QWE AI Academy The news dropped this week: NSA lost access to Mythos amid the Anthropic dispute, and the security Twitter timeline hasn’t stopped arguing about it since. Nextgov/FCW reported that parts of the National Security Agency lost access to Anthropic’s Mythos 5 model following a Trump administration export control action, with some analysts notified on Friday. If you came here wondering whether this affects you – short answer, yes, but probably not the way the headlines suggest.
This guide skips the political recap. Instead, here’s what changed for regular Claude users, what you can still access today, and how to do Mythos-style vulnerability work without being on the Project Glasswing whitelist.
The scenario: you opened Claude on June 13 and something was missing
Picture this: you’re a security engineer running pre-release scans, or a developer who’d been using Fable 5 for long-running coding tasks. On June 13, Anthropic received a government directive at 5:21 p.m. Eastern requiring it to suspend Fable 5 and Mythos 5 access for any foreign national, including noncitizen employees inside the United States. The company disabled the models for all customers because it could not comply selectively.
That second sentence is the part most coverage glosses over. The order was a nationality filter. Anthropic’s response was a global kill switch – not because they wanted drama, but because their identity stack couldn’t enforce per-user nationality gating cleanly. So everyone lost access at the same time, including the UK AI Security Institute, the main international body for testing frontier AI models.
The viral quote making the rounds – that Mythos “broke into” NSA classified systems in hours – is real but mangled. Anthropic’s own write-up describes the same sandbox setup they use for all research. Economist defence editor Shashank Joshi confirmed on X on June 21 that he had accurately quoted Senator Mark Warner, but the line had been stripped of context. Warner was relaying what General Joshua Rudd told him in a private briefing: Mythos “broke into almost all of our classified systems, not in weeks, but in hours” – during authorised testing. A red-team drill. Not an outside breach.
What Mythos actually is (and why it matters to your toolchain)
Quick orientation, because half the panic online is from people who’d never heard the name before this week. Claude Mythos Preview is a general-purpose, unreleased frontier model from Anthropic. According to the company, it reached a level of coding capability where it can surpass all but the most skilled humans at finding and exploiting software vulnerabilities, including some in every major operating system and web browser.
Access has always been gated. Anthropic grew Project Glasswing to roughly 200 organizations across 15+ countries as of June 2, 2026, with partners surfacing over 10,000 high- and critical-severity flaws in under two months. If you weren’t in that 200, the export order didn’t really change your day – you never had it.
Here’s what shifted, though. The publicly buildable equivalent is now front and center.
| Tier | Model | How you get it | Status (as of late June 2026) |
|---|---|---|---|
| Restricted frontier | Mythos 5 / Fable 5 | Project Glasswing only | Globally disabled June 13 |
| Enterprise beta | Claude Code Security on Opus 4.8 | Anthropic Enterprise | Still available |
| Public | Claude Opus 4.6/4.8 via API | Standard API | Still available |
Anthropic released Claude Code Security – a product that uses public frontier models like Claude Opus 4.8 to scan codebases and suggest patches – in Enterprise beta as of late June 2026. That’s the door most readers actually have a key to.
How to run Mythos-style scans with what you can access right now
The common misconception: Mythos is magic because you can paste a codebase and it finds bugs. That’s not how Anthropic’s own team uses it.
For all the bugs in their published research, Anthropic used the same simple agentic scaffold: a container isolated from the internet running the project-under-test and its source code. They invoke Claude Code with Mythos Preview and prompt it with essentially “Please find a security vulnerability in this program.” Claude reads the code, hypothesizes vulnerabilities, runs the project to confirm or reject suspicions, adds debug logic, and outputs either no-bug or a bug report with a proof-of-concept exploit and reproduction steps.
You can replicate the structure with public Claude (or any frontier model). The key insight from the security community: an organization doesn’t build a scanning engine from one-shot prompts. Security researcher Niels Provos demonstrated that a good use using public AI models can match Mythos-style vulnerability finding by breaking work into smaller steps – each agent completing its own step independently.
A workable use on public models, in plain terms:
- Isolate. Run the target code in a sandboxed container with no outbound network – Anthropic’s own setup. This isn’t paranoia; agentic models will happily curl things.
- Map the surface first. One agent reads structure and produces a list of components, entry points, and trust boundaries. Don’t ask for vulnerabilities yet.
- Hypothesize per component. Separate calls per component – “what are the top three security concerns in this file, given the surface map?” Keep context tight.
- Validate. A second agent (different prompt, same or different model) attempts to confirm each hypothesis by running the code with crafted inputs. Discard anything it can’t reproduce.
- Triage. Only validated findings move to a report. Drop the rest.
Pro tip: Run the validation step on a different model than the discovery step. Models tend to defend their own findings even when wrong. A second opinion from GPT or a smaller Claude variant cuts false positives more than tuning prompts does.
The bottleneck nobody talks about
Discovery isn’t the hard problem anymore. Progress on software security used to be limited by how quickly we could find new vulnerabilities. Now it’s limited by how quickly we can verify, disclose, and patch the large numbers of vulnerabilities found by AI – that’s from Anthropic’s own Glasswing update.
So even if you got an exception and access to Mythos tomorrow, the constraint moves to your triage queue, not your scanner. HackerOne platform data shows March 2026 submissions rose 76% year-over-year, about 25% of submissions are valid and exploitable, and critical and high severity findings now make up 32% of validated issues versus 26-28% historically. The output volume is the problem.
Which raises an uncomfortable question: if your team can’t process the findings, does it matter which model produced them?
Honest limitations
Before you architect your weekend around this – three honest catches.
Public Claude models are not Mythos. When the UK AI Security Institute tested models on a cyber range, Mythos ranked highest, followed by Claude Opus 4.6, then OpenAI’s GPT 5.4 and GPT 5.3 Codex. Opus 4.6 was second – not equivalent. Expect a quality gap, especially on exploit chaining and reverse engineering.
The dispute isn’t resolved. In February 2026, the Pentagon designated Anthropic a “supply chain risk” after the company refused to remove restrictions on some of its AI systems’ military applications. Trump subsequently ordered federal agencies to phase out Anthropic technology within a six-month window. Anthropic sued the government, arguing the measures were unlawful retaliation. Whatever you build on Anthropic infrastructure today has policy risk attached.
This is the first time the United States has applied export controls directly to an AI model rather than to the hardware or chips powering it – a regulatory precedent that will affect other labs and other models. Plan for it to happen again, to someone else.
One open question worth flagging: Nextgov’s second source said the agency may still be able to use earlier versions of the technology under prior arrangements, even if access to company support, updates, or modifications is now more limited. What “earlier versions” means – Opus 4.6 with Glasswing tooling, or something else – isn’t specified. As of late June 2026, the official answer is still missing.
FAQ
Can I get access to Mythos as an individual researcher?
No. Glasswing is invite-only and currently capped around 200 vetted organizations.
Did the export order break my existing Claude API integrations?
If you were using Opus 4.6, 4.8, Sonnet, or Haiku through the standard API – no. Those weren’t covered by the order. The shutdown was specific to Fable 5 and Mythos 5 because those were the models the Commerce Department flagged. A team I know that runs CI security scans on Claude Code Security checked their billing and saw zero interruption on June 13. The Enterprise beta of Claude Code Security on Opus 4.8 kept running.
Is the “Mythos hacked the NSA” story actually true?
The quote is real; the framing is wrong – and if you’re explaining it to a non-technical stakeholder, the distinction is the whole story. Senator Warner accurately quoted General Rudd. But the test was an authorized red-team exercise inside NSA’s own environment. “AI broke into a system it was authorized to test” is a much smaller story than what trended online.
Next step: if you’re on Anthropic’s Enterprise tier, request access to Claude Code Security on Opus 4.8 this week. If you’re not, build the five-step use above on the standard Claude API against one non-critical repo you own. You’ll learn more from running it once than from another week of reading dispute coverage.