Skip to content
News Incident

NSA director told Senate Intel that Mythos autonomously breached classified systems in hours, reshaping Fable 5 ban

· by Pondero Newsdesk

The short version

Reporting from The Economist circulating June 21 reveals NSA Director Gen. Joshua Rudd told Sen. Mark Warner that Anthropic's Mythos 5 breached nearly all NSA classified systems in a classified red-team exercise on June 11, one day before the export control directive arrived. The disclosure reframes the ban as an autonomous offensive-AI capability question, not a narrow jailbreak dispute.

NSA director told Senate Intel that Mythos autonomously breached classified systems in hours, reshaping Fable 5 ban

The Economist published reporting on June 21 revealing that NSA Director Gen. Joshua Rudd told Sen. Mark Warner in a Senate Intelligence Committee briefing on June 11 that Anthropic's Mythos 5 had autonomously breached nearly all of the NSA's classified systems in a controlled red-team exercise. Not over weeks. In hours. The disclosure arrived one day before the Commerce Department export control directive that took Fable 5 and Mythos 5 offline globally on June 12.

What the testimony described

Per reporting in The Economist, Gen. Rudd, who leads both the NSA and US Cyber Command, told the Senate Intelligence Committee on June 11 that Mythos, operating in a classified authorized red-team exercise, breached nearly all NSA classified systems in hours. Sen. Warner has since referenced the testimony publicly. The Economist's editors noted that the account depended on Mythos working alongside other tools under specific conditions and should not be read as a standalone capability claim. That caveat does not diminish the central finding: a US government-conducted test produced results alarming enough to brief the Senate Intelligence Committee the day before Commerce acted.

Anthropic's public statement on the directive, issued June 12, characterized the government's stated concern as a narrow, non-universal jailbreak. Per Anthropic: the technique "essentially consists of asking the model to read a specific codebase and fix any software flaws." The company reviewed the reported jailbreak and concluded the capability was "widely available from other models" and used daily by security defenders. That characterization may accurately describe the specific jailbreak demonstration submitted to Commerce. It does not describe what the NSA's own red-team exercise found using the full Mythos model.

Two models, one set of weights

Fable 5 and Mythos 5 share the same underlying model weights. Per Anthropic's own launch announcement, what separates the two is not capability but architecture. Fable 5 routes all user requests through safety classifiers covering offensive cybersecurity, biology and life sciences, chemistry, and model distillation. When a query triggers a classifier, the model hands the request to Claude Opus 4.8 rather than responding directly. Mythos 5 runs the same model without those classifiers, available only to vetted Project Glasswing partners in cybersecurity and critical infrastructure.

Per TechTimes citing Anthropic's documentation, the classifiers trigger in fewer than 5% of Fable 5 sessions. Anthropic's position is that those safeguards make Fable 5 safe for general commercial deployment. The government's position, sharpened by the Rudd testimony, is that a model capable of this classification of autonomous capability is not made safe by a classifier that intercepts one in twenty requests.

The Executive Order reframes the timeline

Separate from the testimony, the full text of the White House's June 2, 2026 Executive Order on AI Innovation and Security published at whitehouse.gov clarifies the structural policy demand the government was already moving to enforce.

Section 3 of that order tasked the NSA, Treasury, and CISA with building a voluntary pre-release review framework under which AI developers would give the federal government up to 30 days of access to "covered frontier models" before releasing them to other trusted partners. The deadline for that framework: August 1, 2026, 60 days from the order's signing. Anthropic launched Fable 5 on June 9, seven days after that EO, with no government pre-brief.

Per TechTimes' analysis, the June 12 export control directive, under this reading, was not simply a reaction to an alleged jailbreak. It was the mechanism through which the administration enforced participation in the pre-release access framework the EO had just mandated. A jailbreak patch addresses a narrow technical claim. Joining the pre-release review framework addresses the structural policy demand. These are not the same negotiation and do not resolve on the same timeline.

Why it matters

The Rudd testimony changes the terms of the public debate in two directions at once.

First, it validates the government's intervention on a basis that has nothing to do with whether Anthropic's jailbreak characterization is accurate. Even if Anthropic is correct that the specific disclosed jailbreak was narrow and non-universal, the NSA's own red-team exercise produced results that were independently alarming enough to brief a sitting Senate committee chairman the day before action. The government did not need the jailbreak to be universal to act. It needed its own evaluation to be alarming, and per Rudd's testimony, it was.

Second, it makes the restoration path more complex than Anthropic's public framing has suggested. Anthropic has positioned the dispute as a technical misunderstanding resolvable by demonstrating that its safeguards are stronger than the government's cited example. The Rudd testimony suggests the government's concern is the underlying model capability, which classifiers address only partially. Anthropic's identity verification policy, effective July 8, 2026, provides a separate path: by verifying US citizenship, Anthropic could open Fable 5 to domestic users without the Commerce Department formally lifting the directive. Per TechTimes, the July 8 date suggests Anthropic is planning a structured, phased restoration rather than an overnight reactivation.

For every other frontier AI lab, the precedent is structural. The Export Control Reform Act of 2018 has now been applied to the API of a commercially deployed AI model. Any model accessible to foreign nationals over an API is potentially a controlled dual-use export subject to a government shutdown order with, per Anthropic's own statement, as little as a few hours of notice.

What to watch next

Three milestones carry the most weight. First, whether Anthropic issues a formal public response to the Rudd testimony and The Economist's reporting, either confirming or contesting the red-team findings. Second, whether the August 1 deadline for the pre-release review framework produces a published voluntary agreement that names Anthropic as a participant. Third, whether Fable 5 is restored before or after July 8, which would reveal whether the restoration path runs through the identity verification system, the pre-release framework, or some separate diplomatic agreement between Anthropic and the White House.

The June 22 expiration of the free trial Anthropic extended to paid subscribers when the ban began adds a fourth near-term pressure point. Subscribers who paid for access to a model they could not use for ten days are now past the window Anthropic set.

Sources