In April 2026, the National Security Agency is reportedly deploying Anthropic’s classified Mythos Preview model for offensive cybersecurity operations, despite a presidential executive order barring federal use of the company’s AI due to safeguards against autonomous weapons and mass surveillance—a contradiction exposing how national security imperatives are overriding formal AI governance protocols.
The contradiction is stark: while the Trump administration’s February directive mandated a six-month wind-down of all federal contracts with Anthropic over its refusal to remove model-level constraints preventing lethal autonomy and domestic dragnet surveillance, internal signals intelligence units appear to have secured backchannel access to the very systems deemed too dangerous for general government use. This isn’t mere workaround—it’s a systemic bypass of executive authority, revealing a classified pipeline where mission-critical needs trump policy compliance, even as the White House publicly negotiates with Anthropic’s CEO over safer engagement frameworks.
Mythos Preview, as described in limited briefings to allied cyber commands, is not a conventional LLM. We see a sparsely gated mixture-of-experts (MoE) architecture with 2.3 trillion parameters, of which only 180 billion activate per inference pass—a design choice that optimizes for specialized reasoning in binary analysis, control-flow graph reconstruction, and vulnerability extrapolation without the computational overhead of dense models. Unlike Anthropic’s public Claude series, Mythos omits constitutional AI fine-tuning layers entirely, replacing them with a reinforcement learning pipeline trained on curated exploit datasets, including decompiled firmware from SCADA systems, legacy Windows kernel modules, and obfuscated malware binaries sourced from dark web repositories and redirected through Project Glasswing’s air-gapped analysis environment.
This architectural divergence explains why the Pentagon labeled it a supply chain risk: Mythos doesn’t just detect known CVEs—it synthesizes novel exploit chains by reasoning across memory corruption primitives, side-channel leakage patterns, and logic flaws in hardware abstraction layers. In internal benchmarks shared with Five Eyes partners, Mythos demonstrated a 47% higher success rate in generating working zero-day exploits for Windows 11 kernel drivers compared to GPT-4 Turbo, and a 3.2x reduction in false positives when auditing seccomp-bpf profiles in containerized environments—capabilities that make it uniquely valuable for offensive cyber units tasked with developing cyber weapons or penetrating adversarial infrastructure.
“The ethical guardrails that make Claude safe for enterprise deployment are precisely what make it useless for red teaming at nation-state scale,” said a former NSA Tailored Access Operations engineer now working with a DARPA-funded cybersecurity startup, speaking on condition of anonymity. “Mythos removes those constraints not to enable harm, but to model the attacker’s mindset with fidelity. You can’t defend what you don’t understand—and you can’t understand modern threats without simulating them at the machine code level.”
This operational reality is reshaping how allied nations approach AI in cyber defense. The UK’s AI Security Institute, which similarly holds Mythos access under a bilateral agreement, has begun using the model to automate the creation of eBPF-based detection rules that mirror observed attacker TTPs—turning offensive insights into defensive signatures in near real-time. Meanwhile, the Cybersecurity and Infrastructure Security Agency (CISA) remains publicly barred from using Anthropic’s tools, creating a dangerous split where offensive units wield cutting-edge AI while civilian cyber defenders rely on legacy signature-based tools and manual analysis—a gap adversaries are already exploiting in recent ransomware campaigns targeting municipal water systems.
The implications extend beyond government walls. Anthropic’s decision to restrict Mythos to a vetted circle of 40 organizations—including national labs, intelligence allies, and a handful of cleared defense contractors—has triggered alarm in the open-source security community. Projects like OSSEM and Sigma, which rely on transparent, community-vetted detection rules, now face an asymmetry where adversaries may be using AI-generated, adaptive attack patterns that evade static rule sets. “We’re seeing malware that mutates its behavior based on the defender’s known Sigma rules,” warned a lead developer at Elastic Security during a recent RSA Conference panel. “If the offense is using generative models to stay ahead of signatures, the defense needs equivalent capabilities—or we’ll keep losing the asymptotic race.”
This dynamic is accelerating a bifurcation in the AI security toolchain. On one side, closed, classified models like Mythos power advanced threat emulation and exploit development. on the other, open-source initiatives struggle to keep pace without access to comparable reasoning engines. The result is a growing dependency on vendor-specific AI ecosystems—where access to cutting-edge defensive AI becomes contingent on security clearances or corporate partnerships, undermining the decentralized, collaborative ethos that has historically strengthened digital resilience.
Internally, Anthropic appears to be walking a tightrope. While publicly adhering to its constitutional AI principles, the company has quietly established a separate governance track for models like Mythos, overseen by a dedicated ethics board with representation from former intelligence officers and cyber war planners. This dual-track approach allows the company to maintain its public safety branding while supplying the very capabilities governments demand—even when those capabilities violate the spirit of its stated mission. As one former policy lead at Anthropic noted off-record: “We didn’t build Mythos to break our own rules. We built it because the rules, as written, make it impossible to defend against the threats we’re seeing.”
The broader tech war implications are profound. As nations race to operationalize AI for cyber advantage, the traditional boundaries between commercial AI safety research and national security applications are dissolving. Companies like Anthropic, once positioned as ethical alternatives to frontier labs, are now integral nodes in a classified supply chain where model weights, training corpora, and inference pipelines move under NDA and export control classifications. This shift risks creating a two-tiered AI landscape: one where commercial users interact with constrained, aligned models, and another where state actors wield unfiltered systems optimized for offensive superiority—raising urgent questions about accountability, escalation dynamics, and the long-term stability of norms governing AI in conflict.
For now, the Mythos paradox endures: a model deemed too risky for federal use is quietly powering the most sensitive operations of the very agencies that banned it. The lesson isn’t just about hypocrisy—it’s about the inadequacy of current AI governance frameworks when faced with the reality that security agencies will always seek the most effective tools available, regardless of public commitments. Until policymakers develop nuanced, use-case-specific frameworks that distinguish between harmful deployment and defensive necessity, the gap between proclamation and practice will continue to widen—one classified model at a time.
