A US government official has confirmed for the first time that an artificial intelligence model — Anthropic’s Mythos — identified actionable security vulnerabilities inside classified federal computer systems during authorized testing, triggering new access restrictions on Anthropic’s technology across government networks. The confirmation, disclosed to the Associated Press on June 24, distinguishes a material development from earlier reporting on Mythos’s deployment inside federal agencies: prior coverage established that the model was operating inside sensitive government environments; this disclosure confirms it found something.
Classified Vulnerability Discovery: The Senate Disclosure
The findings entered the public record when Senator Mark Warner referenced them during a Senate hearing on AI and national security. General Joshua Rudd, who oversees operations at both the NSA and US Cyber Command, had previously briefed Warner on the results. The Associated Press reported on the disclosure, making it the first official public acknowledgment that an AI system had surfaced real vulnerabilities in classified US infrastructure. Officials did not confirm whether Mythos successfully exploited the flaws it identified — only that it found them. The distinction matters: discovery and exploitation are separate capabilities with different threat profiles, and federal officials chose not to characterize the program’s full scope.
Project Glasswing: Mythos AI Testing Inside NSA and US Cyber Command
The testing occurred under Project Glasswing, a program that gave Anthropic’s Mythos model controlled access to NSA and US Cyber Command environments for the purpose of offensive and defensive security evaluation. The program represents a category of government AI deployment that has largely operated outside public visibility: using commercial large language models in classified settings to simulate adversarial tradecraft against federal systems. The disclosure is the first time the outcomes of such a program have been confirmed on the record by US officials, a threshold that separates theoretical capability assessments from confirmed operational results.
Federal Access Restrictions Following the Project Glasswing Disclosure
Following the disclosure, the Trump administration moved to restrict access to Anthropic’s most capable models across federal networks. The new controls specifically addressed the risk of foreign national access to the models, requiring safeguards that limit who can interact with Anthropic systems in government contexts. The nature and scope of those controls — including which agencies are affected and what technical measures enforce the foreign national access restrictions — were not detailed in official statements. The restrictions apply specifically to Anthropic’s latest models, not to the full range of the company’s commercially available systems.
Over 100 Cybersecurity Executives Challenge Anthropic Model Access Controls
The restrictions drew a swift response from the private sector. More than 100 cybersecurity executives signed an open letter urging the administration to reconsider, arguing that restricting Anthropic’s models does not meaningfully reduce risk because competing AI systems from other providers offer equivalent or comparable capability. The letter framed the restrictions as competitively harmful to US AI development without producing a proportionate security benefit, given that adversaries could access similar tools through alternative platforms. The executives’ argument centered on market reality: if equivalent AI capability is accessible through other providers, restricting access to one vendor’s models disadvantages US government and commercial users without reducing the security risk from adversaries who can obtain comparable tools elsewhere.
What the Mythos Finding Means for Federal Cybersecurity AI Policy
The disclosure accelerates a policy debate that has been building since large language models began demonstrating capability in security research contexts. Prior to this confirmation, discussions about AI-assisted vulnerability discovery in government systems were largely theoretical or based on classified assessments unavailable to the public. The Senate hearing made the stakes explicit: an AI model, deployed inside one of the US government’s most sensitive cyber organizations, found something actionable. The Glasswing program’s outcome — the first on-record disclosure that a commercial AI model found real vulnerabilities in classified infrastructure — positions AI security testing as a concrete federal practice rather than a speculative future capability. The question of whether that capability is more valuable as a defensive tool or more dangerous as an offensive one — and who controls access to it — is now an active matter of federal policy rather than a future-oriented concern.
Authorized AI Red-Teaming of Classified Networks Is No Longer Experimental
The Glasswing confirmation creates pressure on federal agencies that operate classified infrastructure to evaluate whether their systems have been assessed against AI-assisted discovery techniques. The program’s disclosed results suggest that agencies relying on traditional red-team methodologies without AI-assisted components may be operating with an assessment gap. It also establishes a precedent with implications across government AI security programs: authorized AI red-teaming of classified networks has moved from experimental program to demonstrated practice. For the commercial AI sector, the access restrictions that followed the disclosure signal that models demonstrating security-relevant capability will face heightened scrutiny and regulatory friction, regardless of whether the testing occurs under federal authorization.
