The National Security Agency (NSA) has reportedly been testing Anthropic’s Mythos model to identify cybersecurity vulnerabilities in Microsoft software.
The agency, which was one of the 40 organizations granted access to Mythos, has been running tests to identify security flaws and comparing the process with other tools it uses. In early trials, the NSA has reportedly been impressed by the Mythos model’s speed and efficiency in finding vulnerabilities, which aligns with what other organizations with access have said about the model.
It was first reported last week that the NSA had access to Mythos and was using it to scan its own environments for potential weaknesses. As Microsoft is one of the world’s largest software vendors, it is almost certain that some of these environments use its products.
The officials who spoke to Bloomberg did not say what bugs Mythos had found, or whether the NSA was already aware of any of these vulnerabilities. It is also unclear whether the NSA or any other department in the Trump administration has used Mythos for offensive operations.
Mythos use raises questions about government AI access
The use of Anthropic’s Mythos model comes despite the Trump administration’s designation of Anthropic as a “supply chain risk,” which effectively banned its models from being used by state departments.
Anthropic reportedly briefed the administration on the model, and there has been a notable shift, at least internally, toward redeploying Anthropic across many operations. This is despite Anthropic taking the government to court over the designation. In some quarters, Claude reportedly never stopped being used, as it was part of the preparations for the Iran War.
Microsoft is most likely also assessing the performance of Mythos, as one of the 40 organizations involved in Project Glasswing. The company already uses automated systems to identify zero-day vulnerabilities in Windows and Microsoft program patches, alongside a large team of security experts and hackers who publish vulnerabilities.
The company recently patched several Microsoft Defender vulnerabilities that allowed hackers to gain access to Windows systems.
Trying to keep a tight lid on Mythos
Even with the rollout to a select group of organizations, Mythos has reportedly been accessed by at least one unauthorized group.
Goldman Sachs bankers tied to Hong Kong also had their access removed due to concerns about the Chinese government gaining access. Anthropic has also warned that Chinese AI developers are using model distillation to mimic the performance and functionality of its models without incurring the same research and training costs.
It is unclear whether Anthropic will ever release Mythos to the wider public. It launched Opus 4.7 a few days after the Mythos announcement, while holding back some cybersecurity and agentic AI capabilities.
It may launch an AI model under the Mythos name in the future, as this model reportedly outperforms Opus and other AI models in agentic coding, coding, and visual recognition, but may add heavy safeguards to prevent its use by bad actors.
For more on Anthropic’s global ambitions, read how the company is scaling its London presence with plans for a new office supporting up to 800 employees and a major UK hiring push.
The post NSA Tests Anthropic’s Mythos Model on Microsoft Security Flaws appeared first on eWEEK.
No Responses