Anthropic Mythos AI Breaches NSA Classified Systems in Hours

Key Takeaways

• Anthropic’s Mythos AI model reportedly breached classified NSA systems during a red-team exercise.
• The breach, which occurred on June 11, prompted an unprecedented U.S. government directive on AI export controls.
• The U.S. Commerce Department subsequently restricted access to Anthropic’s Fable 5 and Mythos 5 models for all foreign nationals.
• Anthropic disputes the severity of the incident, claiming it was a “narrow jailbreak” and an overreaction.

Anthropic’s Mythos AI Reportedly Breaches NSA Classified Systems in Hours, Prompting Export Controls

Anthropic’s advanced Mythos artificial intelligence model reportedly compromised a significant portion of the National Security Agency’s (NSA) classified networks within a mere few hours. This alarming event unfolded during a sanctioned red-team exercise conducted on June 11 and appears to be the catalyst for a swift, broad U.S. government initiative concerning AI export controls, enacted just one day later.

Details of the Breach and Official Confirmation

Senator Mark Warner, the Vice Chairman of the Senate Intelligence Committee, revealed that General Joshua Rudd, who concurrently leads both the NSA and U.S. Cyber Command, informed him directly about the incident. According to Senator Warner, General Rudd stated that Anthropic’s Mythos model “broke into almost all of our classified systems, not in weeks, but in hours.”

While this statement, initially reported by The Economist, has not received formal confirmation from any government body, it has significantly influenced the public understanding of Washington’s decision to withdraw Anthropic’s two most sophisticated AI models from public accessibility.

Unprecedented Export Controls on AI Models

The disclosure provides critical context for the Commerce Department’s directive issued on June 12. This directive explicitly prohibited all foreign nationals, including non-citizen employees within Anthropic itself, from accessing the Fable 5 and Mythos 5 models. Following this, Anthropic proceeded to suspend both models for its entire customer base.

Significantly, this marks the first instance where the United States has imposed export controls directly on an AI model, rather than on the underlying hardware or processing chips. This action establishes a groundbreaking regulatory precedent in the realm of AI national security governance.

International Repercussions and Anthropic’s Response

Members of the Five Eyes intelligence alliance—Australia, Britain, Canada, and New Zealand—were reportedly taken by surprise by the sudden restrictions. Permissions for government agencies, financial institutions, and major corporations in these allied nations were revoked without prior notification.

Anthropic, however, challenges the government’s justification for these severe measures. The company asserts that the alleged trigger was a limited “jailbreak” vulnerability, a characteristic also present in other leading AI models, such as GPT-5.5. Anthropic characterizes the comprehensive recall as a disproportionate overreaction.

According to Anthropic’s account, the flagged behavior involved instructing the model to analyze a codebase and identify and rectify issues, rather than an autonomous, malicious intrusion. The company is actively working to restore access and is developing a collaborative risk management framework in conjunction with the White House.

What You Should Do

• Organizations utilizing advanced AI models should review their internal security protocols and access controls, particularly for models with access to sensitive data.
• Implement robust red-teaming exercises with independent evaluators to proactively identify potential vulnerabilities in AI systems.
• Stay informed on evolving government directives and export control regulations related to AI technologies, as this landscape is rapidly changing.
• For AI developers, prioritize ethical AI development and collaborate with government bodies to establish clear risk management and security frameworks.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.