NSA Using Claude Mythos for Offensive Cyber Ops, Report Claims

The National Security Agency is deploying Claude Mythos, Anthropic's specialized cyber model, for offensive cyber operations, according to a report published by Tom's Hardware. The report goes further, claiming that roughly half-a-dozen engineers from Anthropic are physically embedded inside the agency to support the work. Neither the NSA nor Anthropic has issued a public confirmation or denial as of publication.

What the Report Claims

The allegations represent a significant escalation in what is already a complicated relationship between Anthropic and the U.S. intelligence community. Claude Mythos was designed as a closed-access model aimed at identifying software vulnerabilities, and its capabilities have drawn sustained government interest since its existence became known. The latest report suggests that interest has moved well beyond passive evaluation into active operational use.

The distinction between offensive and defensive cyber use matters considerably. Defensive applications involve scanning systems for flaws before adversaries can exploit them. Offensive operations, by contrast, involve using those same capabilities to actively target foreign networks or infrastructure. If the report is accurate, it would place Anthropic in the middle of U.S. intelligence activities that go beyond what most AI companies have publicly acknowledged supporting.

The NSA is using Claude Mythos for offensive cyber operations, with half-a-dozen Anthropic engineers embedded inside the agency.Tom's Hardware

A Fraught Government Relationship

This is not the first time Mythos has surfaced in a national security context. Earlier reporting revealed that the NSA was using Claude Mythos to hunt vulnerabilities even while the Pentagon was engaged in a separate legal dispute with Anthropic, a situation that highlighted how fragmented U.S. government dealings with the company have become. Different agencies appear to be pursuing their own arrangements with Anthropic independent of one another, and sometimes in apparent contradiction.

Anthropic has also been sharing Mythos-related security data with regulators. The company previously disclosed vulnerability information to a global finance watchdog, signaling that at least some oversight relationships are in place. How those civilian-facing transparency efforts square with alleged offensive military use is a question the company has not yet answered publicly.

The embedding of private-sector engineers inside intelligence agencies is not without precedent in the technology industry, but it is unusual for an AI safety-focused company. Anthropic has consistently positioned itself around responsible AI development, and the claims in this report, if confirmed, would prompt hard questions about where the company draws the line on government use of its models. The company has previously mapped AI-enabled cyber threats to the MITRE ATT&CK framework, work that suggests genuine engagement with the security research community, but that work was framed as defensive and analytical in nature.

What Comes Next

For now, the report rests on unnamed sources, and key details remain unverified. The scale and scope of Mythos deployments inside the NSA, the terms of any formal agreement, and the precise role of the embedded engineers are all unknown. Requests for comment sent to Anthropic and the NSA had not received responses by the time of publication.

Watchers of the AI industry will be tracking whether this report prompts a formal response from Anthropic's leadership, particularly given the company's public commitments on AI safety and its ongoing conversations with policymakers about appropriate use of advanced models. The story adds another layer to an already complex picture of how frontier AI systems are being absorbed into government operations, often faster than public policy can keep up.