Anthropic Mythos used by NSA for cyber work after AU rollout

Anthropic is helping the US National Security Agency use its restricted Mythos model for cyber operations, according to the Financial Times, days after the company widened access for Australian agencies and critical-infrastructure defenders.

The arrangement moves Mythos beyond a closely held defensive preview and into the US national-security system. For Australia and other allies, it turns a narrow access programme into a harder question about how fast frontier AI is moving from security testing into military and intelligence work.

Anthropic has not described the NSA work in detail. The FT reported the agency is using Mythos for cyber attacks and that Anthropic engineers have been embedded inside the agency. Reuters separately reported in April that a US security agency was using Mythos despite a planned government blacklist of the company. In May, Reuters reported the Pentagon had deployed Mythos to patch cyber gaps while officials were still weighing whether to move away from Anthropic products.

For Australian readers, the timing matters because Anthropic’s Project Glasswing expansion has just opened the same restricted model family to a larger group of vetted defenders. Anthropic said it is adding about 150 organisations in more than 15 countries, following an initial group of 50 partners in early April.

“What each partner has in common is that a successful attack on their codebase could be catastrophic.”
Anthropic, Project Glasswing announcement

Those partners include governments, critical infrastructure, banks, telcos, energy operators, transport groups and healthcare organisations. Anthropic said most could affect more than 100 million people if they suffered a major attack.

Australia enters the trusted group

Australia is part of that expansion. An Australian Signals Directorate spokesperson told ABC News the programme would “expand Project Glasswing to approximately 150 additional entities globally, including the Australian government and other Australian private companies”.

Anthropic has presented Glasswing as a defensive programme, saying partners have already found more than 10,000 high- or critical-severity security flaws. In that setting, Mythos is meant to help with code review, vulnerability discovery and faster patching across systems that would be damaging targets for state-backed attackers.

The NSA report points to the other side of the same capability. A model strong enough to find critical bugs at scale can also support offensive cyber planning, target research or exploit development when placed inside an intelligence agency.

Anthropic has not publicly set out how Mythos is constrained in that environment. It has also not said whether controls differ between defensive Glasswing partners and US government users working on cyber operations.

Chief executive Dario Amodei has defended the company’s willingness to work with democratic governments. In the ABC interview, he said he did not want authoritarian states to gain a military advantage over democracies.

“I don’t want autocracies to be militarily more powerful than democracies.”
Dario Amodei, Anthropic chief executive, speaking to ABC News

That argument will matter more as AI labs decide which agencies, contractors and allied governments can use their most capable systems. For Australia, the immediate test is narrower: whether access through Glasswing stays bounded to vetted defensive work, and whether the public gets enough detail to understand where those boundaries sit.