- Anthropic is giving some firms early access to Claude Mythos to bolster cybersecurity defenses — Fortune
- Anthropic says its most powerful AI cyber model is too dangerous to release publicly — VentureBeat
- On Anthropic's Mythos Preview and Project Glasswing — Schneier on Security
- NSA Uses Anthropic Mythos Despite Pentagon Risk Label — Implicator