Anthropic's Mythos AI reportedly cracked NSA classified systems in hours, that would explain the ban

Why it matters

Ten days ago, Anthropic was happy to announce its most advanced AI model was going public. Today, almost nobody can use it. On June 12, the Trump administration directed the company to restrict Fable 5 and Mythos 5 to US citizens only – unable to verify nationality at scale, Anthropic's only option was a full global shutdown, cutting off allies, researchers, and its own foreign-national employees with 90 minutes' notice. It's the first time the US government has applied export controls to an AI model, and the consequences are still unfolding.

"Not in weeks, but in hours"

It was Senate testimony that reframed everything. According to reporting by The Economist, Senator Mark Warner disclosed that General Joshua Rudd – who simultaneously leads the NSA and US Cyber Command – told him directly that Anthropic's Mythos model had penetrated nearly all of the NSA's classified systems during an authorized red-team exercise. The timeframe wasn't measured in days or weeks. It was hours.

"Broke into almost all of our classified systems, not in weeks, but in hours," Warner quoted Rudd as saying in the June 11 briefing, one day before the export ban landed.

That testimony remains unconfirmed by any government agency, and the full classified details are not public. But it has rapidly become the most cited explanation for why the administration moved so fast and so hard. If the claim holds up, it represents a landmark moment: a commercial AI model, built for cybersecurity research, autonomously compromising some of the most hardened classified infrastructure on Earth.

What Mythos actually is

When Anthropic first announced Mythos in April, it was blunt: the model was too capable at finding security vulnerabilities to release publicly. Instead of a general launch, Anthropic opened access through Project Glasswing, a controlled program of roughly 200 vetted partners: Amazon, Apple, Google, Microsoft, Nvidia, JPMorgan, and the Linux Foundation among them.

Mythos had already uncovered thousands of real-world vulnerabilities, including:

• A 27-year-old flaw in OpenBSD
• 271 new bugs in Mozilla's Firefox 150 browser

Fable 5, released to the public on June 9, uses the same underlying model with safety classifiers added on top. Those classifiers intercept requests flagged as potentially dangerous and redirect them to a less capable model. Anthropic's position was that these guardrails made Fable 5 safe for general use. The government's position, sharpened by the Rudd testimony, is that the gap between the two models is not sufficiently protected by those classifiers.

AI + Politics

The official trigger for the ban was a jailbreak. The government notified Anthropic on June 12 that it had become aware of a method for circumventing Fable 5's safety classifiers, potentially unlocking its most sensitive cybersecurity capabilities. Anthropic says the notification was verbal only – a "potential narrow, non-universal jailbreak" – and that it was given 90 minutes to act.

The jailbreak was first reported to the Commerce Department by Amazon, which is both a major investor in Anthropic and a competitor in the AI space. Separately, a researcher operating under the pseudonym "Pliny the Liberator" published what he claimed was Fable 5's full system prompt to X and GitHub within 48 hours of launch.

Anthropic pushed back. The company said it believed the jailbreak was narrow and non-universal, that it did not defeat Fable 5's safeguards broadly, and that similar vulnerabilities exist in other publicly available models, including OpenAI's GPT-5.5 – that are not subject to comparable export controls.

"If this standard was applied across the industry, we believe it would essentially halt all new model deployments for all frontier model providers," the company wrote.

– Anthropic (@AnthropicAI) June 13, 2026

Former Facebook chief security officer Alex Stamos said he'd reviewed the underlying research and agreed with Anthropic's assessment. "There were some valid findings but no unique capabilities that justify a reaction close to this," he wrote on X.

Trump adviser David Sacks disagreed sharply. "It's difficult to fathom how they could claim a jailbreak allowing operability of a cyber weapon could be defined as not 'serious,'" he wrote.

The political backdrop makes the decision harder to read as a clean security call. The Trump administration in February ordered all federal agencies to stop using Anthropic's models after the company refused contract terms that would have allowed its AI to be used for autonomous weapons systems and mass domestic surveillance. The Pentagon subsequently designated Anthropic a "supply chain risk," barring military contractors from using its models. Anthropic is challenging that designation in federal court.

What the Anthropic crisis has exposed, more than anything, is that the United States has no consistent, transparent framework for making these decisions. The Trump administration issued an executive order on June 2 asking AI companies to voluntarily give the government 30 days of pre-release access to frontier models before public launch. Fable 5 launched seven days later, with no pre-brief. The June 12 ban was, in effect, the mechanism for forcing the cooperation the voluntary framework couldn't compel.

This analysis published at The Conversation notes that the deeper problem is structural: governments lack the independent access to data, infrastructure, and expertise needed to evaluate proprietary frontier models on their own. The administration's June 2 executive order is, in part, an implicit admission of that dependency.

Five Eyes sounds the alarm

The ban didn't just affect Anthropic's customers. It cut off Five Eyes partners Australia, the UK, Canada, and New Zealand, without warning. The UK AI Security Institute, widely regarded as the world's leading body for testing frontier AI models, was locked out of systems it was actively evaluating.

The intelligence agencies of all five nations responded with a rare joint statement, issued Monday, that didn't name Anthropic or Mythos but left little doubt about the context.

"Frontier AI models are anticipated to exceed current industry expectations, fundamentally transforming both offensive and defensive cyber capabilities," the agencies wrote. "The timeline is not years, it is months."

NSA Cybersecurity Director David Imbordino and acting CISA Director Nick Andersen were among the signatories. The statement warned that AI will lower barriers for bad actors and exploit the same legacy weaknesses defenders have failed to address for decades: unpatched systems, weak identity controls, unnecessary internet exposure.

"Cyber risk can no longer be treated as a purely technical issue," the agencies wrote. "This is a core business risk and leadership responsibility."

Olivia Shen, a national security and AI expert at the University of Sydney, said the world was too focused on Anthropic specifically. "I think we have to anticipate that the next Mythos or the next Fable is just around the corner," she said. "We can only see what's been released, but there could be other models being developed by the likes of China, or other states and other actors, that are just as advanced."

Cybersecurity experts at CyberScoop noted that the capabilities cited in the Amazon threat intelligence report – the one that apparently triggered the government directive – could already be replicated using older models like Claude Opus and Claude Sonnet, as well as open-source Chinese models not subject to any US export controls. Open-source models have historically run about 6 to 8 months behind frontier labs. The question of whether restricting Fable 5 meaningfully slows anyone determined enough to look elsewhere remains open.

Where things stand today

As of Monday, Fable 5 and Mythos 5 remain offline for most users. Anthropic told reporters the company was "very confident that in the coming days, the models will become available again" – a statement made days ago that has not materialized. Prediction markets, for what it's worth, are pricing in 57% odds of restoration before July 1.

Image credit: The AI Track

Trump told Axios on Friday that he no longer views Anthropic as a national security threat. "Well, not now, but a week ago, maybe." The two sides met at the G7, where Trump described negotiations as "going fine."

Dozens of cybersecurity researchers, AI entrepreneurs, and corporate executives signed an open letter on Monday urging the administration to commit to "an open, scientific and transparent process of handling AI risk assessments in the future."

The most concrete signal pointing toward a resolution could be Anthropic's identity verification policy, set to take effect July 8, which would allow the company to verify US citizenship and potentially restore Fable 5 domestically without requiring the export control directive to be fully lifted.

What won't be resolved quickly is the bigger question the last ten-plus days have raised. This marks the first time the United States has applied export controls directly to an AI model rather than to the hardware powering it. Europe is watching closely, concerned the same scenario could repeat with Azure, AWS, or Google Cloud. Former British security minister Tom Tugendhat was blunt: "After a lesson this clear, every nation will be asking what they need to achieve sovereignty."

Whether or not Mythos really cracked the NSA in hours, the world has already gotten the message. The NSA breach claim has not been independently confirmed by any government agency. The full details remain classified.