AjiNovaAjiNova
AI

An AI Just Broke Into Almost Every NSA Classified System in Hours

A single sentence, delivered by Senator Mark Warner on June 11, quietly reshapes everything you thought you knew about why the US government pulled Anthropic's most powerful AI models offline. The NSA and Cyber Command chief told a senator that Anthropic's Mythos model broke into "almost all" of their classified systems — not in weeks, but in hours. This is what we know, what we don't, and why this moment may be the one historians point to when they try to explain how AI became the world's most dangerous national security concern.

A
AjiNova
8 min read
An AI Just Broke Into Almost Every NSA Classified System in Hours

There is a sentence that has been sitting in a Senate hearing transcript since June 11, mostly unnoticed, until this weekend when the internet found it and nothing was quiet again.

Here it is, as Senator Mark Warner, Vice Chairman of the Senate Intelligence Committee, delivered it:

"When the head of the NSA and Cyber Command came and said, 'This tool broke into almost all of our classified systems, not in weeks, but in hours...'"

The tool he was referring to was Mythos — Anthropic's most capable AI model, the one restricted to approximately 200 vetted partners under a controlled access program called Project Glasswing. The person who made that statement to Warner was General Joshua Rudd, the officer confirmed by the Senate in March 2026 to simultaneously lead both the National Security Agency and US Cyber Command — America's two most powerful intelligence and offensive cyber institutions.

One day after that Senate hearing, on June 12, the US Commerce Department issued the order that took Mythos and Fable 5 offline globally. The official reason given at the time was a narrow jailbreak. The context that sentence now provides is considerably more alarming than a narrow jailbreak.

What We Know for Certain

Let's be precise about what the verified record actually shows, because the way this story is circulating on social media has introduced some important inaccuracies.

Confirmed: Senator Mark Warner publicly stated, at a Senate hearing on June 11, 2026, that General Joshua Rudd — the head of the NSA and Cyber Command — told him that Anthropic's Mythos model penetrated almost all classified systems during testing. This was first reported by The Economist in its June 14 briefing and has been widely confirmed since.

Confirmed: General Rudd is real, senior, and credible. He was confirmed to lead both the NSA and Cyber Command by a Senate vote of 71 to 29 on March 10, 2026. He is not a mid-level official or a partisan figure.

Confirmed: This was an authorized test — what the intelligence community calls "red-teaming" or a controlled penetration assessment. Mythos was not attacking the NSA maliciously. It was being evaluated in a controlled environment replicating classified network conditions to assess its offensive cyber capabilities.

Not confirmed: There is no official statement from the NSA itself. The only source is Warner's account of what Rudd told him privately. Some social media posts framing this as "NSA confirms breach" are misleading — they are reporting a senator's account of a private conversation, not an institutional disclosure.

Not confirmed: The precise methodology, scope, or conditions of the test have not been publicly disclosed. "Almost all classified systems" is Warner quoting Rudd; neither has provided technical detail.

Why This Changes the Entire Narrative

When the Commerce Department issued its June 12 directive, Anthropic and most outside observers understood it as a response to a jailbreak — a specific method someone had found to bypass Mythos's safety guardrails in a way that could allow the model to help identify software vulnerabilities.

Anthropic itself called that framing an overreaction, arguing in a public statement that the cited jailbreak was narrow, that similar vulnerabilities exist in competing models like GPT-5.5, and that pulling an entire commercial product for all global customers over a narrow exploit was disproportionate.

That dispute made sense if the jailbreak was the whole story. Warner's June 11 statement suggests the jailbreak may have been the stated trigger for an action whose real driver was something far more consequential: a controlled assessment demonstrating that Mythos could autonomously compromise almost every classified US intelligence and cyber system it was pointed at — in hours.

That is not a jailbreak problem. That is an entirely different category of threat.

Think of it this way. A jailbreak is like discovering a lock on a specific door can be picked under certain conditions. What the NSA assessment apparently found is more like discovering that a tool exists that can open almost every door in the building simultaneously, including the ones you thought were impenetrable, before you've had time to make coffee.

Anthropic's Position Is More Complicated Than It Looks

Anthropic has disputed the rationale for the shutdown. But its own behaviour around Mythos was always consistent with treating it as something genuinely dangerous.

Mythos was never publicly released. The most capable AI model Anthropic has ever built was kept behind a restricted access program involving only around 200 carefully vetted partners — Amazon, Apple, Google, Microsoft, Nvidia, JPMorgan, and the Linux Foundation among them — under a framework called Project Glasswing specifically designed to prevent broad access until safety evaluation was complete.

Anthropic's chief safety officer publicly stated that Mythos is "so capable at identifying hidden flaws in software that it constitutes a credible tool for offensive cyber operations at a scale and speed not previously seen."

That's not the language a company uses about a model it considers benign. It is the language of an organisation that understood, before the government intervened, that the thing it had built was in a different capability tier from anything that had come before.

The company's dispute with Washington appears to be less about whether Mythos is dangerous and more about who gets to decide what happens next, and under what process.

The Precedent That Nobody Is Talking About Enough

The export control order that followed the NSA assessment is, in itself, a landmark.

For years, US export controls in the AI space focused on hardware — specifically on the advanced chips and fabrication technology that make frontier AI possible. The logic was straightforward: control the ingredients, slow down your adversaries.

The Fable 5 and Mythos 5 directive breaks that logic entirely. For the first time, the United States government has applied export controls not to the chips that build an AI model, but to the AI model itself — treating a software system as a controlled national security item in the same category as certain weapons technologies.

That shift has enormous implications. If AI models can be export-controlled directly, the entire framework for how frontier AI gets commercialised, distributed globally, and developed internationally just changed. Every frontier model that crosses a capability threshold the government considers dangerous is now, in principle, subject to the same kind of restriction that just took Anthropic's two most advanced products offline overnight.

Helen Toner of Georgetown's Centre for Security and Emerging Technology put it sharply: the foreigner ban is "essentially equivalent to preventing any company affected from doing any further AI R&D work," given how many foreign nationals staff American AI labs. That's not a minor compliance headache. That's a structural constraint on the entire industry.

What This Means for the Rest of the AI World

The Warner revelation, if accurate in its broad outlines, raises a question nobody in the AI industry has a comfortable answer to: at what capability level does an AI model cross the line from a commercial product into a national security asset that can no longer be governed by normal market rules?

Anthropic built Mythos. They tried to govern it carefully through Project Glasswing. They cooperated with government safety evaluations. They did, by most accounts, more than any other frontier lab to ensure their most capable model wasn't loose in the world before it had been properly assessed.

And the government still shut it down. Not because Anthropic failed to be responsible — but because the thing they built was so capable that responsible stewardship by a private company, however sincere, may no longer be sufficient.

That is the uncomfortable logic that sits at the centre of this story. The AI industry has spent years arguing that self-regulation and voluntary safety commitments can be trusted. The NSA's assessment of Mythos suggests that at the frontier of capability, those arguments may simply not hold anymore — not because the companies are untrustworthy, but because some capabilities are too consequential for any private organisation to hold alone.

The Bottom Line

Warner really said those words. Rudd is a legitimate, top-tier source. The offensive cyber capability of frontier AI models is documented and serious.

What is not established is the exact nature, scope, and conditions of the NSA assessment. What is not established is whether the Commerce Department directive was primarily driven by this assessment, by the jailbreak, or by the administration's already-fraught relationship with Anthropic following its refusal to agree to unrestricted military use.

The solid story is this: the people running US cyber intelligence consider Anthropic's most capable model powerful enough to breach their classified systems within hours. The US government responded by treating that model as a national security threat. And for the first time in the history of artificial intelligence, a software system has been export-controlled not for what it might enable, but for what it demonstrably does.

That is the moment we are in. It may be the most significant thing to happen in AI this year — and it happened quietly, in a Senate hearing, eleven days ago.

Tags:Mythos AIAnthropicNSACyber CommandJoshua RuddMark WarnerAI National SecurityExport ControlsFable 5AI CybersecurityUS IntelligenceClassified SystemsAI RegulationProject GlasswingFrontier AI
Article Info
AuthorAjiNova
Read time8 min
CategoryAI
A
AjiNova
Published by the AjiNova editorial team. Covering technology, startups, AI, software engineering, and emerging innovation.

Need help building software?

Talk to the AjiNova team about web applications, mobile platforms, AI integrations, and cloud solutions.

Start a ProjectMore Articles
Keep Reading
Chat with us