Mythos Broke Into “Almost All” US Classified Systems in Hours, Then Got Shut Down

A US official told The AP News on Tuesday that one of Anthropic’s AI models had identified vulnerabilities in highly sensitive US government computer systems during a testing exercise.

The disclosure connects a sequence of events that had appeared unrelated: the Project Glasswing launch in April, the export control directive that killed Fable 5 and Mythos 5 access on June 12, and Senator Warner’s comment at a Senate hearing on June 11 that drew almost no coverage at the time.

That comment, confirmed now by a government official to AP, is the clearest public statement yet of what Mythos can actually do. 

What Actually Happened During the Testing Exercise

The testing was conducted through Project Glasswing, which brought together tech giants and other companies to secure critical software from the “severe” risks Mythos could pose to public safety, national security, and the economy. 

The framework was exactly what Anthropic designed Project Glasswing to be: a controlled environment where vetted organisations could use Mythos offensively to find vulnerabilities before adversaries did.

The problem is that “controlled” is relative when the target is classified as US government infrastructure. It identified certain vulnerabilities within hours, but that does not mean the AI model was able to exploit them within that time, the official said. 

The distinction matters technically. Finding a cyber vulnerability and building a working exploit are different tasks. But it did not change what Warner said in the Senate, and it did not change what the government did next.

Anthropic’s Project Glasswing launch in April specifically cited Mythos’s ability to identify zero-day vulnerabilities across major operating systems within hours. The government apparently decided to verify that claim. The result confirmed it.

100 Security Experts Push Back on the Shutdown

The export control directive has drawn significant opposition from within the security industry itself. 

More than 100 cybersecurity experts and leaders from companies including Nvidia told the government in a letter that Anthropic’s Mythos models are “quite good” at finding flaws in software and weaponizing exploits, but they are “not uniquely good at these tasks.” 

Many of the letter’s signatories said they regularly use other foundations and open-source models for security audits and training. 

The letter said it is dangerous to take away the best cyber defense capabilities “without a good reason” when America’s adversaries are rapidly advancing. 

The argument is straightforward: if comparable results are achievable with models like GPT-5.5, restricting Mythos removes a US defensive advantage without creating a meaningful barrier for adversaries with access to other frontier models. 

That argument has not yet persuaded the administration. 

The Contradiction at the Centre of Anthropic’s Position

Despite recent cooperation between Anthropic and US agencies on vulnerability testing, tensions between the company and the Trump administration are still growing. 

Anthropic has raised concerns about military use of its AI, while the administration has restricted access to some of its models.

Anthropic built Mythos to find these vulnerabilities. It conducted the testing that uncovered them, then watched the government use those results to shut down its flagship product. 

The company said it disabled the models for all customers to comply with the directive, but does not believe the government’s response was warranted by the security concerns it flagged.

The company that proved Mythos works as advertised is now arguing that proof of its performance should not justify restricting it. 

While reports two weeks ago suggested White House tensions were easing ahead of Anthropic’s IPO, the directive remains in place. 

With classified system vulnerabilities now publicly confirmed, the path back to unrestricted access appears far more complicated than either side anticipated.

Source: Anthropic’s Mythos model found vulnerabilities in classified US government systems