A sentence that went viral online recently has seen a reversal.
‘Mythos broke through almost all of our classified systems in hours, not weeks, in hours.’
This sentence has been flooding English social media platforms in recent days.
The protagonist is Anthropic's most powerful model, Mythos, and what was breached were the classified systems of the NSA (National Security Agency). Combined with the timeframe anchor of ‘in hours,’ this sentence spread rapidly across the internet.
All onlookers were shocked by the image it painted: AI can now breach the most stringent cyber defenses of a nation within a few hours.
This sentence originally came from a report by Shashank Joshi published in The Economist.
https://www.economist.com/briefing/2026/06/14/donald-trumps-blocking-of-anthropic-is-capricious-and-chaotic
In the article, to illustrate how powerful AI is, Joshi quoted a statement from Senate Intelligence Committee Vice Chairman Mark Warner, and Warner's statement was itself a recounting of someone else's words: General Joshua Rudd, who heads both the NSA and the Pentagon's Cyber Command.
Rudd told Warner that Mythos broke through almost all classified systems in hours.
After being reported by The Economist, Rudd's statement quickly became a hot topic on social platforms.
Concerned about public misinterpretation, Joshi, who wrote the sentence, personally stepped in on June 21st to temper the statement.
He said on X that the source of the quote was accurate; he did indeed quote Warner verbatim. However, taking it literally might lead to misunderstanding.
Mythos achieved this only under very specific conditions and when used in conjunction with other tools. He stated that he cited the quote to convey the strength of Mythos, but failing to add qualifications was his oversight.
Another easily overlooked point is that Warner's original intention in bringing up this example was not to denounce Anthropic; on the contrary.
His original words were: we need to let these AI companies ‘go full throttle,’ and thank goodness, it was Anthropic that did this. With another company with less rigid principles, relying solely on voluntary testing simply wouldn't suffice.
What Warner really wanted to push for was establishing mandatory pre-release testing for frontier models, rather than gambling on corporate self-regulation.
Thus, we see a complete chain of distortion: a sentence originally meant to advocate for ‘mandatory testing for frontier models’ comes from the NSA, passes through a senator's mouth, lands in a magazine's pages, and finally becomes breaking news of ‘AI Breaks NSA’ on social media.
Each time it was relayed, the tone became more exaggerated and absolute.
Behind the Cooling Down
How Powerful Is Mythos Actually Now?
In the original post, Joshi said the sentence shouldn't be taken literally.
He said the incident where Mythos broke through NSA systems in hours almost certainly occurred under very specific conditions, with Mythos being used alongside other tools. He said it was his ‘negligence’ not to include these qualifications when writing the article to emphasize its strength.
So, how capable are models like Mythos at this point?
Public information points more towards three things: finding vulnerabilities, reasoning attack paths, and running tests in red team environments.
According to an Axios report, institutions granted access to Mythos primarily use it to scan their own environments and identify potential vulnerabilities that could be exploited, not to attack live production systems running others' operations.
As early as April, reports confirmed that the NSA was taking precisely this approach: using the Mythos preview to scan its own environment for vulnerabilities, with a team of Anthropic engineers providing support.
This is also a common point reiterated by those who have come forward to correct the record in recent days.
BitGo founder and CEO Mike Belshe directly called it out in a repost: this is false. Security analyst Kyle Chase clarified that the ‘breach’ was a test; Zack Korman complained about how the statement went from senator to journalist to social media without anyone verifying it along the way.
The more credible version they point to is that Rudd was referring to an authorized red team exercise: the NSA placed Mythos in a replica of its own classified environment, tasked it with finding and chaining vulnerabilities, and it did so at a speed far exceeding that of human teams.
Red Team Exercise vs. Real Intrusion
A red team exercise is when you hire people, in your own controlled environment (a ‘range’), with authorization, to test your own defenses, finding holes before the enemy does.
Being able to breach a complex defense setup in a controlled range in a few hours is separated from actually breaching the NSA's live classified systems by a whole set of prerequisites: specific environment, specific authorization, specific toolchains.
Writing ‘red team found all holes in range in hours’ as ‘NSA classified systems breached’ is a bit like writing a fire drill report as ‘building on fire.’
That said, even if it's just the result of a red team exercise, Mythos's performance itself is alarming enough.
A replica of a national-level classified environment, with a model chaining together almost all vulnerabilities within hours – that speed itself is a significant security warning.
Given the capabilities of the Mythos model, Anthropic specifically established a program to lock it down: Project Glasswing.
The model is not sold publicly; it's only distributed to vetted defense entities. The first batch in April included about 50 organizations, with 12 publicly named founding partners including AWS, Apple, Google, Microsoft, NVIDIA, and JPMorgan Chase; by June 2nd, the list expanded to about 150 institutions across more than 15 countries.
The reason remains consistent: its offensive cyber capabilities are too dangerous, and it cannot be widely released to the public before sufficient guardrails are in place.
Even the initial partners have already used it to uncover over 10,000 high or critical severity vulnerabilities.
Calling It Dangerous
While Continuing to Use It
What's interesting is the U.S. government's attitude toward Mythos.
In February of this year, the Pentagon raised the ban hammer, cutting off cooperation with Anthropic and demanding its suppliers follow suit. The reason cited was that the company was a ‘supply chain risk.’ The legal battle is still ongoing.
But recently, President Trump himself changed his tune. During an interview on ‘The Axios Show,’ when asked ‘Do you see Anthropic, its CEO Dario Amodei, as a national security threat?’, he responded:
Not now, but maybe a week ago, yes.
On June 19, Trump gave an interview at the White House for ‘The Axios Show,’ changing his stance on Anthropic: Not now, but maybe a week ago, yes.
Just a week prior, Amazon, a shareholder behind Anthropic, submitted a vulnerability report that alarmed the White House. When the government took this report to Anthropic's senior management, they felt the company didn't take it seriously.
So, the Trump administration took direct action.
According to Anthropic's official account, at 5:21 PM EST on June 12th, the company received an export control order. The wording was firm: it prohibited any foreign national from accessing Fable 5 and Mythos 5, regardless of whether they were inside or outside the United States, not even Anthropic's own foreign employees were exempt.
The problem is, you can't filter people by nationality one by one during real-time API calls.
Therefore, Anthropic had to implement a blanket shutdown, directly disabling Fable 5 and Mythos 5 for all users worldwide. Other models, including Claude Opus 4.8, were unaffected.
A model for global commercial use, taken offline just like that.
According to Anthropic's official statement, the trigger was a claimed ‘jailbreak’ method that could bypass Fable 5's guardrails. However, the company does not accept this claim: it reviewed the demonstration, and what was found after the bypass were several minor, already known vulnerabilities that even public models like OpenAI's GPT-5.5 could find, hardly a capability unique to Mythos.
Anthropic characterized this as a misunderstanding, stating it complied with the order but is working to restore access as soon as possible.
What's more contradictory is that, according to an Axios report on April 19th, while the lawsuit was ongoing, the NSA was still using Anthropic's strongest model, the Mythos Preview. While the Department of Defense argued in court that using it threatened national security, its subordinate, the NSA, continued using it.
Among the approximately 40 authorized institutions, Anthropic only publicly named 12. According to sources, the NSA is among those names not publicly disclosed.
The most dangerous model is first labeled a risk, then quietly used in national security defense.
It's unclear whether this is a ban or a dependency.
You can ban a model, but you can't ban a capability.
Export controls can stop Mythos 5, but they can't stop the underlying capability represented by ‘AI can find holes in a defense setup in hours.’
The bigger trouble lies ahead.
The government agency CAISI, responsible for assessing the dangerous capabilities of frontier models, has recently been ordered to stop publishing its reports.
Who decides whether a model can be used or not is becoming increasingly unclear to outsiders.
References:
https://x.com/shashj/status/2068704535124508717
https://www.economist.com/briefing/2026/06/14/donald-trumps-blocking-of-anthropic-is-capricious-and-chaotic
This article is from the WeChat public account “新智元” (Xinzhiyuan), author: ASI启示录, editor: 元宇
