Anthropic AI test reportedly found classified system flaws

Anthropic test report adds urgency to the AI security debate

A new report from Fast Company, citing an anonymous U.S. official and remarks made during a Senate hearing, says one of Anthropic’s advanced AI models identified vulnerabilities in highly sensitive U.S. government computer systems during a testing exercise. If accurate, the episode would mark a significant moment in the debate over how frontier AI systems should be evaluated, controlled, and deployed in national security settings.

According to the report, Anthropic worked with U.S. intelligence agencies in a test involving the company’s Mythos model. The official said the model found certain vulnerabilities within hours. The same source also said that finding weaknesses quickly did not mean the model had exploited them in that time. That distinction matters: identifying a possible path into a system is not the same thing as carrying out an intrusion. Even so, the claim is notable because it suggests that advanced AI systems may already be useful for high-speed vulnerability discovery against some of the most sensitive digital environments in government.

The report ties the exercise to an Anthropic initiative called Project Glasswing, described as an effort to bring together major companies and other organizations to secure critical software against severe risks to public safety, national security, and the economy. That framing places the test in a broader context. AI firms and governments are no longer discussing cybersecurity risk as a hypothetical future issue. They are building processes around the possibility that highly capable models can compress the time needed to discover flaws, map system weaknesses, and lower the expertise required to perform parts of offensive cyber work.

What is confirmed, and what is not

The strongest caution in this story is the sourcing. The central claims come from an anonymous official speaking about classified or highly sensitive matters. Fast Company also reports that Democratic Sen. Mark Warner referenced the exercise during a June 11 hearing before the Senate Committee on Banking, Housing, and Urban Affairs, saying the tool broke into almost all classified systems “not in weeks but in hours,” and attributing that characterization to the head of the National Security Agency and U.S. Cyber Command, Gen. Joshua Rudd.

But neither the NSA nor Anthropic publicly confirmed the details in the report. The NSA declined comment by email, according to the article, and an Anthropic spokesperson also declined to comment. That leaves the public record in an unusual place: the broad existence of concern appears supported by a public hearing reference, but the specifics remain only partially illuminated. It would be premature to treat the reported results as a fully established account of what happened inside classified networks.

Still, even as an incompletely sourced report, the story matters because it lines up with a wider policy shift now underway. Governments increasingly view the most advanced AI models as dual-use systems. They can support research, coding, and analysis, but they can also amplify cyber offense, biosecurity risk, disinformation operations, and strategic instability if they are too widely accessible or too lightly tested.

Why the timing matters

The reported exercise comes during a period of visible tension between Anthropic and the Trump administration. Fast Company says Anthropic has raised concerns about how the U.S. military would use its AI systems, while the administration has restricted the use of some Anthropic models. Earlier in June, the administration issued a directive requiring Anthropic to prevent foreign nationals from using its latest models, Fable 5 and Mythos 5. Anthropic then disabled the models for all customers to comply, while also saying it did not believe the government’s actions were warranted by the security issue it had flagged.

That sequence highlights one of the defining contradictions of the current AI moment. Governments want frontier labs to help them test defenses, surface vulnerabilities, and strengthen critical infrastructure. At the same time, those governments are increasingly willing to limit access to the same models out of concern that they could be used by adversaries or proliferate dangerous capabilities. The result is a push-and-pull relationship in which AI companies are both strategic partners and regulated risk actors.

The White House move cited in the report adds another layer. Ten days before the directive to Anthropic, President Donald Trump signed an executive order establishing a framework for the federal government to vet national security risks posed by the most advanced AI systems for up to a month before their public release, with participation by developers described as voluntary. That suggests Washington is trying to build a screening regime before model launches, not just a response mechanism afterward.

Cybersecurity is becoming a stress test for frontier models

The deeper significance of the report is not limited to one company or one alleged test outcome. It points to cybersecurity as one of the clearest real-world benchmarks for frontier model capability. A model that can rapidly analyze configurations, identify likely weak points, and reason through attack chains could become a powerful defensive assistant. The same abilities could also sharpen offensive operations if misused.

That is why claims like these are likely to influence export controls, access restrictions, and evaluation standards. If policymakers believe a model can materially improve the speed or scale of cyber intrusion work, they will push for tighter release controls and more rigorous predeployment testing. If companies believe governments may overreact to preliminary findings, they will push back on broad restrictions that limit legitimate use and global competitiveness.

Fast Company also reports that a group of cybersecurity executives asked the administration to lift its directive, arguing that the move could help U.S. adversaries. That argument reflects another fault line in AI governance: restricting access can reduce some risks, but it can also slow the diffusion of defensive capability among trusted researchers, companies, and allied institutions. In cyber policy, limiting tools is never cost-free.

What to watch next

The next important development will be whether any part of the reported testing record is publicly substantiated. If agencies, lawmakers, or Anthropic release more detail, the discussion could quickly shift from speculation to precedent. That would affect not only Anthropic, but also how other model developers design red-team exercises, classify dangerous capabilities, and negotiate with governments before major releases.

For now, the report stands as a credible signal rather than a complete public case file. Even in that limited form, it underscores how rapidly AI security questions are moving from theory into operational testing. The central issue is no longer whether advanced models can matter in cybersecurity. It is how governments and labs will measure that capability, contain its risks, and decide who gets access before the next generation of systems arrives.

This article is based on reporting by Fast Company. Read the original article.