Vulnerabilities Bearish 8

Mythos AI turned hours into zero-day discovery for US classified systems

· 4 min read · Verified by 2 sources ·
Share

Key Takeaways

  • An AI red-teaming exercise using Anthropic’s Mythos model identified vulnerabilities across almost all classified U.S.
  • government networks in hours, compressing the traditional weeks-long security audit timetable.
  • The finding points to a future where autonomous vulnerability scanners could dominate cyber defense and offense.

Mentioned

Anthropic company Mythos technology Project Glasswing initiative Sen. Mark Warner person Gen. Joshua Rudd person U.S. intelligence agencies organization Fable 5 technology Mythos 5 technology

Key Intelligence

Key Facts

  1. 1Anthropic’s Mythos model identified vulnerabilities in highly classified U.S. government systems during a testing exercise with intelligence agencies.
  2. 2Senator Mark Warner stated the AI 'broke into almost all of our classified systems, not in weeks but in hours,' attributing the info to Gen. Joshua Rudd (NSA/Cyber Command).
  3. 3The test was conducted under Anthropic’s Project Glasswing, a coalition of tech companies aiming to protect critical software from severe AI-related fallout.
  4. 4The U.S. administration earlier in June issued a directive requiring Anthropic to block foreign nationals from accessing its latest models, Fable 5 and Mythos 5.
  5. 5Anthropic and U.S. intelligence agencies cooperated despite ongoing tensions over military use of AI, with the company openly raising concerns about weaponization.
  6. 6The NSA and Anthropic both declined to comment on the specifics, but the official noted that identifying vulnerabilities did not mean the model exploited them within the hours-long window.

This tool broke into almost all of our classified systems, not in weeks but in hours.

Sen. Mark Warner U.S. Senator (D-VA)

During a Senate Banking Committee hearing, June 11, 2026

Time to Identify Vulnerabilities
Hours vs. weeks (traditional)

Mythos model found flaws across nearly all tested classified systems in a fraction of routine audit times.

Analysis

For cybersecurity leaders, the speed at which Mythos dissected classified systems is a harbinger of the AI-powered vulnerability hunting era. Traditional penetration testing would take weeks to map even a fraction of what the model uncovered in hours. This test validates that AI can now operate as a near-instantaneous, scalable red team, forcing organizations to rethink vulnerability management lifecycles and defensive automation.

In a revelation that underscores the accelerating cybersecurity threat landscape, a U.S. official confirmed that Anthropic’s advanced AI model, Mythos, successfully identified vulnerabilities in highly classified U.S. government computer systems during a joint testing exercise with intelligence agencies. The exercise, part of an initiative called Project Glasswing—a collaborative effort involving tech giants to secure critical software against severe AI-driven fallout—demonstrated that the model could pinpoint weaknesses not over weeks but within hours. Senator Mark Warner (D-VA) disclosed the findings during a June 11 Senate Banking Committee hearing, citing information from General Joshua Rudd, head of the NSA and U.S. Cyber Command. 'This tool broke into almost all of our classified systems, not in weeks but in hours,' Warner stated, though officials later clarified that while the model identified vulnerabilities, it did not exploit them in that timeframe.

Conversely, the administration early in June issued a directive requiring Anthropic to bar foreign nationals from using its latest models, Fable 5 and Mythos 5—a move that hints at fears of adversarial access and industrial espionage.

The test’s implications are profound. It signals a paradigm shift in offensive and defensive cyber capabilities: an AI system, likely trained on vast codebases and attack patterns, can systematically probe hardened, air-gapped networks at machine speed. The fact that the model was able to find flaws across 'almost all' tested systems suggests systemic weaknesses that human red teams might take weeks or months to uncover. This speed advantage could compress vulnerability discovery lifecycles from months to days, fundamentally altering the time pressure on security operations centers and vulnerability disclosure processes.

Contextually, the test occurred amid a delicate dance between Anthropic and the Trump administration. While the company cooperated with intelligence agencies, broader tensions simmered over how its AI would be used in military contexts. Anthropic has publicly expressed concerns about the militarization of AI, pushing back against unrestricted military applications. Conversely, the administration early in June issued a directive requiring Anthropic to bar foreign nationals from using its latest models, Fable 5 and Mythos 5—a move that hints at fears of adversarial access and industrial espionage. This friction illustrates the classic national security dilemma: the very tools that can strengthen defense are also the ones that, if misused or exported, could erode security.

The testing exercise was framed as a preemptive security measure under Project Glasswing, which aims to harden critical software before bad actors can leverage AI for catastrophic attacks. However, the revelation that an AI model found widespread vulnerabilities in systems protected by the highest classifications raises uncomfortable questions: how many of these flaws have existed unnoticed? Were any already exploited by state-sponsored attackers? And what does Anthropic’s discovery mean for the security posture of allies who may not have access to such advanced testing?

What to Watch

From a market and policy perspective, the incident will likely accelerate federal investment in AI-driven security testing and mandate regular AI red-teaming of government networks. It also bolsters the argument for a regulatory framework that balances innovation with safeguards, especially concerning foreign access. For the defense sector, the event highlights the urgency of adopting AI-native defense strategies—not only to patch vulnerabilities but to integrate AI into continuous monitoring and threat hunting. The speed at which Mythos worked could inspire a new class of autonomous security audit tools that operate continuously, reducing mean time to detect and remediate.

Looking ahead, the interplay between AI developers and government agencies will define the next chapter of cyber defense. Project Glasswing represents a prototype of public-private cooperation, but the model’s demonstrated capability may also tempt military planners to weaponize similar systems, escalating an AI arms race. The coming months will likely see congressional hearings and executive branch reviews aimed at codifying standards for AI vulnerability testing, export controls, and ethical use in national security. The Mythos test serves as both a triumph of defensive collaboration and a stark warning about the vulnerabilities woven into the digital backbone of the most secure state institutions.

Sources

Sources

Based on 2 source articles

How we covered this story

Every story in our cybersecurity coverage is assembled from multiple primary sources, cross-referenced for factual consistency, and scored along three independent dimensions: sentiment, operational impact, and source-cluster confidence. Single-source rumors and unverifiable claims do not pass our editorial gate. When a story shows "Verified by N sources" with N≥2, the development is independently corroborated; when N=1, we mark it explicitly so readers can weigh the signal accordingly.

Impact scoring uses a 1-10 scale weighted toward regulatory, financial, and operational consequence rather than coverage volume. A topic that runs in every outlet but moves no real decisions ranks lower than a niche regulatory filing that reshapes how operators in the cybersecurity space have to behave. Read our full methodology for the scoring rubric, our glossary for term definitions, and our trends index for the longitudinal view across the beat.