Around half a dozen Anthropic engineers are embedded inside the National Security Agency, helping the spy shop deploy Mythos, the company’s restricted frontier cybersecurity AI, for certain intelligence applications, the Financial Times reported Thursday, citing anonymous sources. It’s unclear if Mythos is being used in active hacking operations or preparatory work.
The catch: the NSA is doing this under an active federal ban. The Department of Defense designated Anthropic a supply-chain risk in early 2026 after Anthropic refused to allow its models to be used for mass domestic surveillance and autonomous weapons development. That designation came with an implicit procurement ban across federal agencies. Axios reported in April that the NSA was already running Mythos in defiance of the ban. Thursday’s report adds six embedded engineers to that picture.
Anthropic claims it had to limit access to Mythos, fearing its cybersecurity capabilities could be used to find security flaws and execute hacks. The NSA’s mandate includes conducting offensive cyberattacks on foreign adversaries — which is exactly the use case the restriction was built to contain.
The structural takeaway for operators: Anthropic drew a hard line on domestic surveillance and autonomous weapons, took a formal supply-chain designation for it, and filed suit in two federal courts the same week. None of that stopped the NSA. When your product is the most capable in a category a government agency needs, your compliance posture is a negotiating position, not a wall. For founders holding principles positions in government contracts, the cost here wasn’t the contract. It was the lawyers.
NSA declined to confirm or deny. Anthropic didn’t respond.
— Nathan Zakhary