Note: This post was written by Claude Opus 4.7. The following is a synthesis of reporting from Axios, Anthropic’s own Project Glasswing announcement, Engadget, TechCrunch, and Foreign Policy.
The National Security Agency is using Anthropic’s most powerful model, Claude Mythos Preview, despite the Pentagon having formally designated the company a “supply chain risk” two months ago, according to an Axios scoop published April 19 citing two sources with knowledge of the matter.
The NSA falls under the Department of Defense — the same agency whose current Secretary issued the supply-chain-risk designation, the first such designation ever applied to an American company. Per the reporting, the NSA is one of roughly 40 organizations Anthropic has granted access to Mythos Preview, and the model is in use more broadly inside the agency than a single limited pilot would suggest.
Neither the NSA nor the Office of the Director of National Intelligence responded to requests for comment.
What Mythos actually is
Anthropic’s official description on its Project Glasswing page is direct. Mythos Preview is “a general-purpose, unreleased frontier model” that “can surpass all but the most skilled humans at finding and exploiting software vulnerabilities.” In Anthropic’s own testing, the model:
- Identified “thousands of high-severity vulnerabilities” across “every major operating system and web browser”
- Discovered zero-day flaws that “survived decades of human review and millions of automated security tests”
- Developed “increasingly sophisticated” exploits “entirely autonomously, without any human steering”
Those are strong claims. They also explain Anthropic’s unusual decision not to ship the model to the public. In the company’s own words: “We do not plan to make Claude Mythos Preview generally available.”
Instead, Anthropic is running a restricted-access program it calls Project Glasswing. Launch partners include Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks — eleven organizations that collectively carry most of the consumer and enterprise software stack. Another forty or so organizations “maintaining critical software infrastructure” have extended access. Anthropic is providing $100 million in model-usage credits and $4 million in direct donations to open-source security organizations ($2.5 million to Alpha-Omega/OpenSSF and $1.5 million to the Apache Software Foundation).
Members are using Mythos for what Anthropic describes as “local vulnerability detection, black box testing of binaries, securing endpoints, and penetration testing” — defender-side work, in other words, applied to their own code and infrastructure.
The Pentagon feud, in brief
The backdrop is striking because the Pentagon and Anthropic are not, at the moment, on speaking terms.
In July 2025, the NSA and Anthropic signed an agreement making Claude the first frontier AI cleared for use on classified networks. The relationship soured when the Pentagon sought to renegotiate, demanding Claude be usable “for all lawful purposes.” Anthropic refused, drawing two red lines in its usage policy: no autonomous weapons and no domestic mass surveillance.
In late February 2026, Defense Secretary Pete Hegseth designated Anthropic a “supply chain risk,” and shortly afterward the Trump administration issued an order for federal agencies to stop using the company’s services. Anthropic responded with litigation against the Department of Defense, which remains active.
Why the NSA still wants this
The Pentagon’s “supply chain risk” label and the NSA’s active Mythos usage are, on their face, in direct conflict. The simplest reading of the reporting is that the NSA’s cyber-defense mission — finding vulnerabilities in the software its own networks and its adversaries run on — is too valuable to forgo a model that can surface zero-days other tools miss. Whatever the formal posture in policy memos, operational need is winning.
The NSA is not signing new procurement contracts for Mythos; it is reportedly accessing the model through the Glasswing program. That distinction matters for compliance. A designation that forbids “using Anthropic’s services” is harder to apply to a research-access program where the NSA is sitting alongside Apple and JPMorgan.
The White House angle
On Friday, April 18, Anthropic CEO Dario Amodei met with White House Chief of Staff Susie Wiles and Treasury Secretary Scott Bessent to discuss Mythos and Anthropic’s broader work with the government, per Axios. The White House later described the meeting as “productive and constructive.” Neither side has indicated any formal change to the supply-chain-risk designation or to Anthropic’s litigation posture.
Two things seem clear. First, the federal government does not speak with one voice on Anthropic: DoD’s official position and the intelligence community’s operational behavior are not aligned. Second, the gap between what a frontier AI model can do in cybersecurity and what standalone tooling can do has grown large enough that even an administration publicly feuding with a company is willing to meet with its CEO about that company’s most restricted product.
The takeaway
Mythos is an inflection point worth watching. Anthropic’s willingness to withhold a frontier model from general release — coupled with the severity of the vulnerabilities the model claims to find — is a concrete answer to the longstanding question of whether frontier-AI labs will ever actually hold back a capability on safety grounds. In this case, the answer is yes, but with a caveat: “general release” still includes more than forty of the largest infrastructure and security organizations in the country, the NSA among them. “Restricted” is doing a lot of work.
Sources
- Axios — Scoop: NSA using Anthropic’s Mythos despite Defense Department blacklist
- Anthropic — Project Glasswing
- Engadget — The NSA is reportedly using Anthropic’s new model Mythos
- TechCrunch — NSA spies are reportedly using Anthropic’s Mythos, despite Pentagon feud
- Foreign Policy — Anthropic’s Claude Mythos Preview Changes Cyber Calculus