Photo credit: X/@ReutersAnthropic's advanced artificial intelligence model, Mythos, identified vulnerabilities in highly sensitive and classified US government computer systems during a controlled security testing exercise conducted with American intelligence agencies, according to reports published on June 24.This exercise happened under Project Glasswing, a restricted programme that’s meant to sniff out and help fix weak points in critical software before bad actors can start exploiting them, or even poke around.Officials said the AI system managed to find those vulnerabilities within hours, which in turn underlined how fast frontier style AI models are moving into cybersecurity work and not just research. The results were shared during a Senate hearing, where Senator Mark Warner referenced remarks from a senior US intelligence official about how Mythos performed. Authorities also emphasized that Mythos never actually used the discovered issues, and instead it was only applied as part of a permitted security evaluation.Key TakeawaysAnthropic's Mythos AI participated in a classified US government security test.The testing was conducted under Project Glasswing.Mythos identified vulnerabilities in sensitive government systems within hours.The AI did not exploit or attack any systems.Officials said the exercise was intended to find weaknesses before adversaries could discover them.The development has intensified debate over the cybersecurity implications of advanced AI systems.How Project Glasswing Enabled the AI Security AssessmentThe vulnerability discovery exercise took place under Project Glasswing, a restricted initiative involving Anthropic and US intelligence agencies. As officials say, it was put together to spot and fix weak points in critical software before those same weaknesses could be used by hostile people. Within that setup, Mythos was allowed in to do authorised security testing on classified government systems.The point, though, was not to go in and poke at networks or try to penetrate anything. It was more like checking whether advanced AI models can help security teams find problems faster than the usual approach. Officials framed it as a kind of controlled assessment, meant to reinforce cyber defences across particularly sensitive government infrastructure, not some free-for-all.Why US Agencies Turned to Advanced AI ModelsUS intelligence and security agencies reportedly leaned on Mythos because it could examine software systems and highlight potential weaknesses quickly. The exercise was preventive security, not offensive work. Officials were basically trying to see if frontier AI models could speed up vulnerability detection, and also make the securing process smoother for critical environments.This testing mirrors a wider, growing interest inside government agencies in figuring out how advanced AI tools might fit into cybersecurity. The thinking is that if flaws are found before adversaries stumble onto them first, agencies can lower the risk from cyber threats that are getting more and more complex, especially those aimed at sensitive government networks.How Mythos Identified Vulnerabilities Within HoursOfficials claimed Mythos identified vulnerabilities in classified government systems within just hours after the exercise started. The quick turnaround was, apparently, one of the most talked-about parts of the test. Senator Mark Warner said in a Senate hearing that the information came from a senior US intelligence official who was familiar with the programme.No one publicly shared what the specific vulnerabilities were. Still, the reported results pointed to the model’s capacity to scrutinise systems fast and surface weaknesses. Authorities also said Mythos was acting like a diagnostic tool during the assessment, and that any issues found were meant to be handled through existing cybersecurity processes.Why Officials Emphasised That No Exploitation OccurredGovernment officials were pretty firm that Mythos didn’t exploit any of the vulnerabilities it detected. That distinction matters since the setup was meant to be a security evaluation, not a hacking operation. According to the reporting, the AI model’s job was largely confined to recognising weak spots and then notifying security teams.Officials kept repeating that everything happened inside an authorised, controlled environment. And by stressing that no exploitation happened, authorities tried to clarify that the exercise was centred on defensive cybersecurity. The results were intended to support remediation, not to showcase offensive cyber skills against government systems.How the Findings Were Revealed PubliclyWhat emerged publicly appears tied to reports referencing comments made during a Senate hearing. Senator Mark Warner said that a senior intelligence official had told lawmakers about Mythos’s performance during the security exercise. Those reports suggested the AI model managed to identify vulnerabilities in highly sensitive systems within a relatively short window.Neither the National Security Agency nor Anthropic made public comments about the finer details of the exercise. Even so, the remarks are being seen as one of the clearest signals so far about how advanced AI models are evaluated inside government cybersecurity programmes and the possible reach of their capabilities.Why the Discovery Has Intensified Debate Around AI SecurityThis disclosure has basically added fuel to ongoing debates about what advanced AI means for cybersecurity. Supporters argue that tools like Mythos could help defenders locate vulnerabilities faster and strengthen digital security overall. But the same findings have also put sharper focus on worries about how powerful AI capabilities might be misused if they get broadly available.The reports noted that Anthropic’s ties with the US government have been messy, complicated further by broader disputes over AI oversight and national security. So this newest disclosure landed as part of a bigger conversation, about balancing AI progress, security requirements and risk management.How the Exercise Reflects a Shift in Cybersecurity StrategyThe Project Glasswing assessment also shows how governments are increasingly trying AI-assisted options for cybersecurity. Instead of relying only on conventional testing methods, agencies are exploring whether advanced AI models can surface software weaknesses more efficiently.The Mythos exercise was built to test that idea in a controlled setting, using classified systems. Officials reportedly viewed the programme as a practical chance to understand the real cybersecurity value of frontier AI technologies. Overall, the results suggest governments are actively studying ways AI can be woven into defensive security efforts while still keeping supervision and control over how it’s deployed.Why the Results Matter for Future Cyber Defence PlanningThe result of the Mythos assessment could, in a way, shape upcoming talks about how governments use AI within cybersecurity operations. And by showing that it could spot vulnerabilities pretty fast , the model seemed to offer some evidence that smarter AI systems might turn into useful instruments for unearthing security weaknesses, sooner than before.Officials have said the exercise fits into a wider push for stronger resilience against cyber threats. Even though the reports didn’t lay out clear next steps, the outcomes still point to a rising curiosity around weaving AI into protective security approaches. In practice it gives policymakers and security officials fresh context about what frontier AI systems can do, and what they might do later.Frequently Asked Questions1. What is Mythos? Mythos is an advanced artificial intelligence model built by Anthropic, and it’s used for cybersecurity testing.2. What was Project Glasswing? Project Glasswing is a limited programme, aimed at finding and correcting vulnerabilities in critical software before attackers get the chance to take advantage of them.3. Did Mythos hack classified US systems? No. Officials stated the model only detected vulnerabilities during a sanctioned security assessment, and it didn’t exploit anything.4. How quickly did the AI find vulnerabilities? As described by officials quoted in the reports, Mythos was able to identify vulnerabilities within hours of the testing starting.5. Why is the discovery significant? Because it suggests advanced AI tools may help governments surface and reduce cybersecurity gaps more quickly than traditional methods, at least in some settings.end of article