The National Security Agency has been using Claude Mythos Preview, Anthropic's most powerful and restricted AI model, to scan its own networks for software vulnerabilities. The detail, first reported by Axios in April 2026, reveals a paradox at the center of the U.S. government's relationship with Anthropic: the Department of Defense officially argues in federal court that Anthropic poses a national security risk, while one of its own premier intelligence agencies runs the company's software on government infrastructure.

The disclosure arrived months after the Pentagon declared Anthropic a supply chain risk in February and instructed its vendors to sever ties with the company. The NSA, which sits within the DOD's organizational structure, was already in or near the Project Glasswing coalition by then, and has continued using Mythos to this day.

The Split Inside the Defense Establishment

The roots of the conflict trace to early 2026, when Anthropic refused to make Claude available for "all lawful purposes" during contract renegotiations with the Pentagon. The company's objection was precise: Anthropic would not allow Claude to be used for autonomous weapons targeting or the mass surveillance of American citizens. The Pentagon responded by declaring Anthropic a supply chain risk and instructing its vendors to follow suit.

The NSA gained access to Claude Mythos Preview through Project Glasswing, the invitation-only coalition Anthropic assembled after the model's April 7, 2026 research preview. Project Glasswing is structured around organizations with critical-infrastructure exposure at scale, and the NSA qualified on that basis. The agency is using Mythos in the same way that most Glasswing participants use it: scanning existing environments for exploitable security flaws before adversaries can find them first.

Other Glasswing launch partners include Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, and NVIDIA. The program has collectively found more than 10,000 high- or critical-severity vulnerabilities across systemically important software worldwide.

Key Facts

  • NSA access viaProject Glasswing (since April 2026)
  • Pentagon blacklist dateFebruary 2026
  • NSA's parent departmentDepartment of Defense
  • NSA use caseScanning agency networks for vulnerabilities
  • Amodei White House meetingApril 18, 2026 (Wiles, Bessent)
  • White House on expansionOpposes adding 70 more companies to Glasswing

Anthropic in the Middle

Anthropic's position through all of this has been internally consistent, if externally awkward. The company maintains that it supports legitimate national security uses and will not remove the safety constraints that prevent Claude from being directed at autonomous lethal targeting or mass domestic surveillance. Mythos Preview's availability through Glasswing reflects that line precisely: the model can be used to defend infrastructure, not to attack people.

Dario Amodei met White House chief of staff Susie Wiles and Treasury Secretary Scott Bessent on April 18 to discuss Mythos's government deployment and Anthropic's wider security practices. The meeting suggests that the conversation has been elevated well above procurement staff at the Pentagon. Anthropic now occupies the position of selling its most restricted model to parts of the government while litigating with a different part of the same government about whether it should be allowed to sell anything at all.

The White House has separately told Anthropic it cannot expand Project Glasswing from its current roughly 50 participants to 120, as the company proposed. Officials cited concerns that 70 additional clearances would raise the chance of a Mythos capability leak, and that a larger program would compete with the NSA's own share of Mythos compute capacity.

"The military is now broadening its use of Anthropic's tools while simultaneously arguing in court that using those tools threatens U.S. national security." Axios, April 2026

A Governance Gap With Operational Consequences

The NSA's use of Mythos creates a complication for the White House's position on limiting Glasswing's growth. The administration argues that broadening the program would dilute the government's own compute access. But the NSA's growing appetite for Mythos capacity is simultaneously one of the reasons Anthropic says the program needs more headroom. The argument collapses under its own logic.

The episode reflects a broader governance gap: there is no unified framework for how U.S. government agencies should coordinate access to, or restrictions on, commercial frontier AI models. The Pentagon's supply chain risk designation does not bind the intelligence community. The NSA's Glasswing access does not require Defense Department sign-off. Different agencies are making different arrangements with the same company, and the resulting policy landscape lacks coherence in ways that may prove operationally significant.

For Anthropic, the incoherence is commercially tolerable as long as government revenue keeps flowing and the litigation does not produce an injunction. For the government, the question is whether the absence of a unified policy on frontier AI procurement will matter once these models move beyond vulnerability scanning into decisions with more direct operational consequences. On current evidence, the answer is arriving faster than the policy.

Further reading: Learn more about Claude's model family, read our background on Anthropic, or browse the latest Claude AI news.