{"id":9269,"date":"2026-04-08T22:21:36","date_gmt":"2026-04-08T22:21:36","guid":{"rendered":"https:\/\/sawahsolutions.com\/range\/spy-agencies-eye-new-anthropic-ai-model-that-spots-cyber-flaws\/"},"modified":"2026-04-08T22:21:37","modified_gmt":"2026-04-08T22:21:37","slug":"spy-agencies-eye-new-anthropic-ai-model-that-spots-cyber-flaws","status":"publish","type":"post","link":"https:\/\/sawahsolutions.com\/range\/spy-agencies-eye-new-anthropic-ai-model-that-spots-cyber-flaws\/","title":{"rendered":"Spy agencies eye new Anthropic AI model that spots cyber flaws"},"content":{"rendered":"<div>\n<p>Anthropic\u2019s decision to keep close hold on\u00a0a powerful frontier AI model, paired with a new initiative to study its effects on global networks, is prompting intelligence-community discussions about the ways such tools might help friendly and adversary forces alike.<\/p>\n<p>On Tuesday, Anthropic\u00a0unveiled Project Glasswing, a bid to raise\u00a0AI-powered defenses before AI-enabled attackers can overwhelm\u00a0critical software.\u00a0<\/p>\n<p>\u201cThe fallout \u2014 for economies, public safety, and national security \u2014 could be severe. Project Glasswing is an urgent attempt to put these capabilities to work for defensive purposes,\u201d the AI company said in a blog post.<\/p>\n<p>Program partners\u2014among them, Amazon Web Services, Apple, Cisco, Google, Microsoft\u2014get access to Claude Mythos Preview, an unreleased model that,\u00a0officials wrote,\u00a0\u201chas already found thousands of high-severity vulnerabilities, including some in every major operating system and web browser.\u201d<\/p>\n<p>The intelligence community is reacting to the news, according to a person familiar with the thinking of multiple IC agencies.\u00a0<\/p>\n<p>\u201cThey want secure code and to use AI to find network vulnerabilities as well,\u201d said the person, who, like some others in this story, spoke on the condition of anonymity to describe sensitive internal deliberations.<\/p>\n<p>Anthropic has briefed senior officials across the U.S. government, including at the Cybersecurity and Infrastructure Security Agency and NIST\u2019s Center for AI Standards and Innovation, on Mythos Preview\u2019s offensive and defensive cyber applications, a company official said. \u00a0<\/p>\n<p>\u201cBringing government into the loop early \u2014 on what the model can do, where the risks are, and how we\u2019re managing them \u2014 was a priority from the start,\u201d the company official said.<\/p>\n<p>Analysts at the National Security Agency have also been casually chatting about the release of the Mythos model, another person familiar with the matter told <em>Nextgov\/FCW<\/em>.<\/p>\n<p>Multiple intelligence agencies and Defense Department components play roles in offensive cyber operations and defending U.S. networks. Because offensive missions often depend on understanding a target\u2019s defenses, tools like the Mythos model in the wrong hands could help adversaries identify and exploit weaknesses in critical systems. Agencies are already known to stockpile hacking exploits for future use.<\/p>\n<p>The development is also drawing major attention and concern, in some cases, from cyber-focused firms that engage with the intelligence community.\u00a0<\/p>\n<p>\u201cHow is anyone supposed to defend against all of this at once?\u201d said one executive at a cyber investment firm, alarmed by the scale at which the Anthropic model was able to identify vulnerabilities.<\/p>\n<p>The Glasswing news is \u201cscary and ominous\u201d because it isn\u2019t clear how Mythos Preview could be used offensively, especially if it falls into the hands of a foreign adversary, said Hayden Smith, a co-founder at Hunted Labs, a company focused on software supply chain risks.<\/p>\n<p>It\u2019s very possible the model could land in the possession of governments considered hostile to the U.S., he said, explaining that \u201ceven with deep vetting, the odds of Mythos flowing into the wrong hands is barely a hypothetical given the landscape of current attacks on the open source ecosystem and software supply chain.\u201d<\/p>\n<p>Because much of the internet runs on widely used open-source software maintained by developers around the world, tools like Mythos could uncover weaknesses in code that underpin large parts of the digital ecosystem.\u00a0<\/p>\n<p>That dynamic has come into sharper focus following recent software supply chain incidents that had widespread repercussions \u2014 including a compromise of the Axios JavaScript library disclosed last week \u2014 and amid concerns that some developers behind critical open-source projects are affiliated with companies the U.S. government considers tied to foreign adversaries.<\/p>\n<p>Capitol Hill is also paying attention to the Anthropic development.<\/p>\n<p>\u201cWe are already seeing cyber threat actors using AI tools to improve their capabilities, putting government, businesses and consumers\u2019 security and personal information at risk,\u201d said Sen. Mark Warner, D-Va., the vice chairman of the Senate Intelligence Committee. \u201cAs AI dramatically accelerates the discovery of new vulnerabilities, I hope industry will correspondingly accelerate and reprioritize patching.\u201d<\/p>\n<p>Observers have been awaiting the release of a model like Mythos Preview that could identify and exploit cyber vulnerabilities at scale for some time, said Morgan Adamski, the former executive director at U.S. Cyber Command and lead for PwC\u2019s Cyber, Data &amp; Technology Risk services.<\/p>\n<p>\u201cFor those in the offensive cyber community, for the U.S. government, there\u2019s obviously a huge potential there from an adversarial perspective,\u201d she said in an interview.<\/p>\n<p>But offense and defense are, in many ways, one and the same. If cyberintelligence analysts find a novel vulnerability in an enemy computer network, it\u2019s possible a U.S. system might have the same vulnerability, too.<\/p>\n<p>\u201cThere\u2019s going to be a real equity conversation that occurs,\u201d Adamski said. \u201cIf we exploit something in an adversarial network, we\u2019re going to have to be able to defend against it in our own critical infrastructure.\u201d<\/p>\n<p>She also said to expect more of these innovations in the AI space, as \u201ctypically, when these types of models come out, other models aren\u2019t far behind.\u201d<\/p>\n<p>In an interview, Gary DePreta, the senior vice president of Cisco\u2019s U.S. Public Sector Organization, told <em>Nextgov\/FCW<\/em> that the company\u2019s participation in Project Glasswing is part of its larger aim to address cybersecurity threats while bringing the benefits of AI to its customer base.\u00a0<\/p>\n<p>\u201cWe\u2019re going from an age of detect-and-respond \u2014 and as we automate with AI \u2014 to predict-and-prevent threats,\u201d DePreta said on Wednesday. \u201cWe keep saying this phrase at Cisco: \u2018there is a paradox of progress as it relates to AI and the enterprise.\u2019 And what it simply means is the capabilities of AI are far exceeding the enterprise\u2019s ability to implement it in a safe and secure way.\u201d<\/p>\n<p>Anthropic has become a major voice in the line AI companies are willing to draw in ethical uses of their technology, though that stance has drawn friction with the U.S. military. Earlier this year, the company declined to ease restrictions against its tools being used for domestic surveillance or fully autonomous weapons for Pentagon use, triggering a \u201csupply chain risk\u201d designation from the Defense Department and a White House order that all federal agencies phase out their uses of Anthropic tools. The company has legally challenged the move.\u00a0<\/p>\n<p>It\u2019s possible that the Mythos announcement may reshape how the Defense Department interacts with the company.<\/p>\n<p>The government \u201cneeds to make amends with Anthropic and help them and Glasswing members maintain the American lead on AI by preventing Chinese model theft,\u201d said Leah Siskind, an AI research fellow at the Foundation for Defense of Democracies think tank.\u00a0<\/p>\n<p>\u201cAnthropic is making the responsible call \u2014 but adversaries won\u2019t,\u201d she said. \u201cChina is already exploiting U.S. AI models to accelerate its own capabilities, and when they reach Mythos-level performance, they will weaponize it.\u201d<svg class=\"content-tombstone\">\n<use xlink:href=\"http:\/\/www.defenseone.com\/static\/base\/svg\/spritesheet.svg#icon-d1-logo-tiny\"\/>\n<\/svg><\/p>\n<\/div>\n<p><script>\n!function(f,b,e,v,n,t,s)\n{if(f.fbq)return;n=f.fbq=function(){n.callMethod?\nn.callMethod.apply(n,arguments):n.queue.push(arguments)};\nif(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version='2.0';\nn.queue=[];t=b.createElement(e);t.async=!0;\nt.src=v;s=b.getElementsByTagName(e)[0];\ns.parentNode.insertBefore(t,s)}(window,document,'script',\n'https:\/\/connect.facebook.net\/en_US\/fbevents.js');\nfbq('init', '10155007044873614'); \nfbq('track', 'PageView');\n<\/script><script>\n  window.fbAsyncInit = function() {\n    FB.init({\n      appId      : '1546266055584988',\n      autoLogAppEvents : true,\n      xfbml      : true,\n      version    : 'v2.11'\n    });\n  };\n  (function(d, s, id){\n     var js, fjs = d.getElementsByTagName(s)[0];\n     if (d.getElementById(id)) {return;}\n     js = d.createElement(s); js.id = id;\n     js.src = \"https:\/\/connect.facebook.net\/en_US\/sdk.js\";\n     fjs.parentNode.insertBefore(js, fjs);\n   }(document, 'script', 'facebook-jssdk'));\n<\/script><br \/>\n<br \/>Read the full article <a href=\"https:\/\/www.defenseone.com\/policy\/2026\/04\/spy-agencies-ai-anthropic-cybersecurity\/412724\/\" target=\"_blank\" rel=\"nofollow noopener\">here<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Anthropic\u2019s decision to keep close hold on\u00a0a powerful frontier AI model, paired with a new initiative to study its effects on global networks, is prompting intelligence-community discussions about the ways such tools might help friendly and adversary forces alike. On Tuesday, Anthropic\u00a0unveiled Project Glasswing, a bid to raise\u00a0AI-powered defenses before AI-enabled attackers can overwhelm\u00a0critical software.\u00a0<\/p>\n","protected":false},"author":1,"featured_media":9270,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/cdn.defenseone.com\/media\/img\/cd\/2026\/04\/08\/040826GlasswingNG-1\/open-graph.jpg","fifu_image_alt":"","footnotes":""},"categories":[31],"tags":[],"class_list":["post-9269","post","type-post","status-publish","format-standard","has-post-thumbnail","category-defense"],"_links":{"self":[{"href":"https:\/\/sawahsolutions.com\/range\/wp-json\/wp\/v2\/posts\/9269","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sawahsolutions.com\/range\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sawahsolutions.com\/range\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sawahsolutions.com\/range\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sawahsolutions.com\/range\/wp-json\/wp\/v2\/comments?post=9269"}],"version-history":[{"count":1,"href":"https:\/\/sawahsolutions.com\/range\/wp-json\/wp\/v2\/posts\/9269\/revisions"}],"predecessor-version":[{"id":9271,"href":"https:\/\/sawahsolutions.com\/range\/wp-json\/wp\/v2\/posts\/9269\/revisions\/9271"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sawahsolutions.com\/range\/wp-json\/wp\/v2\/media\/9270"}],"wp:attachment":[{"href":"https:\/\/sawahsolutions.com\/range\/wp-json\/wp\/v2\/media?parent=9269"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sawahsolutions.com\/range\/wp-json\/wp\/v2\/categories?post=9269"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sawahsolutions.com\/range\/wp-json\/wp\/v2\/tags?post=9269"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}