Parts of the NSA lose access to Anthropic's Mythos 5

Parts of the National Security Agency have lost access to Anthropic's most powerful cybersecurity model, Mythos 5, in the middle of a supply chain dispute between the company and the U.S. government. The change follows a Commerce Department export-control order on June 12, 2026 and a Senate Intelligence Committee briefing that disclosed a test run of Mythos inside the NSA's classified network.

What actually happened with Mythos 5 inside the NSA

The starting point is a controlled red-team exercise that was run inside the NSA's classified network with Anthropic's Mythos model. Senator Mark Warner, the Vice Chairman of the Senate Intelligence Committee, said in a public statement that the head of the NSA and U.S. Cyber Command, General Joshua Rudd, briefed lawmakers on the test and that Mythos "broke into almost all of our classified systems, not in weeks, but in hours," per the reporting in Parts of NSA lose Mythos 5 access amid Anthropic supply chain dispute. The exercise was authorized. It was not a real attack. The point of the test was to find out how much damage a frontier AI cybersecurity model could do against a high-value target, and the answer was most of one, very quickly.

The classified network in question is not the same as the open internet. It is a sealed environment with the most sensitive signals intelligence, cryptography work, and offensive cyber tooling that the U.S. government runs. A model that can chain together exploits at speed across that surface is, by design, the kind of capability that the U.S. government has spent the last decade trying to keep out of adversary hands. The test result was always going to produce a policy response. The question was how fast, and how broad.

The policy response was fast. On June 12, 2026 the U.S. Commerce Department, citing national security grounds, applied export controls directly to two frontier AI models, Mythos 5 and Fable 5, for the first time in the history of U.S. export regulation. Previous controls targeted the hardware that trains and runs AI, including the most advanced GPUs and accelerators. The June 12 order targeted the models themselves, on the theory that the model weights and the underlying capability were now a controlled technology. The order barred foreign nationals, including non-U.S. employees inside Anthropic itself, from accessing the models.

That is the chain that produced the current operational mess. Once the export-control order landed, the legal and procurement structure that the NSA had used to evaluate and run Mythos 5 inside its classified network stopped working. The model's access pathway was tied to the same supply chain terms that other controlled technology runs under. The supply chain dispute, which The New York Times and Nextgov/FCW have been reporting on since the weekend, is the consequence of the NSA, Anthropic, and the Commerce Department all reading the same export-control order in different ways.

The Mythos 5 supply chain fallout is not just an NSA problem

The fallout is spreading. The export-control order on Mythos 5 and Fable 5 applies to all foreign nationals, which is broader than the Five Eyes intelligence alliance. The same order caught the governments of the United Kingdom, Canada, Australia, and New Zealand off guard. Financial institutions, government agencies, and research groups in those countries that had spent months working on access agreements for either model have seen their permissions revoked with no warning. The allies were not consulted before the order was published.

The order also has consequences inside Anthropic. The export controls cover the model weights, the training data, and the access pathway. Any non-U.S. person who could previously work on Mythos 5 inside Anthropic now has restricted access under the same terms as a foreign national in a foreign country. This is the first time a U.S. frontier model has been put under the same kind of access controls as a piece of national-security software. The practical impact is that Anthropic is now running a frontier model with a smaller team of people who can legally touch it.

Anthropic is pushing back. The company has publicly argued that the trigger for the export controls was a narrow jailbreak vulnerability that the model demonstrated during a controlled test, not autonomous malicious behavior. The framing matters because under the U.S. export-control regime, a jailbreak is not the same as an offensive capability. If the test result was a jailbreak, the policy response should have been a patch and a hardening cycle. If the test result was a genuine offensive capability, the policy response should have been the export-control order that landed. Anthropic's position is that the U.S. government went straight to the second option without exhausting the first.

There is a working track to resolve the dispute. Anthropic is reported to be working with the White House on a collaborative risk management framework that would restore controlled access for the NSA and other authorized users. The framework is not public. The terms are not public. The question that the intelligence community is asking, and that the Commerce Department has not answered on the record, is whether the framework will allow the NSA to get Mythos 5 access back before the next round of testing, or whether the agency will be running the next six to twelve months of evaluation on a model it can only see from the outside.

The policy fight is the same fight, on a different scale

The Mythos 5 supply chain dispute is the first live test of whether the U.S. export-control regime, which was built around hardware, semiconductors, and dual-use physical goods, can be made to work for software-only frontier models. The June 12 order is the first concrete answer. The answer is that the regime can be extended, that the Commerce Department has the legal authority to do it, and that the policy goal of slowing the diffusion of frontier AI capability to adversaries is now a stated objective of the U.S. government.

The problem is that the same policy goal is in tension with the intelligence community's own need to use the model. The NSA, Cyber Command, and the wider intelligence community are the most aggressive users of frontier AI cybersecurity tools in the U.S. government. They are the customers. They are also the ones who are now running on a model they cannot fully use, because the export-control order that the Commerce Department wrote to keep the model out of adversary hands is also keeping it out of the hands of the people who need it most.

This is the same policy tension that the early-2026 Anthropic Fable 5 launch exposed, and the fight is now a continuation of the same argument. When the U.S. government suspended Fable 5 three days after launch, the policy question was whether a frontier model could be deployed commercially in the U.S. while the U.S. government still had to control who could access it. The answer was no. The current Mythos 5 dispute is the second round of the same fight, with a much higher-stakes customer and a much higher-stakes test result.

For a broader look at how the same control problem is showing up in enterprise AI rollouts, the Enterprise AI Governance Checklist for 2026 walks through the access-control, identity, and audit-trail patterns that a regulated enterprise needs in place before it lets a frontier model see its most sensitive data. The Mythos 5 fight is the same problem, on a different scale, in a different customer.