NSA is using Anthropic's Mythos despite blacklist

Original Article ↗ Hacker News Discussion ↗

Government Use vs. Blacklist

  • Commenters say it’s unsurprising NSA would use a powerful model even if DoD labeled Anthropic a “supply chain risk”; the surprise is that it became public.
  • Some argue this shows the designation was political or tactical, not technical: one part of government calls it a risk while another quietly uses it.
  • Unclear whether the SecDef’s designation is legally binding on NSA, given its reporting lines and overlapping authorities.

Trust, Legality, and Hypocrisy

  • Many express deep distrust of US intelligence agencies, citing a long history of surveillance overreach and law‑skirting behavior.
  • Several view this as yet another example of government hypocrisy or “lawlessness”: declaring a vendor too risky while exploiting its tools anyway.
  • Others note different branches and leaders have competing priorities; inconsistent actions don’t always equal deliberate lying.

Mythos Capabilities & Hype Debate

  • One camp sees Mythos / Glasswing as heavily marketed “too dangerous to release” hype and artificial scarcity, similar to prior AI launches.
  • The opposing camp insists Mythos is genuinely different, pointing to:
    • Reports of a surge in real bug and vulnerability findings (e.g., in cURL and other OSS).
    • Claims that Mythos can autonomously triage, prove, and exploit vulnerabilities at scale.
  • Some argue these results are not independently reproducible yet and could still be marketing; others highlight Anthropic’s use of vulnerability-hash commitments as evidence.

Security & Software Ecosystem Impacts

  • Multiple commenters focus less on Mythos itself and more on what increasingly capable code-focused models imply:
    • Compute can substitute for human security researchers, driving a “tsunami” of bug reports.
    • Open vs. closed source security models may need to change, as disassembly plus strong models reduce obscurity benefits.
  • There is concern about nation-states targeting model weights as high‑value cyber “munitions.”

Anthropic–Pentagon Dispute

  • Some interpret the “supply chain risk” label as retaliation because Anthropic wanted its usage terms respected, including moral/mission constraints.
  • Others relay a government-side narrative: case‑by‑case waivers and potential “poison pill” behavior were operationally unacceptable for defense use.
  • Overall, the dispute is seen as a power struggle over who sets limits: sovereign governments vs. private AI providers.

Broader AI, Power, and Surveillance Concerns

  • Several worry this accelerates a surveillance state with AI “oracles” enabling pre‑crime–style systems.
  • Others accept or even endorse intelligence agencies having access to the strongest models, prioritizing national security over civil-liberties concerns.