Anthropic puts engineers inside the NSA to deploy its cyber model

Anthropic has placed roughly six engineers inside the U.S. National Security Agency to help deploy its most advanced cyber model for offensive operations, according to a Financial Times report. The arrangement highlights a sharp contrast in the company’s public stance on military use of its AI systems and the way those systems are being used by U.S. intelligence agencies.

The model, known as Mythos, is Anthropic’s most capable cyber tool and is not available for public release. Anthropic has said the model is too dangerous to make broadly accessible because of the risk that it could be used to discover and exploit software vulnerabilities. The FT reported that the engineers are acting as forward-deployed staff, customizing the model for the NSA. It is not clear whether they are supporting live operations.

The disclosure comes as Anthropic is also in a legal fight with the Pentagon, which oversees the NSA. In early March, Defense Secretary Pete Hegseth labeled Anthropic a supply-chain risk after negotiations broke down over the company’s demands to limit how Claude could be used in domestic surveillance and autonomous weapons. Anthropic has sued over the designation, arguing that the decision violated its rights. The Pentagon has since told a federal appeals court that Hegseth refused to reconsider the label, and President Donald Trump has ordered the department to remove Claude from its systems by August.

Anthropic has built much of its public brand around limiting risky applications of its models. The company has pushed to restrict Claude’s use in mass surveillance of Americans and in autonomous weapons systems. At the same time, its work with the NSA shows that the company is willing to support offensive cyber uses when the customer is a U.S. intelligence agency.

That tension is especially notable because Anthropic has repeatedly described Mythos as highly dangerous. In April, the company’s red team said a preview version of the model could find and exploit zero-day vulnerabilities across major operating systems and web browsers when prompted to do so. Anthropic said engineers without security backgrounds were able to ask the model for exploit code overnight and return to working results the next day.

Independent testing by Britain’s AI Security Institute also found strong cyber capabilities. The agency said the model solved 73% of expert-level tasks that no other model had completed before April 2025 and became the first system to finish a simulated 32-step corporate network attack in some of its attempts.

Anthropic has kept access to Mythos limited through a program called Project Glasswing. The company expanded the program on June 2 to about 150 organizations in more than 15 countries, up from around 50 mostly U.S. partners in April. Those partners reportedly include companies and institutions such as Okta, Samsung, NATO and the European Union’s cybersecurity agency, ENISA.

Supporters of the approach argue that defensive readiness requires understanding offensive tools. A person close to the company told the FT that building effective defense means building strong attack capabilities first, especially because adversaries are likely to develop similar systems on their own.

The report lands as Anthropic faces growing attention over its government ties, its restricted-release strategy for powerful models and its fast-moving business prospects. The company recently filed confidentially for an initial public offering, adding another layer of scrutiny to a period already defined by legal conflict, security concerns and expanding access to one of its most sensitive AI systems.