The National Security Agency is deploying Anthropic's specialized Claude Mythos model in support of offensive cyber operations, according to a new report that is drawing sharp attention across the security and AI communities. The report, surfaced by Yahoo News, goes further by claiming that approximately half a dozen Anthropic engineers are directly involved with the program, raising immediate questions about the company's stated safety commitments and its relationship with U.S. intelligence agencies.

What the Report Claims

The details remain sparse, but the core allegation is significant. Claude Mythos, a closed-door model that Anthropic developed specifically for cybersecurity research, is being used by the NSA not just for defensive vulnerability discovery but for offensive operations. That distinction matters. Defensive use, such as scanning government systems for weaknesses before adversaries find them, has a broadly accepted rationale. Offensive cyber operations, by contrast, involve exploiting vulnerabilities in external systems, a category of activity that carries substantial legal, ethical, and geopolitical weight. The report does not specify the exact nature or scope of the offensive work attributed to Mythos.

Key Facts

  • The NSA is allegedly using Claude Mythos for offensive cyber operations, per a new report via Yahoo News.
  • Roughly half a dozen Anthropic engineers are said to be connected to the program.
  • Claude Mythos is a specialized, closed-access model built for cybersecurity vulnerability research.
  • Anthropic has not publicly confirmed or denied the report's claims.
  • The NSA's use of Mythos has previously been reported in the context of vulnerability hunting, but offensive operations represent a new allegation.

This is not the first time the NSA's interest in Mythos has surfaced publicly. Earlier reporting documented how the NSA was using Claude Mythos to hunt vulnerabilities even as a separate legal dispute between Anthropic and the Pentagon was playing out. That context makes the current allegations more complicated, suggesting a relationship between Anthropic and the intelligence community that runs deeper and is more operationally active than the company has publicly acknowledged.

The involvement of Anthropic engineers in an NSA offensive cyber program, if confirmed, would represent one of the most direct entanglements between a leading AI safety lab and U.S. intelligence operations to date.ClaudeAINews.com analysis

What This Means for Anthropic's Safety Positioning

Anthropic has built much of its public identity around the idea of responsible AI development, and Anthropic has been explicit in its policies about not wanting its models used for cyberweapons or attacks on critical infrastructure. The company's acceptable use policies specifically prohibit using Claude to create malicious code or conduct offensive cyber operations. If Mythos is being used in a manner that falls within those prohibited categories, even under a government contract, the reputational and policy implications would be serious.

The cybersecurity AI space is moving fast, and Anthropic is not the only company navigating these tensions. Still, Mythos was purpose-built for this domain, and its capabilities are notably powerful. Previous reporting has shown the model can identify thousands of zero-day vulnerabilities. That capability profile is precisely what makes it attractive to an intelligence agency and precisely what makes its deployment in an offensive context sensitive. Anthropic has also shared Mythos-related vulnerability data with at least one global financial regulator, indicating the model is operating across multiple high-stakes institutional relationships simultaneously.

Engineer Involvement Adds a New Layer

Perhaps the most striking element of the report is the claim about Anthropic personnel. If employees of the company are actively embedded in or consulting on an NSA offensive cyber program, that raises questions that go beyond corporate policy. It touches on individual professional ethics, potential export control considerations, and whether Anthropic's leadership is fully aware of and sanctioning the work. None of those questions have answers yet. Anthropic had not issued a public statement in response to the report at the time of publication.

Broader tracking of how AI models are being used in real-world cyberattack and defense scenarios has grown more systematic. Anthropic's own research, which maps AI-enabled cyber activity, reflects how quickly the threat landscape is evolving alongside the capabilities of models like Mythos. For now, the NSA report adds a new and unresolved chapter to a story that shows no signs of slowing down.

Further reading: Learn more about Claude's model family, read our background on Anthropic, or browse the latest Claude AI news.