Anthropic's offensive AI lands inside the NSA

About half a dozen engineers from Anthropic, the San Francisco AI company, now report for work inside the National Security Agency, America's signals-intelligence service. They are there, two people familiar with the arrangement told the Financial Times, as "forward-deployed engineers" — the title Silicon Valley gives to staff embedded with a customer to tune a product to its needs — guiding the agency's use of Claude Mythos, the most capable offensive cyber tool the company has built, and the one it decided in April was too dangerous to release to the public.

What Mythos can do is why the arrangement matters. In the lab's own testing before launch, the model autonomously found and exploited a remote-code-execution flaw in FreeBSD's network file system that had survived seventeen years of human review, working from a single instruction with no person in the loop after the initial prompt. It surfaced a twenty-seven-year-old denial-of-service bug in OpenBSD, an operating system built expressly to be secure. On a Firefox test where Anthropic's previous frontier model, Opus 4.6, turned discovered vulnerabilities into working exploits twice across several hundred attempts, Mythos did it 181 times. The company put its success rate at generating functional exploits above seventy-two percent, a figure that, sat with for any length of time, reads less like a software metric than a weapons specification.