Anthropic's security-focused artificial intelligence model 'Mythos Preview' is reported to have found security vulnerabilities in a U.S. government classified system within hours. It was a controlled security test, not an actual hack. The test confirmed that AI can identify flaws quickly even in systems used for national security, drawing industry attention.

On June 24 local time, IT outlet TechRadar reported that U.S. Senator Mark Warner (마크 워너) of Virginia said at a recent congressional hearing that NSA Director Joshua Ludlow (조슈아 러드로) reported that "Mythos infiltrated nearly all classified systems in hours, not weeks."

The test, however, was a controlled security exercise conducted jointly by Anthropic and U.S. intelligence agencies, not a real attack. An anonymous U.S. government official explained that Mythos did not seize actual systems but found security vulnerabilities within hours. That means it identified weaknesses in protected government systems that could be used for attacks in a very short time.

Mythos is a security-specialised AI model that Anthropic unveiled in April. The company did not release the model publicly after judging its ability to detect software vulnerabilities and exploit them to be excessively powerful. Instead, it provides the model on a limited basis only to some major companies and institutions, operating it to find vulnerabilities before hackers and use them for defence.

Companies that have adopted it also rate its performance highly. Mozilla said Mythos compares well with the world's top security researchers. It also said it used the tool to fix and release more than 400 security vulnerabilities found in Firefox in April alone.

Operating results disclosed by Anthropic show a similar pattern. The company said 50 companies using Mythos found more than 10,000 critical or high-risk security vulnerabilities over about two months. It added that multiple companies reported vulnerability detection was more than 10 times faster than before.

A Cloudflare case was also disclosed. According to Anthropic, Cloudflare found 2,000 bugs across key systems using Mythos, including 400 that were high-risk or critical. It said Cloudflare's security team also assessed the false-positive rate as lower than that of human security researchers.

The case shows that generative AI can be used on both the offensive and defensive sides in security. Anthropic is currently not releasing Mythos to the public and provides it only to a limited set of customers. But as the results of a test targeting U.S. government classified systems become known, interest is also growing in how AI security models should be used and controlled.

The industry expects more cases in which Mythos is used to check security vulnerabilities and strengthen defence systems at companies and government agencies, while maintaining its limited distribution policy.