NSA taps Anthropic's Mythos AI for offensive cyber strikes

Lead

Anthropic’s Mythos model is now powering NSA offensive cyber operations targeting networks in China and Iran, according to a report published on June 5, 2026.

Context

The report from The Decoder explains that roughly half a dozen Anthropic engineers have been embedded within the National Security Agency to tailor Mythos for hostile cyber missions. Anthropic’s public stance on AI use limits its restrictions to U.S. citizens, leaving foreign applications largely unregulated.

Mythos is one of Anthropic’s flagship large‑language models, designed for high‑capacity reasoning tasks. By placing its engineers directly inside the NSA, the agency can fine‑tune the model for tasks such as network infiltration, credential harvesting, and exploitation of software vulnerabilities in adversary systems.

Anthropic is simultaneously accelerating its own internal development. In a separate disclosure, the company revealed that its Claude model now writes more than 90 % of production code, enabling engineers to ship eight times the code volume they produced in 2024. This rapid self‑improvement is the reason Anthropic is lobbying for a verifiable, global pause on frontier AI development, a move it says would only take effect if other leading labs agree to halt as well.

Security experts point out that the Mythos deployment is part of a broader trend where AI tools are being weaponized. A recent incident involving Meta’s AI‑driven customer support agent, highlighted by MIT Technology Review AI, showed attackers exploiting a simple request to link Instagram accounts to attacker‑controlled emails, even compromising a dormant White House account. The episode underscores that AI‑enabled attacks can arise from everyday services, not just purpose‑built models like Mythos.

Impact

Deploying a sophisticated language model for offensive cyber work raises several immediate concerns. First, the speed at which Mythos can generate code and scripts may shorten the window between discovery of a vulnerability and its exploitation, potentially destabilizing the already fragile cyber equilibrium between the United States, China, and Iran.

Second, the partnership blurs the line between private‑sector AI research and state‑run cyber warfare. Anthropic’s policy of restricting AI misuse only for U.S. citizens leaves a regulatory gap that could be exploited by other nations seeking similar capabilities.

Third, the move may trigger diplomatic pushback. If Chinese or Iranian officials can attribute a breach to a model that originated in a U.S. company, calls for sanctions or retaliatory cyber measures could intensify, complicating existing diplomatic channels.

Finally, the episode adds pressure to Anthropic’s own push for a global AI pause. Critics argue that a pause would be ineffective unless it includes clear rules about military applications, while supporters claim that without a coordinated halt the arms race in AI‑driven cyber tools could spiral out of control.

What’s Next

Policymakers are likely to examine the legal framework governing AI export controls and the permissible scope of private‑sector collaboration with intelligence agencies. Congressional hearings on AI weaponization are expected to reference the Mythos case as a concrete example of the challenges ahead.

Anthropic has signaled willingness to halt development if other frontier labs do the same, but no formal agreement has been announced. Observers will watch for any multilateral talks that might establish verification mechanisms for a pause.

In parallel, cybersecurity firms are expected to update threat‑intel feeds to flag Mythos‑generated code patterns, helping defenders recognize the new class of AI‑crafted attacks.

As the story unfolds, the intersection of advanced language models and state‑level cyber operations will remain a focal point for both technologists and diplomats.