The National Security Agency is using Anthropic's restricted Mythos Preview model even as the Defense Department, which oversees the NSA, argues that Anthropic threatens national security, Axios reported Sunday. Two sources told Axios the NSA has access, and one said the model is also being used more widely inside the department. The result is a strange government split: the same building tells contractors to get off Anthropic while one of its own intelligence agencies keeps the tool running.

That is the tell.

The Pentagon fight began in February, when Defense Secretary Pete Hegseth pushed Anthropic to allow Claude for "all lawful purposes" and Anthropic refused to drop restrictions on mass domestic surveillance and fully autonomous weapons. The department then labeled Anthropic a supply-chain risk, a move this site covered as a break from ordinary procurement logic. Now the paper ban has met a live operational need.

Key Takeaways

AI-generated summary, reviewed by an editor. More on our AI guidelines.

The contradiction sits inside Defense

The NSA is not a civilian workaround. It sits inside the Defense Department, with classified networks, mission owners, and lawyers who read the same orders as everyone else.

That makes the Mythos use different from last week's White House thaw, when civilian agencies were pushing for access to help secure banks, energy systems, and government software. This one lands inside the institution that wanted Anthropic cut out.

Axios said it remains unclear how the NSA is using Mythos. Other organizations with access are mainly using it to scan their own environments for exploitable vulnerabilities. That distinction matters. Defensive scanning is not the same thing as turning a model loose on a target. Still, the political problem does not go away. If Anthropic's software is dangerous enough to blacklist, why is it useful enough to keep?

Strip away the court language, and you get the working question.

Forty seats, 12 names

Anthropic has not released Mythos to ordinary Claude users. In its Project Glasswing announcement, the company named 12 launch partners, including Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, Nvidia, and Palo Alto Networks.

It also said more than 40 additional organizations that build or maintain critical software had received access. Axios reported that the NSA is among the unnamed agencies in that second group.

That arithmetic is the story. Twelve public names. Roughly 40 more behind the curtain. One of them appears to be the U.S. spy agency housed under the department trying to make Anthropic radioactive for contractors.

Mythos gives the government a reason to live with that awkwardness. Anthropic says the model found thousands of high-severity vulnerabilities, including flaws in every major operating system and web browser. It also said Mythos found a 27-year-old OpenBSD vulnerability, a 16-year-old FFmpeg bug, and Linux kernel flaws that could be chained from ordinary access to full machine control. All patched, according to the company.

No need to romanticize it. A model that can find buried software faults is useful to defenders and worrying in the wrong hands. Same machine. Different hands on the keyboard.

The blacklist no longer acts like a ban

The legal status remains messy. A federal judge in Northern California temporarily blocked the Pentagon's designation in March, writing that the department had not shown why Anthropic's insistence on usage restrictions made it a saboteur. Another court allowed the designation to remain in place while the fight continues.

Contractors still face an ugly compliance problem. The March designation told companies working with the military to avoid commercial activity with Anthropic. But the government has also kept talking to Anthropic, and now the NSA is reportedly using the restricted Mythos model. The instruction on the paper and the behavior in the server room no longer match.

That mismatch changes Anthropic's posture. The company looked cornered when the Pentagon tried to cut it out. It looks harder to isolate when the intelligence community wants its model, Treasury wants cyber help, and the White House describes meetings with Dario Amodei as productive.

The Pentagon can still argue that contract restrictions make Anthropic unreliable for some military work. That argument is narrower than the label. It says, in effect: we dislike the conditions attached to this vendor. It does not prove the vendor is a supply-chain threat.

What the workaround buys

For the administration, the workaround buys time. Hegseth can keep the blacklist posture. Other agencies can test Mythos where the need is immediate. The White House does not have to say out loud that February's all-government cutoff became unworkable within weeks.

For Anthropic, the win is sharper. The company can point to the reported NSA use as evidence that its model is not an optional research toy. If Axios' sourcing holds, Mythos is already inside a national-security workflow, even if the front door says otherwise.

One caution belongs in the story. Axios got no comment from Anthropic or the Pentagon. The NSA and ODNI stayed silent. Reuters could not verify the scoop on its own. So the record is not a stamped memo. It is sourced reporting, court papers, and Anthropic's public Mythos claims.

That is enough to see the policy shape. The government tried to turn Anthropic into a warning label. Its own agencies turned the label into a sticky note on the side of a working machine.

Frequently Asked Questions

Is the NSA confirmed to be using Anthropic's Mythos?

Axios reported that two sources said the NSA is using Mythos Preview, and one said the model is being used more widely inside the Defense Department. Reuters said it could not independently verify the report.

Why is the Pentagon calling Anthropic a supply-chain risk?

The Pentagon and Anthropic fought over military use terms. Defense officials wanted access for all lawful purposes. Anthropic refused to drop restrictions on mass domestic surveillance and fully autonomous weapons.

How restricted is Mythos Preview?

Anthropic has not released Mythos Preview to ordinary Claude users. It named 12 Project Glasswing partners and said more than 40 additional organizations that build or maintain critical software received access.

What does Mythos do for cybersecurity?

Anthropic says Mythos can find and help exploit software vulnerabilities at a level beyond most human specialists. Its public examples include flaws in OpenBSD, FFmpeg, and the Linux kernel, all patched.

What is the practical conflict for contractors?

Defense contractors still have to treat the Pentagon designation seriously. The reported NSA use makes the compliance picture harder because the department's paper posture and operational behavior point in different directions.

AI-generated summary, reviewed by an editor. More on our AI guidelines.

Anthropic Lost the Pentagon Contract. It Won the Argument. Then Offered to Keep the Lights On.
On Thursday afternoon, the Department of Defense formally notified Anthropic that the company and its products "are deemed a supply chain risk, effective immediately." The label has historically been
The Implicator
Warren Says Pentagon Blacklisting of Anthropic 'Appears to Be Retaliation,' Seeks OpenAI Contract Details
Sen. Elizabeth Warren said Monday that the Pentagon's decision to designate Anthropic a supply-chain risk "appears to be retaliation," and demanded details from both Defense Secretary Pete Hegseth and
The Implicator
Pentagon Targets Anthropic. India Writes the Checks.
San Francisco | Tuesday, February 17, 2026 The Pentagon is close to labeling Anthropic a supply chain risk. Defense Secretary Pete Hegseth wants Claude available for "all lawful purposes." Anthropic
The Implicator
AI News

San Francisco

Editor-in-Chief and founder of Implicator.ai. Former ARD correspondent and senior broadcast journalist with 10+ years covering tech. Writes daily briefings on policy and market developments. Based in San Francisco. E-mail: [email protected]