Sen. Mark Warner, vice chair of the Senate Intelligence Committee, disclosed that Gen. Joshua Rudd, head of the NSA and U.S. Cyber Command, briefed him on Anthropic’s Mythos model penetrating “almost all” classified NSA systems during a controlled security evaluation. The test took place on June 11, according to Tom’s Hardware, one day before the Trump administration issued its directive barring all foreign nationals from accessing Fable 5 and Mythos 5.

“(This tool) broke into almost all of our classified systems, not in weeks, but in hours,” Rudd reportedly told Warner, as cited by The Economist in a June 14 report that initially circulated without drawing wide attention, according to Tom’s Hardware.

Timeline: Test to Ban

The sequence compressed into 48 hours. On June 11, Mythos was paired with defensive tools in an authorized internal red-team exercise under controlled conditions. On June 12, the U.S. government issued its directive, marking the first time export controls were applied directly to an AI model rather than to the hardware powering it. Anthropic responded by disabling both models globally, stating it could not practically enforce nationality-based access restrictions.

At the time, the government provided no detailed public evidence. Anthropic said the letter it received did not specify the underlying concern and that it had been given only verbal evidence of a “potential narrow, non-universal jailbreak” that could allow Fable 5 to identify software vulnerabilities.

The Rudd quote now supplies the missing context.

Anthropic Disputes the Framing

Anthropic contends the cited behavior was narrower than the headlines suggest. According to the company, the flagged capability amounted to asking the model to analyze a codebase and identify known bugs, not an autonomous offensive intrusion. Anthropic also argues that rival models, including OpenAI’s GPT-5.5, exhibit similar behavior under comparable conditions, as reported by Tom’s Hardware.

The original Economist author issued a public statement on June 21 clarifying that the breach occurred during an authorized test, not an unsanctioned attack. The viral framing that Mythos “hacked the NSA” was, by this account, inaccurate.

Six Engineers Inside NSA

The Financial Times reported separately that roughly six Anthropic engineers are embedded directly inside the NSA as forward-deployed staff under a specialized arrangement within Anthropic’s Project Glasswing program. They are adapting and customizing Mythos for specific operational applications, with sources indicating the work could extend to offensive operations against networks operated by China and Iran, according to Tom’s Hardware.

This arrangement persists despite the broader export restrictions, creating a two-track reality: Mythos is banned for foreign nationals worldwide but actively deployed inside the U.S. intelligence community.

Agents as Offensive Instruments

The Mythos test reframes the policy debate around frontier AI models. The June 12 export ban was the first to target a model directly rather than chips or hardware. If an AI agent can autonomously compromise classified systems during a controlled evaluation, the question shifts from whether these models should be regulated as products to whether they should be regulated as weapons.

Five Eyes cybersecurity agencies issued a rare joint warning on June 22 that frontier models capable of taking down government and business infrastructure are “months away.” The Mythos test suggests at least one model may have already arrived.

Anthropic says it is working to restore public access and is preparing a collaborative risk-management framework with the White House.