US Spies Already Using Mythos Despite Anthropic’s Pentagon Feud - CXOToday.com

Detailed Analysis

Anthropic's restricted cybersecurity AI model, Mythos, is being actively used by the National Security Agency (NSA) despite the broader Department of Defense (DoD) having designated Anthropic a "supply chain risk" — a striking contradiction that reveals the fractured relationship between the AI safety-focused company and the U.S. national security apparatus. Announced in April 2026, Mythos is a frontier model purpose-built for cybersecurity applications, with capabilities including advanced vulnerability detection and real-time threat analysis. Anthropic deliberately withheld the model from public release, citing its potential for enabling offensive cyberattacks if accessed without guardrails. Access has been extended to approximately 40 organizations globally, with only around a dozen publicly identified. The NSA is among those with access but has not been officially named by Anthropic, underscoring the sensitivity of the arrangement.

The NSA's use of Mythos Preview centers on scanning digital environments for exploitable vulnerabilities — a defensive application that aligns with Anthropic's stated intent for the model. However, the persistence of this usage weeks after the DoD labeled Anthropic a supply chain risk exposes a significant bureaucratic and philosophical rift within the U.S. government's approach to AI procurement. The Pentagon's designation reportedly stems from Anthropic's refusal to grant unrestricted access to its models' full capabilities, particularly for applications such as mass surveillance or autonomous weapons systems. The dispute has escalated to legal proceedings, with court arguments centering on the national security implications of Anthropic's access restrictions — a position that stands in direct tension with the NSA's continued operational reliance on the very tool in question.

This situation illustrates the deepening tension between AI companies that have built safety and usage restrictions into their core product philosophy and government agencies that expect unencumbered access to frontier capabilities when national security interests are invoked. Anthropic has been consistent in its posture that certain applications — particularly those enabling offensive or autonomous weapons use — fall outside the boundaries it will permit, even for powerful state actors. The DoD's "supply chain risk" designation is a significant escalation, typically reserved for vendors whose products are deemed to pose systemic vulnerability to U.S. infrastructure, and applying it to an AI lab over access policy disagreements signals how high the stakes in this standoff have become.

The international dimension adds further complexity. The UK's AI Security Institute has confirmed access to Mythos, suggesting that Anthropic is navigating a multi-government landscape where allied nations are selectively granted access under controlled conditions. This tiered access model — roughly 40 vetted organizations worldwide — represents a deliberate governance strategy from Anthropic, one that prioritizes responsible deployment over broad commercialization or unconditioned government access. The NSA's quiet, continued use of the model even amid the Pentagon feud suggests that operationally, the intelligence community values what Mythos offers for defensive cyber missions, even if the DoD's procurement posture is formally adversarial.

Broader trends in AI development make this episode particularly significant. The race to integrate frontier AI into national security infrastructure is accelerating across major powers, and governments are increasingly pressing AI developers for capabilities that push against or exceed the guardrails those companies have established. Anthropic's refusal to yield on core safety constraints — even under legal and political pressure from its own government — represents a meaningful test case for whether AI safety commitments can hold under institutional duress. The outcome of the Pentagon dispute will likely set precedents for how other frontier AI developers negotiate access agreements with defense and intelligence agencies, shaping the governance norms for AI in national security contexts for years to come.