"AI Breaks Through NSA in Hours" Goes Viral, But the Truth Turns Out to Be a Red Team Exercise?
A sentence that has gone viral across the internet has recently taken a turn.
“Mythos breached almost all of our classified systems in just a few hours, not weeks, but a few hours.”
In recent days, this sentence has flooded English - language social media platforms.
The protagonist is Mythos, the most powerful model of Anthropic, and what was breached was the classified system of the NSA (National Security Agency of the United States). Coupled with the time anchor of “a few hours”, this sentence quickly spread across the internet.
All onlookers were shocked by such a scenario: AI can breach a country's most fortified network defenses within a few hours.
This sentence originally came from a report published by Shashank Joshi in The Economist.
https://www.economist.com/briefing/2026/06/14/donald-trumps-blocking-of-anthropic-is-capricious-and-chaotic
In order to illustrate how powerful AI is, Joshi quoted a sentence from Mark Warner, the vice - chairman of the Senate Intelligence Committee. And Warner's sentence was a retelling of another person: Joshua Rudd, the director who heads both the NSA and the Pentagon's Cyber Command.
Rudd told Warner that Mythos breached almost all classified systems in just a few hours.
After Rudd's sentence was reported by The Economist, it quickly became a hot topic on social media platforms.
Worried about being misinterpreted by the public, on June 21st, Joshi, who wrote this sentence, came forward himself to cool down the hype.
He said on X that the source of this sentence was correct, and he did quote it exactly as Warner said. But if you read it literally, you might misunderstand it.
Mythos achieved this under very specific conditions and in conjunction with other tools. He said that he quoted this sentence at that time to let people feel how powerful Mythos was, but it was a mistake not to add the limitations.
Another easily overlooked point is that when Warner cited this example, his original intention was not to condemn Anthropic. On the contrary.
His exact words were: These AI companies need to “go all out”, and thank goodness, it was Anthropic that did it. If it were another company with lower standards, voluntary testing alone would not be enough.
What Warner really wanted to promote was to establish a mandatory pre - release test for cutting - edge models, rather than relying on the self - awareness of companies.
So you can see such a complete chain of distortion: A sentence originally intended to call for “mandatory testing of cutting - edge models” came out of the NSA's mouth, passed through the senator's mouth, landed on the magazine's paper, and finally became a breaking news of “AI breached the NSA” on social media.
With each transfer, the tone became more exaggerated and absolute.
Behind the Cool - down
How Powerful is Mythos Now?
In the original post, Joshi said that this sentence should not be taken literally.
He said that the fact that Mythos breached the NSA system in a few hours was almost certainly achieved under very specific conditions and by using Mythos in conjunction with other tools. When writing the article, in order to show how powerful it was, he didn't add this limitation. “It was my oversight.”
So, to what extent has the ability of models like Mythos reached?
Public information mainly points to three things: finding vulnerabilities, reasoning attack paths, and running tests in a red - team environment.
According to Axios, institutions that have access to Mythos mainly use it to scan their own environments and identify potential vulnerabilities that could be exploited, rather than attacking the production systems of others in operation.
As early as April, reports confirmed that the NSA was also taking this approach: using the preview version of Mythos to scan its own environment for vulnerabilities, with a group of Anthropic engineers providing support.
This is also a common view repeatedly pointed out by those who came out to correct the misinformation in recent days.
Mike Belshe, the founder and CEO of BitGo, directly refuted in a retweet: This is false. Security analyst Kyle Chase pointed out that the “breach” was a test; Zack Korman complained that no one verified this sentence from the senator, to the journalist, and then to the social media platform.
The more credible version they pointed to is that what Rudd said was an authorized red - team exercise: The NSA put Mythos into a copy of its own classified environment and let it find and connect vulnerabilities, and it achieved this at a speed far exceeding that of human teams.
Red - Team Exercises and Real Invasions are Two Different Things
Red - team exercises involve inviting people to attack your own walls in your own shooting range with authorization, to find holes before the enemy does.
Being able to break through a complex defense system in a controlled shooting range within a few hours is very different from actually breaching the NSA's classified system. There are a whole set of pre - conditions: a specific environment, specific authorization, and a specific tool chain.
Writing “the red team found all the holes in the shooting range in a few hours” as “the NSA's classified system was breached” is a bit like writing a fire drill as a building on fire.
But then again, even if it's just the result of a red - team exercise, Mythos' performance is still scary enough.
A copy of a national - level classified environment had almost all its vulnerabilities found by a model within a few hours. This speed itself is an important security warning signal.
In view of the capabilities of the Mythos model, Anthropic has specifically set up a plan to lock it down: Project Glasswing.
The model is not publicly available for sale and is only distributed to approved defenders. In April, there were about 50 institutions in the first batch, and 12 initiating partners were publicly named, including AWS, Apple, Google, Microsoft, Nvidia, and JPMorgan Chase. On June 2nd, the list expanded to about 150 institutions in more than 15 countries.
The reason remains the same: Its offensive network capabilities are too dangerous, and it cannot be widely released to the public before the safeguards are in place.
Just the first - batch partners have already used it to identify more than 10,000 high - risk or severe - level vulnerabilities.
Shouting Danger on One Hand
Continuing to Use on the Other Hand
What's interesting is the attitude of the US government towards Mythos.
In February this year, the Pentagon wielded the ban hammer, cutting off cooperation with Anthropic and asking its suppliers to follow suit. The reason was that the company was a “supply - chain risk”. The lawsuit is still ongoing.
But recently, President Trump changed his tune in person. When being interviewed on “The Axios Show” and asked “Do you see Anthropic and its CEO Dario Amodei as a national - security threat?”, he answered like this:
Not now, but maybe a week ago.
On June 19th, Trump was interviewed on “The Axios Show” at the White House. When talking about Anthropic, he changed his tune: Not now, but maybe a week ago.
Just a week ago, Amazon, the shareholder behind Anthropic, submitted a vulnerability report, which alarmed the White House. When the government took this report to the Anthropic management, they felt that the other side didn't take it seriously.
So, the Trump administration took direct action.
According to Anthropic's official statement, at 5:21 p.m. (Eastern Time) on June 12th, the company received an export - control order. The wording was tough: Any foreigner was prohibited from accessing Fable 5 and Mythos 5, whether they were in the United States or abroad, and even Anthropic's own foreign employees were not exempted.
The problem is that you can't screen people by nationality one by one in real - time calls.
So, Anthropic had to take a one - size - fits - all approach and directly shut down Fable 5 and Mythos 5 for all global users. Other models, including Claude Opus 4.8, were not affected.
A model for global commercial use was taken off the shelves just like that.
According to Anthropic's official statement, the trigger was an alleged “jailbreaking” technique that could bypass the safeguards of Fable 5. But the company didn't buy it: After looking at the demonstration, they found that only a few long - known minor vulnerabilities were discovered after bypassing, which even public models like OpenAI's GPT - 5.5 could detect. It wasn't a unique ability of Mythos.
Anthropic characterized this as a misunderstanding, saying that it was implementing the order but was trying to restore access as soon as possible.
What's even more paradoxical is that according to Axios' report on April 19th, while the lawsuit was going on, the NSA was still using the most powerful Mythos Preview of Anthropic. On one hand, the Department of Defense claimed in court that using it would pose a national - security threat, while on the other hand, its subordinate NSA was still using it.
Among about 40 authorized institutions, Anthropic only named 12. According to sources, the NSA was among those unnamed institutions.
The most dangerous model was first labeled as a risk and then quietly used in national - security defense.
It's hard to tell whether this is a ban or a dependence.
You can ban a model, but you can't ban a capability.
Export controls can stop Mythos 5, but they can't stop the ability behind “AI can find all the defenses in a few hours”.
What's more troublesome is yet to come.
The government agency CAISI, which is responsible for evaluating the dangerous capabilities of cutting - edge models, has recently been required to stop making its reports public.
It's getting harder and harder for outsiders to tell who decides whether a model can be used.
Reference Materials:
https://x.com/shashj/status/2068704535124508717
https://www.economist.com/briefing/2026/06/14/donald-trumps-blocking-of-anthropic-is-capricious-and-chaotic
This article is from the WeChat public account “New Intelligence Yuan”, author: ASI Revelation, editor: Yuan Yu. It is published by 36Kr with authorization.