Detailed Analysis
The National Security Agency has obtained access to Anthropic's restricted Mythos Preview model despite the Pentagon's ongoing efforts to blacklist Anthropic as a "supply chain risk," according to two sources who spoke to Axios. Mythos, which Anthropic has limited to roughly 40 organizations due to its offensive cyber capabilities, is being used by the NSA for purposes that remain publicly unspecified, though other organizations with access to the model have primarily deployed it to identify security vulnerabilities within their own systems. Anthropic has publicly disclosed only 12 of the 40 organizations granted access, leaving the NSA among the undisclosed recipients. The NSA, the Pentagon, and the Office of the Director of National Intelligence have all declined to comment on the arrangement.
The contradiction at the center of this story is stark: the Department of Defense is simultaneously arguing in legal proceedings that Anthropic's tools jeopardize U.S. national security while the broader military and intelligence apparatus continues to expand its operational reliance on those same tools. The underlying dispute traces to contract renegotiations earlier in 2026, during which the Pentagon sought unrestricted use of Anthropic's Claude model for "lawful purposes." Anthropic refused to comply without explicit restrictions prohibiting mass domestic surveillance and autonomous weapons development. In February, the Pentagon moved to sever ties with Anthropic and pressure its suppliers to follow suit, a conflict that remains unresolved in court.
The NSA's use of Mythos despite the blacklist underscores a structural problem facing government procurement in the age of advanced AI: the capabilities these models offer are sufficiently compelling that individual agencies may quietly circumvent top-level policy directives to maintain access. The fact that Mythos specifically carries offensive cyber capabilities — and is restricted precisely because of them — makes the NSA's interest both strategically logical and institutionally awkward. Intelligence agencies have a clear operational incentive to adopt tools that can identify and exploit vulnerabilities, even when the legal and political environment formally discourages such procurement.
This episode also illuminates the increasingly fraught relationship between frontier AI developers and the U.S. government. Anthropic's insistence on use-case restrictions — particularly around autonomous weapons and mass surveillance — places it in direct conflict with how the Department of Defense traditionally expects to deploy technology it funds or licenses. The Pentagon's framing of Anthropic as a "supply chain risk" appears, at least in part, to be a legal and bureaucratic pressure tactic aimed at forcing more permissive terms rather than a genuine assessment that the company's models are technically dangerous. The fact that intelligence agencies continue using those models regardless further erodes the credibility of the blacklist as a security measure rather than a negotiating instrument.
Broader trends in AI development suggest this tension will intensify. As models like Mythos develop increasingly specialized capabilities in domains like cybersecurity, the gap between what AI companies are willing to permit and what defense and intelligence agencies wish to do with those systems will widen. Anthropic's decision to restrict Mythos to a curated set of 40 organizations represents an attempt to retain normative control over how its most capable tools are used — a posture that is philosophically coherent but practically difficult to enforce when the NSA is among the parties seeking access. The unfolding legal dispute and the quiet operational reality diverging from it will likely serve as a defining case study in how AI governance intersects with national security imperatives.
Read original article →