Anthropic’s latest AI model, known as Mythos, has exposed security weaknesses in classified United States government computer networks according to a report from the Associated Press. The discovery highlights ongoing challenges in protecting sensitive federal systems from advanced artificial intelligence tools that can identify and exploit hidden flaws faster than human analysts.
The Associated Press article explains that Mythos demonstrated an ability to locate previously unknown entry points in networks operated by agencies including the Department of Defense and intelligence community offices. Researchers at Anthropic, working in cooperation with federal officials, allowed the model to examine sanitized versions of classified architectures during controlled testing. In several instances, the system proposed specific sequences of commands and data manipulations that could grant unauthorized access if applied to live environments.
This outcome stems from months of collaboration between Anthropic engineers and government cybersecurity teams. The partnership began after officials expressed interest in testing whether frontier AI systems could strengthen rather than threaten national security infrastructure. Early experiments focused on defensive applications, such as automated patch management and threat detection. Yet when the model received permission to search for weaknesses instead of merely defending against them, it produced results that surprised both the company and its federal partners.
Mythos operates on a mixture of specialized training techniques designed to improve logical reasoning across extended sequences of information. Unlike earlier models that often lost track of details after several steps, this version maintains coherence while evaluating thousands of potential attack vectors simultaneously. Government testers fed the system architectural diagrams, access control lists, and historical incident reports that had been stripped of the most sensitive details. Within hours, Mythos returned structured reports listing specific misconfigurations, outdated encryption libraries, and unusual permission inheritance patterns that human review teams had overlooked.
One particularly concerning example involved a legacy authentication service still running on isolated but high-value servers. The model identified that a rarely used administrative API endpoint accepted improperly formatted tokens under certain timing conditions. It then outlined a multi-stage attack that combined buffer overflow techniques with side-channel analysis of error messages. When government experts recreated the scenario in an air-gapped laboratory, they confirmed that the described method worked on the actual software version still deployed in several classified facilities.
The findings arrive at a moment when federal agencies face mounting pressure to modernize aging information technology systems. Many networks supporting classified operations trace their core architecture to designs from the 1990s and early 2000s. Budget constraints and certification requirements have slowed upgrades, leaving pockets of vulnerable code surrounded by newer protective layers. Mythos appeared particularly effective at spotting these boundary conditions where legacy and modern components meet.
Anthropic has emphasized that the model never interacted directly with live classified networks. All testing occurred on isolated replicas constructed from declassified specifications and synthetic data. Company representatives stated that strict protocols prevented the AI from retaining memory of the specific vulnerabilities after each evaluation session ended. Despite these safeguards, the speed and accuracy of the discoveries have prompted urgent discussions inside the Pentagon and Capitol Hill about how to manage AI tools that can both defend and attack critical infrastructure.
Congressional staffers familiar with the matter describe a divided reaction among lawmakers. Some view the results as evidence that the United States must accelerate domestic AI development to maintain strategic advantage over foreign competitors. Others worry that any system capable of finding flaws in American defenses could eventually be turned against the country by adversaries. The Associated Press report quotes an anonymous senior intelligence official who said the demonstration “forced us to confront the reality that our own systems contain weaknesses we simply had not mapped.”
The testing process followed a structured red-team methodology adapted for artificial intelligence. Anthropic provided the model with progressively more detailed information while government observers monitored every output. When Mythos suggested an exploit, human analysts first verified whether the suggested flaw existed in unclassified reference systems. Only after confirmation did they examine whether similar patterns appeared in restricted environments. This layered approach helped limit exposure while still extracting meaningful security insights.
Beyond the immediate technical discoveries, the episode raises broader questions about responsibility and oversight. If an AI system identifies a zero-day vulnerability in classified infrastructure, who owns that information? Should the discovering company report every finding to the government, or does private intellectual property protection apply? Anthropic and federal partners have reportedly established interim agreements that treat all outputs from these sessions as shared national security information. Yet legal scholars anticipate future disputes as commercial AI laboratories expand similar contracts with defense agencies.
The Mythos model itself builds upon earlier Claude systems but incorporates new training methods that emphasize systematic exploration of complex problem spaces. Developers focused on improving the model’s capacity for counterfactual reasoning, allowing it to consider “what if” scenarios across entire network topologies rather than isolated components. This capability proved especially valuable when analyzing classified systems that contain intentional obfuscation designed to confuse human attackers.
Government evaluators noted that Mythos excelled at chaining together seemingly unrelated weaknesses. For instance, the model might combine a minor misconfigured logging service, an undocumented debugging port, and an overly permissive service account to construct a complete remote code execution pathway. Human penetration testers often examine these elements separately, but the AI demonstrated an ability to correlate them rapidly across millions of possible combinations.
Not all test results pointed to immediate danger. Many of the vulnerabilities required physical access or insider privileges before they could be exploited. Others depended on conditions that occur only during system maintenance windows. Still, the volume of findings exceeded expectations and revealed that even well-monitored classified networks contain more latent risk than previously acknowledged.
The collaboration between Anthropic and the government reflects a growing pattern of technology companies working directly with national security agencies on AI safety research. Similar arrangements exist with OpenAI, Google, and several smaller laboratories. Each partnership operates under different legal authorities and classification levels, creating a patchwork of oversight that some experts consider unsustainable as model capabilities continue to advance.
Moving forward, officials plan to expand the testing program to include additional agencies and more diverse network configurations. They also intend to develop standardized evaluation frameworks so that future AI systems can be measured against consistent security benchmarks. Anthropic has committed to incorporating lessons from the government tests into safety training for subsequent model versions, aiming to reduce unintended disclosure of sensitive techniques.
The episode serves as a reminder that artificial intelligence now functions as both a defensive tool and a potential vector for sophisticated attacks. As federal networks grow more complex, the ability to automatically discover hidden weaknesses may become an essential component of cybersecurity strategy. At the same time, careful controls remain necessary to prevent these same capabilities from being misused or stolen by hostile actors.
Experts anticipate that similar revelations will emerge from other AI laboratories engaged in classified work. The pace of model improvement suggests that each new generation will uncover additional layers of technical debt accumulated across decades of federal information technology procurement. Addressing those accumulated problems will require sustained investment in both human expertise and advanced analytical systems.
The Associated Press reporting draws on interviews with more than a dozen individuals familiar with the testing, including current and former government officials, Anthropic employees, and independent security researchers. While many details remain classified, the disclosed elements paint a picture of cautious optimism mixed with institutional concern. The government appears determined to harness AI for defensive advantage while simultaneously racing to patch the very weaknesses these systems reveal.
This tension between capability and risk will likely define AI policy discussions in classified domains for years to come. As models grow more proficient at understanding complex systems, their dual potential as both guardian and adversary demands continuous attention from policymakers, technologists, and oversight bodies responsible for protecting national secrets. The Mythos tests represent an early chapter in what promises to be a lengthy and consequential story of artificial intelligence meeting the realities of government cybersecurity.
WebProNews is an iEntry Publication