The Financial Times reported that Anthropic has deployed approximately six engineers inside the National Security Agency to support the NSA’s operational use of Mythos — the company’s most advanced cybersecurity AI model, described as capable of finding and exploiting zero-day vulnerabilities in every major operating system and web browser — in what the reporting characterizes as potential offensive cyber operations directed at adversaries including China and Iran.
Mythos’s Capability: Zero-Days Across Every Major OS and a 32-Step Network Attack
The April 2026 Axios reporting that preceded the Financial Times investigation had already confirmed that the NSA was using “Mythos Preview.” The Financial Times report adds the physical deployment dimension: Anthropic engineers embedded inside NSA facilities to support the model’s operational use. The capability profile attributed to Mythos is specific — it can find and exploit zero-day vulnerabilities in every major operating system and every major web browser, and it has completed a 32-step simulated corporate network attack, a benchmark that no other AI model had previously achieved.
Those specifications place Mythos in a different category from AI-assisted security tools that accelerate research or assist human analysts. A model that can autonomously generate a 32-step attack chain against a simulated enterprise network, and locate novel zero-days in production operating systems, is a qualitatively different resource when deployed inside an intelligence agency whose primary mission includes offensive cyber operations against foreign targets.
Six Anthropic Engineers Embedded Inside NSA Under a Secret Pentagon Carve-Out
The deployment operates under a formal exception to a Defense Department procurement restriction. The Pentagon had designated Anthropic a supply-chain risk and banned its software from Defense procurement channels. Simultaneously, the NSA obtained a carve-out from that restriction — an arrangement that was not publicly disclosed until the Financial Times investigation revealed it. The existence of a secret exception to a formal supply-chain risk designation, granted to an AI company whose most capable model is now operational inside NSA facilities, was not acknowledged by either organization before the FT report was published.
Whether the Anthropic engineers are supporting live offensive operations or are engaged solely in customization, fine-tuning, and technical integration of Mythos for potential future use remains undetermined by the available public record. That distinction has significant implications for how the arrangement is characterized under international norms governing state-sponsored cyber activity.
NSA and Anthropic Both Decline to Confirm or Deny the Financial Times Reporting
Both the NSA and Anthropic declined to confirm or deny the reporting. The joint decision to offer no denial — when denial would be straightforward if the reporting were inaccurate — functions as a de facto acknowledgment that the arrangement described by the Financial Times is substantially accurate. This “neither confirm nor deny” stance mirrors the posture that intelligence agencies adopt toward sensitive operational programs they cannot publicly acknowledge without compromising methods or missions.
The Governance Tension Between the Pentagon Ban and the NSA Exception
The formal supply-chain risk designation and the simultaneous existence of a secret exception expose a structural inconsistency in how US government procurement policy handles AI vendors whose products have direct offensive cyber utility. One part of the Defense establishment formally restricts Anthropic’s products on supply-chain grounds. A different part of the same national security apparatus embeds Anthropic engineers in its facilities under a carve-out that was invisible to the public and apparently to the broader Defense procurement community.
The Mythos deployment represents the state-actor apex of an AI capability trend visible across multiple tiers of the threat landscape. The depthfirst FFmpeg research — disclosed at the same time — explicitly benchmarks its $1,000 AI analysis cost at approximately 10% of a single Mythos run, illustrating that the same underlying capability is now distributed across a cost spectrum ranging from budget-accessible autonomous agents to classified nation-state programs. Separately, security researchers have documented ransomware operators using commercial AI models for EDR evasion and Active Directory reconnaissance in automated attack chains. The NSA arrangement places Mythos at the high end of this spectrum: not a research tool or a criminal utility, but a capability embedded in an organization that conducts offensive cyber operations as a core function.
The Financial Times report does not specify when the Anthropic engineers arrived inside NSA facilities, the duration of the arrangement, or the legal framework under which the supply-chain risk carve-out was authorized.
