Anthropic Deploys Engineers to NSA for Offensive Use of Mythos AI Model
What Happened — Anthropic placed roughly six forward‑deployed engineers inside the U.S. National Security Agency to help operationalize its restricted, high‑capability AI model “Mythos.” The model is being used for offensive cyber operations targeting adversary networks such as those in China and Iran.
Why It Matters for TPRM —
- Demonstrates a concrete supply‑chain risk where a vendor’s technology is repurposed for nation‑state offensive activity.
- Highlights potential regulatory and reputational fallout for organizations that rely on Anthropic’s models under existing procurement bans.
- Signals that “restricted” AI offerings may still be accessed by high‑risk actors through bespoke contracts.
Who Is Affected — Technology SaaS providers, AI API vendors, government contractors, and any third‑party that integrates Anthropic models into products or services.
Recommended Actions — Review contracts and usage rights for Anthropic’s models, verify that no “carve‑outs” exist for high‑risk government agencies, and assess whether continued reliance aligns with your organization’s risk appetite and compliance obligations.
Technical Notes — The collaboration leverages Anthropic’s “Mythos Preview,” a model capable of autonomously discovering and exploiting zero‑day vulnerabilities across major operating systems and browsers. Access is limited to ~50 vetted entities under Project Glasswing, but the NSA arrangement is an explicit exemption from a broader DoD procurement ban. Source: SecurityAffairs