Anthropic Reportedly Working With NSA Despite Pentagon Blacklist

Anthropic is reportedly working with the US National Security Agency on cyber operations, despite the company remaining under a Pentagon supply-chain-risk designation following a bitter dispute over military use of artificial intelligence.

According to reporting from the Financial Times, Anthropic has embedded around half a dozen engineers inside the NSA to support the agency’s use of Claude Mythos, a cybersecurity-focused AI model said to be suited to advanced offensive cyber work. The engineers are reportedly acting as forward-deployed staff, helping customise and guide the model’s use for specific national security applications.

The arrangement has drawn attention because it appears to sit awkwardly beside the Pentagon’s earlier decision to designate Anthropic as a supply-chain risk. That designation followed a high-profile clash between the company and US defence officials over the limits Anthropic placed on military uses of its Claude models, particularly around autonomous weapons and mass surveillance.

Anthropic has challenged the designation in court, arguing that the move was unlawful and punitive. The company has also maintained that it supports US national security work, including intelligence analysis, planning, modelling, simulation and cyber operations, while opposing specific categories of use it considers unsafe or inappropriate.

The reported NSA arrangement highlights the complicated reality of artificial intelligence inside national security agencies. While one arm of the US defence establishment has restricted Anthropic over supply-chain concerns, another intelligence agency is reportedly seeking access to its most advanced cyber capabilities.

It remains unclear whether Anthropic staff are involved in live cyber operations or whether Claude Mythos is being used in active campaigns. The available reporting suggests the model may be used to assist offensive cyber work, but does not establish whether it has been deployed against live targets.

The NSA’s interest would not be surprising. The agency is responsible for signals intelligence and cyber operations, including activity aimed at foreign adversaries. As AI models become more capable at identifying software vulnerabilities, analysing code, automating reconnaissance and assisting exploit development, intelligence agencies are expected to see them as strategically important tools.

Claude Mythos has attracted attention because of its reported strength in cybersecurity tasks. Anthropic has presented the model as a major step forward in AI-assisted security research, including the ability to identify and exploit complex vulnerabilities under controlled conditions. That capability has obvious defensive applications, such as finding flaws before criminals or foreign states can exploit them. It also has clear offensive implications.

The controversy comes as Washington accelerates its use of AI for national security. The Trump administration has moved to expand AI adoption across intelligence and military domains while also calling for updated policies around autonomous weapons and safeguards against unlawful surveillance. The policy shift reflects growing concern that US rivals will use AI to speed up cyber operations, intelligence analysis and military planning.

Supporters of government access to frontier AI models argue that the United States cannot afford to fall behind adversaries in cyber capability. If China, Iran, Russia or other states are developing or acquiring AI tools for offensive cyber use, US agencies are likely to want comparable or superior systems.

Critics argue that this logic risks pushing private AI companies into increasingly direct roles in military and intelligence operations before the law, oversight structures and ethical limits have caught up. The Anthropic case is particularly sensitive because the company has built much of its public identity around AI safety, risk management and boundaries on harmful use.

That makes the reported NSA relationship politically awkward. Anthropic has objected to certain defence uses of its models, yet is reportedly supporting an intelligence agency using a specialised AI system for offensive cyber activity. The distinction may matter legally and operationally, but it will be difficult for the public to parse.

The case also exposes a deeper policy problem. Frontier AI companies are becoming too important to national security to treat as ordinary software vendors, but too independent and powerful for governments to control easily. Their models may be critical to defence, intelligence, cyber operations, economic competitiveness and infrastructure security. At the same time, these companies retain their own usage policies, safety frameworks and commercial incentives.

For governments, that creates a sovereignty problem. If a military or intelligence agency depends on a private model provider, it may also depend on that provider’s technical decisions, safety restrictions, update schedule and willingness to support particular use cases.

For AI companies, the dilemma runs in the opposite direction. Refusing certain government uses can trigger political retaliation, contract losses or national security accusations. Agreeing to sensitive work can expose them to reputational risk, employee dissent and scrutiny over whether they are helping build tools for surveillance, hacking or warfare.

The Anthropic dispute shows how quickly those tensions can collide.

The Pentagon’s supply-chain-risk designation was unusual because such labels have historically been associated with concerns about foreign influence or adversarial technology. Applying that designation to a major American AI company raised questions about whether procurement law was being used to enforce compliance with military priorities.

Now, the reported NSA work raises a different question: if Anthropic is considered risky enough to be blacklisted by one part of the defence establishment, why is its technology reportedly useful enough to be embedded inside another?

The answer may lie in the fragmented nature of government technology policy. Different agencies have different missions, legal authorities, risk tolerances and operational needs. The Pentagon may see supplier restrictions and model-use limitations as unacceptable. The NSA may see a cutting-edge cyber model as too valuable to ignore.

That does not resolve the contradiction. It makes it more revealing.

The growing role of AI in cyber operations will only intensify these debates. Models that can find vulnerabilities can help secure critical infrastructure, but they can also help attack it. Tools that help analysts understand malware can also help generate it. Systems that assist with defensive patching may also speed up offensive planning.

The boundary between defensive and offensive cyber work has always been thin. AI makes it thinner.

For Australia and other US allies, the Anthropic case will be closely watched. Allied governments are also exploring AI for defence, intelligence and cybersecurity, while relying heavily on US technology providers. The policy choices made in Washington will shape what tools are available, what restrictions apply and how private AI companies participate in national security ecosystems.

The reported NSA use of Claude Mythos is not merely a story about one company and one agency. It is a sign of where AI and state power are heading.

The next generation of cyber conflict will not only be fought by hackers typing commands into terminals. It will increasingly involve AI systems that can read code, detect weaknesses, generate attack paths, assist defenders and compress the time between discovery and action.

That future makes oversight more important, not less.

The central issue is not whether governments should use AI for national security. They already are, and adversaries will too. The harder question is how democratic governments can use these systems without allowing secrecy, urgency and strategic competition to outrun accountability.

Anthropic’s position, blacklisted by the Pentagon while reportedly assisting the NSA, captures the contradiction at the centre of AI security policy. Governments want powerful AI systems, but they also want control. AI companies want to support national security, but they also want boundaries. Intelligence agencies want advantage, but the public deserves oversight.

The technology is moving quickly. The governance is still catching up.

Photo Credit: DepositPhotos.com