Anthropic's Mythos model found vulnerabilities in classified U.S. systems during a controlled test, and Washington's response has now turned a security tool into a policy fight over who may use frontier AI.
Here's the problem with the Mythos story: the model did exactly the kind of work the U.S. government says it wants from advanced AI, then became too sensitive for the government to handle cleanly. If you're trying to understand where AI policy is heading, don't start with speeches about safety. Start with the analysts who lost access to a tool after it proved useful.
According to the Associated Press, a U.S. official said Anthropic's Mythos model identified vulnerabilities in highly sensitive government computer systems during a testing exercise with U.S. intelligence agencies. Senator Mark Warner had put the sharper version into public view at a June 11 Senate Banking Committee hearing, saying the tool had broken into almost all classified systems in hours, not weeks, and attributing that account to Gen. Joshua Rudd, the head of the NSA and U.S. Cyber Command.
You should be careful with the phrase 'broke into.' The AP's official said Mythos identified vulnerabilities, which isn't the same thing as exploiting them. The test also happened inside Project Glasswing, Anthropic's controlled security program, not as some rogue attack on NSA systems. That distinction matters because the overheated version makes the model sound like a magic cyberweapon. The verified version is still serious enough: a frontier model found weak points in sensitive systems at a speed that human teams would struggle to match.
The Trump administration's response was blunt. Earlier this month, it directed Anthropic to prevent foreign nationals from using Fable 5 and Mythos 5. Anthropic said the order reached foreign nationals inside and outside the United States, including its own non-citizen employees, so the company initially disabled both models for all customers. That's what happens when a rule written for national control meets a cloud service used by companies, agencies and employees across borders.
Business Insider reported on June 24 that Anthropic later restored access to Claude Fable 5 with nationality-based controls and enhanced onboarding checks. That update matters. The original version of this story said both models remained offline as of June 23, but the picture had already shifted by the next morning. Mythos remains the harder case because Anthropic had already limited it to selected partners through Project Glasswing, and because its cyber capability is the point of the dispute.
The fallout is no longer theoretical. Business Insider also reported that Legion, a San Jose legal tech startup founded in 2024, sued the U.S. government in Washington, D.C. after losing access tied to the directive. Legion said Fable 5 was integral to its litigation software, and that Canadian nationals working remotely from Canada were among the employees affected. You don't need to take the company's lawsuit at face value to see the practical problem. One government order hit a private AI vendor, its customers, foreign employees and U.S. companies using global teams, all at once.
The rule is moving faster than the machinery
The deeper issue isn't whether Mythos is dangerous. Of course it is dangerous in the wrong hands. A model that can scan code and surface vulnerabilities quickly can help defenders patch systems, and it can help attackers find targets. More than 100 cybersecurity executives and experts, including people from Adobe and Nvidia, told the government in a letter cited by the AP that Mythos-class systems are good at finding and weaponizing flaws, but not uniquely good. Frankly, that is the uncomfortable part for Washington. Turning off one American model doesn't turn off the capability.
The Verge reported that experts saw the move as an unusual application of export controls to live AI model access, rather than to chips, hardware or downloadable model weights. That is a much messier control point. A chip shipment has a destination. A cloud model has sessions, employees, contractors, subsidiaries and users who may cross legal categories faster than a compliance team can verify them. If the government wants citizenship-level access controls on frontier AI, it has to say exactly how companies are supposed to build them.
There is also a plain operational cost. The AP reported that Anthropic and the NSA declined to comment on the vulnerability test. Nextgov/FCW and Defense One reported that some analysts were told they would lose access after the directive. So the same government that benefited from the model's security work helped create the conditions under which parts of its own apparatus could no longer use it. That isn't strategy yet. It's a reaction wearing a policy label.
None of this means Anthropic gets a free pass. The company released Fable 5 widely, kept Mythos under tighter controls, and publicly disputed the severity of a jailbreak concern tied to Fable. If a model can be pushed into dangerous cybersecurity assistance under narrow conditions, the government is right to ask hard questions. But hard questions are not the same as sudden controls that break legitimate use first and explain the theory later.
The Mythos episode leaves you with a simple test for the next frontier model. If Washington believes a system is powerful enough to restrict, it needs a working plan for preserving defensive use before it pulls access away. Otherwise the country will keep doing the same strange thing: proving that a tool is useful, then making sure the people who need it learn that lesson from the outside.
Also read: Waymo's charging partner Terawatt borrows $300 million to build the physical layer beneath the robotaxi boom; Big Tech has lost $2.7 trillion in market value this month as investors question whether AI can pay for itself; Goldman Sachs leads $110 million bet on Taktile as banks move from AI pilots to autonomous decisions
