AI Model Identifies Vulnerabilities in US Government Systems During Test
A US official told The Associated Press on Tuesday that one of Anthropic's artificial intelligence models identified vulnerabilities in highly sensitive US government computer systems during a testing exercise.
The official, speaking on condition of anonymity, said Anthropic collaborated with US intelligence agencies to test the company's Mythos model. The model identified certain vulnerabilities within hours, but the official added that this does not mean the model could exploit them within that time.
The testing was part of Anthropic's Project Glasswing initiative, which brings together tech companies and other organisations to secure critical software from potential severe fallout that the Mythos model could pose to public safety, national security, and the economy.
Democratic Senator Mark Warner of Virginia briefly mentioned the testing during a June 11 hearing before the Senate Committee on Banking, Housing, and Urban Affairs. Warner stated, "This tool broke into almost all of our classified systems, not in weeks but in hours." He attributed the information to the head of the National Security Agency and US Cyber Command, General Joshua Rudd.
The NSA declined to comment via email. An Anthropic spokesman also declined to comment.
Despite the cooperation between Anthropic and US agencies for vulnerability testing, tensions between the California-based company and the Trump administration have been growing. Anthropic has expressed concerns over how the US military uses its AI, while the administration has restricted the use of some of Anthropic's models.
The administration earlier this month issued a directive requiring Anthropic to prevent foreign nationals from using its latest AI models, called Fable 5 and Mythos 5. Anthropic released Fable widely earlier this month. That model is a limited version of the more advanced Mythos, to which the company has tightly restricted access due to cybersecurity fears.
The directive came 10 days after President Donald Trump signed an executive order establishing a framework for the federal government to vet the national security risks of the most advanced AI systems for up to a month before their public release. The order said participation by AI developers would be voluntary.
Anthropic said it disabled the models for all of its customers to comply with the directive. The AI company stated it did not believe the government's steps were warranted by the security concern flagged.
A group of cybersecurity executives has also asked the Trump administration to lift the directive, arguing the move could help US adversaries more than it hurts them. More than 100 cybersecurity experts and leaders from companies including Adobe and Nvidia stated in a letter that Anthropic's Mythos models are "quite good" at finding flaws in software and weaponising exploits, but they are "not uniquely good at these tasks."
Many signatories of the letter said they regularly use other foundation and open-source models for security audits and training. The letter warned it is dangerous to take away the best cyber defence capabilities "without a good reason" while America's adversaries are rapidly advancing.
