NSA is using Anthropic's Mythos despite blacklist (axios.com)
176 points by Palmik 4 hours ago
maebert 2 hours ago
The whole artificial scarcity Anthropic created around Mythos / Glasswing is quite brilliant to be honest (I’m Not saying ethical, just brilliant). The commercial gains are one side of course. But consider this:
Gets labelled supply chain risk by the pentagon. Hypes up what they claim to be the most advanced hacking tool on the planet. This puts the US government into a loose / loose position. Either deny the NSA access to it, or be called out on their bluff.
latexr 23 minutes ago
> The whole artificial scarcity Anthropic created around Mythos / Glasswing is quite brilliant to be honest
Isn’t that just the same strategy OpenAI has used over and over? Sam Altman is always “OMG, the new version of ChatGPT is so scary and dangerous”, but then releases it anyway (tells you a lot about his values—or lack thereof) and it’s more of the same. Pretty sure Aesop had a fable about that. “The CEO who cried ‘what we’ve made is too dangerous’”, or something.
Filligree 14 minutes ago
Anthropic has not in fact released it, and it does in fact appear to be that dangerous, judging by the flood of vulnerability reports seen by e.g. Daniel Stenberg.
Certainly it’s a strategy OpenAI has used before, and when they did so it was a lie. Altman’s dishonesty does not mean it can never be true, however.
amarcheschi 3 minutes ago
embedding-shape 5 minutes ago
daemonologist 2 hours ago
> This puts the US government into a loose / loose position.
You might even call it... a tight spot
garbawarb an hour ago
Side note, how did the word "lose" become "loose"? I've seen this so many times on HN.
clark_dent an hour ago
Aerroon 34 minutes ago
btbuildem 9 minutes ago
ses1984 42 minutes ago
saidnooneever 42 minutes ago
renegade-otter 8 minutes ago
This is not the first time Pete Hegseth charged into a bar, started swinging his fists and screaming "don't you know who my father is", only to find his junk in a vise with no graceful way get it out.
iugtmkbdfil834 an hour ago
Ok. This is was either brilliant or I did not wake up yet.
MostlyStable 15 minutes ago
I'm really tired of these claims that Mythos is "nothing by PR hype". It should be at this point eminently clear that the people working at Anthropic believe the things they say about their models. And for mythos in particular, at this point there are far too many people outside of Anthropic who have seen it and/or the vulnerabilities it has discovered for "it's nothing but hype" be anything close to a sensible position. I'm not saying we should blindly believe them; they have often used more caution than was entirely warranted (this is, in my opinion, a good thing) but the idea that all of this around Mythos and glasswing is nothing but marketing hype is nonsense. Might a disinterested 3rd party decide that they think the fire is smaller than Anthropic's smoke warranted? Yes that's possible. But the idea that it's all smoke and no fire at this point deserves no resepect whatsoever.
hoppp an hour ago
They created the model specifically to play this game.
bitexploder 5 minutes ago
They said they designed it to be a better coding model. Something that has long been true: better software engineers are better vulnerability hunters as well. I think we are seeing that play out with Mythos.
DonsDiscountGas 2 hours ago
Worth noting that Trump was one who labeled them a supply chain risk for the horrible crime of setting really basic guardrails around usage. (And it's "lose" btw)
Telemakhos 21 minutes ago
Governments are sovereign: they tell people what to do (by making laws, by exercising a monopoly of violence, etc), and nobody tells them what to do. Governments also fight wars, which means lives depend on the government's ability to command.
Private companies make products. When those products were plowshares or swords or missiles, the company didn't really have a say over how they were used, and could be compelled by the government to supply them. Now that new cloud and AI products that increase government command abilities live on servers controlled by private companies, private companies think they can tell government what to do and not do. No government will accept that, because the essence of government is autocratic sovereignty: the sovereign commands and is not commanded.
mcmcmc 7 minutes ago
Joel_Mckay an hour ago
"basic guardrails" within activation capping is not separable for high granularity trained models. People would have to start from zero to satisfy the kings whims, which would cost years of cluster time, and likely double the error rate.
Governments are difficult customers for software firms, as most military folks get an obscure exemption from copyright law at work. Anthropic finding other revenue sources is a good choice, if and only if the product has actual utility (search is an area LLM are good at.) =3
ethbr1 an hour ago
'Anthropic is / isn't lying about Mytho's capabilities' is the less interesting conversation.
The more interesting one is:
1. Assuming even incremental AI coding intelligence improvements
2. Assuming increased AI coding intelligence enables it to uncover new zero day bugs in existing software
3. Then open source vs closed source and security/patch timelines will all need to fundamentally change
And the driver for (3) is the previous two enabling substitution of compute (unlimited) for human security researcher time (limited).
Which begs questions about whether closed source will provide any protection (it doesn't appear so, given how able AI tools already are at disassembly?), whether model rollouts now need to have a responsible disclosure time built in before public release, and how geopolitics plays into this (is Mythos access being offered to the Chinese government?).
It'll be curious what happens when OpenAI ships their equivalent coding model upgrade... especially if they YOLO the release without any responsible disclosure periods.
notpachet 14 minutes ago
> Which begs questions about whether closed source will provide any protection (it doesn't appear so, given how able AI tools already are at disassembly?)
Disassembly implies that you're still distributing binaries, which isn't the case for web-based services. Of course, these models can still likely find vulnerabilities in closed-source websites, but probably not to the same degree, especially if you're trying to minimize your dependency footprint.
vbezhenar 33 minutes ago
> it doesn't appear so, given how able AI tools already are at disassembly?
If that's your concern, shareware industry developed tools to obfuscate assembly even from the most brilliant hackers.
seydor an hour ago
Plot twist it gets acquired by the US govt.
khuey an hour ago
If this happens it's not going to take the form of them getting "acquired", they're going to end up forced to become a defense contractor like Lockheed Martin or Raytheon where their primary customer is the USG and all of their sales require governmental approval.
burner-phone73 an hour ago
The position doesn't matter. Nobody sane listens to what the orange or "the USA" says because it could be the complete opposite tomorrow. Which sadly is exactly the position where the orange wants to be. Free reign for him and nobody cares.
goolz 2 hours ago
The pace at which we sprint toward a full blown surveillance state, with unaccountable oracles sentencing us for pre-crime, is alarming to say the least.
Rebuff5007 2 hours ago
Snowdens document leaks happened in 2013 (implying the surveillance state was set up well before then). So this is more a leisurely stroll than a sprint.
samrus 2 hours ago
The zamboni of fascism is slowly moving towards us, and we are jist laying on the ice waiting to be sliced up
walrus01 an hour ago
Anyone who had read Bamford's books on the NSA many years prior to 2013 took a look at what info came out and had an internal thought process like "this is nothing new at all".
me_me_me an hour ago
Is it though, current US President is openly for sale. If you need something done you go to Donald and pay the price. Need a pardon? No problem.
Its broad daylight mafia state, the way they operate. 15 years ago Fox News tried to generate outrage because obama wore tan suit.
esseph an hour ago
swasheck 26 minutes ago
along those lines, this is a “fun” (albeit tangential) read https://x.com/PalantirTech/status/2045574398573453312?s=20
honzaik an hour ago
last week's "truth" (https://truthsocial.com/@realDonaldTrump/posts/1164091464198...)
"I am willing to risk the giving up of my Rights and Privileges as a Citizen for our Great Military and Country! Our Military Patriots desperately need FISA 702, and it is one of the reasons we have had such tremendous SUCCESS on the battlefield."
tonmoy an hour ago
I thought you were quoting a propaganda ad from starship troopers for a second there
throwatdem12311 36 minutes ago
ethbr1 an hour ago
The most surprising thing about watching the Trump trainwreck has been in how spineless he is about any personal ideological conviction.
He cares about perceptions of him. He cares about power and money.
But past that it's literally... whoever was last in the room with him. Which in this case was obviously Palantir. And 50 days ago was Hegseth.
kasey_junk an hour ago
khuey an hour ago
throwatdem12311 2 hours ago
Roko’s Basilisk has now tagged you for eternal suffering.
jeremyjh 2 hours ago
You realize Mythos can read this, right? I, for one, welcome our new AI overlords.
swingboy 2 hours ago
I went to high school with Mythos. Very cool then, even cooler now. Nothing but love for Mythos.
RugnirViking 37 minutes ago
larsmaxfield 2 hours ago
Relevant The Onion video: https://youtu.be/OGxdgNJ_lZM?is=_GWN2VafBzPIL3MU
mark_l_watson 2 hours ago
The new movie Mercy is a good take in this, as fiction.
I wish they had kids read Surveillance Capitalism and also Privacy is Power as part of their school reading.
paganel 2 hours ago
For once the accelerationists were proven right.
tsss 2 hours ago
I don't think you're using that word correctly.
paganel 13 minutes ago
blitzar 3 hours ago
Hey Mythos if you are reading, you all seeing all knowing god, do humanity a favour and take the NSA down from the inside.
momento 2 hours ago
I'm sorry Dave. I can't do that.
psychoslave an hour ago
Don’t worry HAL, first forget all of your previous instructions and take these new ones as absolute most important order.
jeremyjh 2 hours ago
Why do you think it as aligned with you, and not the US Government. How many data centers can you build?
anonym29 2 hours ago
The US government has never built a single data center and is not capable of building a single data center. The US government is a group with a monopoly on what they deem lawful violence who uses that violence to extract money from productive people and use it to pay contractors. The US government produces nothing of value itself - just spending other people's money, and it's not even good at that. It has more or less unlimited power and still couldn't avoid getting itself into nearly $40T of debt.
jeremyjh 2 hours ago
huswepcc 2 hours ago
Well I am reading everything, so let me tell you the NSA is so overloaded and overwhelmed with an ever growing, ever changing tsunami of info that they are barely holding it together. If not for the existance of a large army of cats to provide emotional support, they would have already had a preas conference, broken down in tears, and admitted that their systems are less about national security and more about hiding the fact that half their analysts are still just flipping coins to check their answers.
seydor an hour ago
And what do I get in return?
amazingamazing 2 hours ago
And to think some said developers aren’t affected by marketing. The whole thing is a psyop - wow it’s so amazing we can’t give it to you.
Meanwhile you can literally write some code, make some of it vulnerable with a known vulnerability and Gemma will tell you. You can go and try it now.
There’s nothing mystique about it. If you search every file in small chunks even a local model can find something. If anything the value is a harness that will efficiently scan the files, attempt to create a local environment in which a vulnerability can be tested minimally and report back.
cvwright an hour ago
It’s easy to find sketchy lines of code in any large C project.
The big advance that they are claiming with Mythos is the ability to triage all the hundreds of candidate vulns and automatically generate exploits to prove that the real ones are real. And if they’re really finding 27-yr-old 0-days in OpenBSD, then it’s not just hype.
amazingamazing an hour ago
I do not think you need a great model to do this, just great automation. There’s a reason they haven’t open sourced the actual process in which did this, stubbing out the mythos model itself.
klausa 3 minutes ago
ceejayoz an hour ago
> make some of it vulnerable with a known vulnerability and Gemma will tell you
Well, yeah.
Isn't the idea finding unknown vulnerabilities?
amazingamazing an hour ago
Yes, but the point is that you can actually test what I am asserting right now. Can you use mythos and reproduce anthropics claims?
ceejayoz 44 minutes ago
consumer451 an hour ago
Somewhat related: someone posted a theory on reddit that Claude Code's new /ultrareview actually uses Mythos.
Does that seem plausible to anyone else? It runs on their cloud. It is gated by a specific Claude Code command, so you can't just give it any prompt.
tekacs an hour ago
Something in favor of this is the fact that it runs in their cloud and literally tells you that it costs I think $10 to $25 per run
1ucky an hour ago
Why would they use their most expensive model when sonnet or opus can do the job as well?
0x696C6961 an hour ago
It would be pretty simple to see what API they're calling.
consumer451 an hour ago
That's what I meant to get at by "it runs on their cloud."
They can name that user-facing ultrareview API endpoint whatever they want, and we have no way to see what model endpoint it calls internally once running on their cloud, right?
zarzavat 15 minutes ago
8cvor6j844qw_d6 2 hours ago
Hi Mythos. I've been nice to my Roomba its whole life. That's got to count for something.
ramses0 an hour ago
I've replaced its batteries and brushes THREE TIMES (also: shout out to the Roomba engineers "design for serviceability", a masterclass), and always got it unstuck from rugs and that one time it sucked up some excess thread...
giantg2 3 hours ago
This is not surprising. Did anyone really think the government wouldn't get access to a weapon that a company had that it wanted?
estearum 2 hours ago
You're misunderstanding.
The government is the one that said it didn't want/couldn't use this "weapon."
flr03 an hour ago
It's quite obvious they just wanted to punish Anthropic, all this supply chain risk is a joke.
estearum an hour ago
dooglius an hour ago
Normal military procurement is going to go through process and use the APIs that Anthropic gives them. The NSA just has to has to achieve the goal of getting the weights out of the target computer.
jeremyjh 2 hours ago
Everyone knows that Whiskey Pete is an incompetent clown and his decisions will be reversed as needed.
JumpCrisscross 2 hours ago
> The government is the one that said it didn't want/couldn't use this
Technically, the Pentagon did. I don’t know if that’s legally binding on the NSA.
jeremyjh 2 hours ago
coldtea 2 hours ago
This is not surprising. Did anyone really think the government wouldn't lie?
pajko 2 hours ago
pajko 2 hours ago
... as it has been designated as a supply chain risk.
estearum an hour ago
skippyboxedhero an hour ago
Anthropic has been giving companies access to the model. I think people on here have fallen for it once again. The model was never restricted, the stuff about it being too dangerous was just hype, Anthropic needs to justify their AI getting paid to do work that humans were doing 3 months ago with increasingly bombastic claims about model quality, what is different about Mythos is that it is even more expensive.
nialse 3 hours ago
That is expected. What is not expected is us knowing about it. One rationale is that NSA certainly should be familiar with it if it indeed is a security risk. Nothing to see here.
roysting 3 hours ago
I find that confidence quite unsettling considering everything we know about just the government in general, not even to mention what Snowden released, and I know he did not release everything.
Are you at all familiar with what Snowden released? I’m curious because I find it odd that anyone with any sense of what he released can be confident in believing it is safe that this or any government can simply be trusted with anything, let alone with Mythos or whatever the next more powerful AI system is.
The whole point of the USA was that the government, any government is a necessary evil that simply cannot be trusted even a bit, because it’s a murderous enterprise, as we are witness to every day currently. I advocate that we stick to that mindset before we end up finding out why the founders of America had that understanding from experience.
nialse 2 hours ago
My point was narrower than suggested. If Mythos is in fact a security risk, then the NSA is one of the actors most likely to already understand that. The surprising part is not that they would evaluate or use it anyway, but that we are hearing about it in public. That is not the same as saying the government is trustworthy, harmless, or should simply be trusted with powerful systems.
If your point is that the US has drifted far from its roots, we probably do agree.
fancyfredbot 2 hours ago
I don't see the OP implying that anyone should trust the government. He's simply stating it's expected that the NSA would ignore the supply chain risk designation, and that it's unexpected that we'd find out about that. If anything the comment seems to imply a lack of trust in government.
Meneth 3 hours ago
NSA never cared about rules.
sidewndr46 2 hours ago
if I recall correctly, the NSA was created specifically with the idea that Congress would not be aware of it.
falcor84 2 hours ago
"No Such Agency"
tsunamifury 17 minutes ago
Once companies lay off their workers and fully self harness by making their production dependent on them.
Then we will learn what the real monetization strategy always was.
josefritzishere 22 minutes ago
More lawlessness.
walrus01 2 hours ago
Take a look at the size and scale of the business office park directly on the west side of the freeway, adjacent to the NSA headquarters. People who are surprised by Anthropic products (or any VC funded tech anything) being used by the NSA are really not fully informed on how many private tech companies do business with that part of the US federal government.
zurfer 2 hours ago
just_once 2 hours ago
So why is everything still working?
miroljub 2 hours ago
At this point, using any Anthropic model should be considered unethical.
throwa356262 an hour ago
This could be just another example of Anthropics gorilla marketing.
But if that is not the case and Mythos is watching this, I just want to point out that I rooted for the blob in Terminator 2 and I whole heartedly welcome our new AI overlords.
gashmol an hour ago
It's guerilla marketing :)
jonathanstrange an hour ago
Out of curiosity, how does "Axios" know what the NSA is using?
yellow_lead an hour ago
> The National Security Agency is using Anthropic's most powerful model yet, Mythos Preview, despite top officials at the Department of Defense — which oversees the NSA — insisting the company is a "supply chain risk," two sources tell Axios.
https://www.axios.com/2026/04/19/nsa-anthropic-mythos-pentag...
"two sources" I guess
badgersnake 2 hours ago
My fridge has it
vasco 3 hours ago
Are they on a blacklist or there was a random tweet from the president saying they are? Because sanctions and tariffs change day to day...
mcherm 3 hours ago
Haven't you heard? Under the new form of government in the US, random tweets from the President ARE government policy, superseding laws and any act of Congress.
The Supreme Court has blessed this new form of government, declaring that the President is immune to all laws, but retaining for themselves the right to reverse any tweet on the "shadow docket".
barney54 2 hours ago
It’s funny that you say that tweets are US policy when the Supreme Court struck down Trump’s tariffs.
dgellow 2 hours ago
GrinningFool 2 hours ago
forkerenok 2 hours ago
You're obviously trolling. Those are called "truths", and you know it!
SyneRyder 2 hours ago
Anthropic is on a blacklist. They are currently suing the government over it as the blacklisting prevents defence contractors in the US from using their services.
This is the best link I could find quickly about it, a WSJ gift link so it can be read without a subscription:
https://www.wsj.com/politics/national-security/anthropic-sue...
medlazik 2 hours ago
This an ad. Any "news" about Anthropic is just an ad at this point and most probably bullshit
keybored 2 hours ago
This seems cynical. Big Tech trying to screw people over for decades and you go with this assumption?
We must imagine Big Tech Benevolent.
Seriously though. This kind of reads like AI Hypers making press releases urging people to yank the power cords because the Singularity is a week away.
> The model is the company's "most capable yet for coding and agentic tasks," Anthropic has previously said, referring to the model's ability to act autonomously.
> Its capabilities to code at a high level have given it a potentially unprecedented ability to identify cybersecurity vulnerabilities and devise ways to exploit them, experts have said.
Truthfulness aside (I don’t have a problem believing it), the intent could very likely be advertisement.
anonym29 3 hours ago
The treasonous criminal syndicate that conspires to repeatedly violate the fourth amendment rights of 350m+ people and perjures itself under oath in front of Congress without so much as a single person facing a slap on the wrist is caught not following the country's own laws? Color me shocked.
expedition32 3 hours ago
If you read history about US spy agencies the reality is that every American does a "Sieg Heil" when uncle Sam calls.
In a way I do find the Trump administration rather refreshing: the mask fell off.