An advanced artificial intelligence model developed by Anthropic identified vulnerabilities in highly sensitive US government computer systems within hours during a recent cybersecurity testing exercise, highlighting both the capabilities and risks associated with rapidly evolving AI technology.
The testing was conducted through Anthropic’s Project Glasswing initiative, a programme designed to evaluate how powerful AI systems can be used to strengthen cyber defenses while assessing potential threats to national security and critical infrastructure. According to a US official familiar with the exercise, the company worked closely with intelligence agencies to test its restricted-access model known as Mythos.
The official, speaking anonymously, said the AI was able to detect weaknesses across classified government networks in a matter of hours. While the system successfully identified vulnerabilities, officials stressed that finding security flaws does not necessarily mean the model could immediately exploit them.
The exercise attracted public attention after Democratic Senator Mark Warner of Virginia referenced the findings during a Senate Committee on Banking, Housing, and Urban Affairs hearing on June 11. Warner said information provided by the head of the National Security Agency and US Cyber Command indicated that the AI tool had penetrated nearly all classified systems tested, accomplishing in hours what traditionally could take weeks.
The results have intensified debate in Washington over how advanced AI systems should be managed and regulated. Anthropic has maintained a cooperative relationship with US government agencies on security research, but tensions have emerged between the company and the Trump administration over the deployment of its most powerful models.
Earlier this month, the administration issued a directive requiring Anthropic to restrict access to its latest AI systems, known as Fable 5 and Mythos 5, for foreign users. The order followed President Donald Trump’s executive action establishing a framework for reviewing national security risks associated with cutting-edge AI technologies before they are publicly released.
Anthropic responded by limiting access to certain models, though the company questioned whether the government’s restrictions were necessary. The firm has argued that concerns about cybersecurity risks should be balanced against the benefits AI can provide in strengthening digital defenses.
The directive has also drawn criticism from the technology sector. More than 100 cybersecurity specialists and executives from major technology companies, including Adobe and Nvidia, have signed a letter urging the government to reconsider the restrictions.
The group acknowledged that Anthropic’s models are highly effective at identifying software vulnerabilities and simulating cyberattacks. However, they argued that similar capabilities exist in other advanced AI systems and warned that limiting access to leading defensive technologies could weaken US cybersecurity efforts at a time when rival nations are investing heavily in artificial intelligence.
The debate reflects growing concerns over how governments and technology companies can balance innovation, security and competition as increasingly powerful AI systems reshape the cybersecurity landscape.
