The Scramble to Tackle AI National Security Risks

Save
The Scramble to Tackle AI National Security Risks
Illustration by The Epoch Times, Getty Images, Shutterstock
Illustration by The Epoch Times, Getty Images, Shutterstock
Updated:

WASHINGTON—As artificial intelligence grows in power and scope, it may be threatening critical U.S. intelligence.

Alarm has mounted on Capitol Hill in recent weeks amid claims that frontier AI models have shown the capacity to breach highly encrypted classified systems. However, some cybersecurity experts have said the threat may be overstated—at least for now.

At a Senate hearing on June 11, Senate Intelligence Committee Vice Chair Mark Warner (D-Va.) recounted being notified by the National Security Agency (NSA) that the Mythos AI model, developed by Anthropic, “broke into almost all of our classified systems, not in weeks, but in hours.”

Neither the NSA nor Anthropic responded to requests for comments about Warner’s statements about Mythos—but other top lawmakers who spoke with The Epoch Times signaled concern.

“I’ve been briefed on Mythos’s capability and the way our elements of the intelligence community are thinking about it, and it is very, very serious,” House Intelligence Committee Ranking Member Jim Himes (D-Conn.) told The Epoch Times on June 23.

image-6058712

If accurate, Warner’s claims could signal a paradigm shift for the cybersecurity field and the protection of highly sensitive U.S. national security secrets.

Warner’s and Himes’s comments add to a growing debate about how to regulate AI and address its impact on cybersecurity.

Some parts of the government are already acting.

image-6058706
image-6058699
(Left) Sen. Mark Warner (D-Va.), vice chairman of the Senate Intelligence Committee, walks through the U.S. Capitol on May 19, 2026. Warner said on June 11 that Anthropic's Mythos AI model broke into classified computer systems in minutes. (Right) Rep. Jim Himes (D-Conn.) speaks to reporters at the U.S. Capitol on March 5, 2026. Himes and other lawmakers are raising the alarm about frontier AI models such as Anthropic's Mythos 5. Kevin Dietsch/Getty Images, Allison Robbert/AP
Anthropic announced on June 12 that it had received an export control directive from the U.S. government to suspend all access to its Fable 5 and Mythos 5 AI models by foreign nationals, whether inside or outside the United States. The directive includes Anthropic’s own employees.

Anthropic went further, disabling access to Fable 5 and Mythos 5 for all users.

Still, the AI developer questioned the government’s basis for the export control directive.

A group of Democratic and Republican lawmakers sent a letter to Commerce Secretary Howard Lutnick on June 18 seeking more clarity on the decision.

On June 30, Anthropic announced the Commerce Department had dropped its export controls on the Mythos 5 and Fable 5 models. Anthropic has since restored public access to Fable 5, and restarted a program that allowed a limited group of organizations and government agencies to utilize the Mythos 5 model.
image-6058711
The Pentagon previously designated Anthropic a supply chain risk in a decision that was initially blocked by a judge but upheld by an appeals court.
On June 22, the cybersecurity branch of the Five Eyes intelligence-sharing alliance—which includes Australia, Canada, New Zealand, the UK, and the United States—issued a warning about the rising potential for AI-driven cyberattacks. They wrote that “the evolving landscape of artificial intelligence ... is rapidly transforming cyber risk, and we must act swiftly to remain ahead.”

U.S. lawmakers are continuing to ask questions about the Anthropic AI models, as well as how they compare with the most advanced AI capabilities of America’s leading competitors.

image-6058702
Pages from the Anthropic website and the company's logo are displayed on a computer screen in New York City on Feb. 26, 2026. Anthropic's highly advanced Mythos 5 and Fable 5 models have caused concern on Capitol Hill, leading to restrictions on the models. Patrick Sison/AP/File

Himes said he was recently briefed that Chinese AI capabilities are approximately six months behind those of the United States.

“We have six months right now to think about how we get our defenses built, and when I say we, I mean the government, I mean the financial sector, I mean corporations, I mean email—you name it, have huge vulnerabilities to all of those systems,” he said.

Sen. Mike Rounds (R-S.D.), who serves on the Senate Armed Services and Intelligence Committees, told The Epoch Times that the United States needs to stay at the forefront of AI development as competition mounts.

“The development of AI is not going to stop. We’ve got to be on the forefront of it. Our adversaries are pushing very, very hard,” he said, noting that he had been briefed on Mythos.

image-6058705
Sen. Mike Rounds (R-S.D.) participates in a Senate Intelligence Committee hearing on worldwide threats, in Washington on March 18, 2026. Rounds says the United States needs to stay at the forefront of AI development as competition mounts. Kevin Dietsch/Getty Images

A Tool for Finding Weakness

Mythos 5 and Fable 5 are two variations of the same underlying AI model.

Fable 5 was the version prepared for the general public’s use, albeit with several guardrails to constrain its dissemination of high-risk information.

Mythos 5 has fewer of these information guardrails, but was tested with a limited number of users in a controlled effort known as Project Glasswing.

In a controlled rollout in April, Anthropic noted that AI models such ase Mythos find and exploit software vulnerabilities.

image-6058714

“Mythos Preview has already found thousands of high-severity vulnerabilities, including some in every major operating system and web browser. Given the rate of AI progress, it will not be long before such capabilities proliferate, potentially beyond actors who are committed to deploying them safely,” Anthropic said at the time.

In Project Glasswing, a limited set of users prompted Mythos 5 to parse troves of code to identify vulnerabilities that could be exploited by harmful actors.

In its June 12 statement, Anthropic said it had received few details about the export control directive concerning Mythos 5 and Fable 5. The AI developer said its understanding was that the U.S. government identified a means to “jailbreak” Fable 5, bypassing its guardrails.

image-6058701
Anthropic co-founder and president Daniela Amodei (L) speaks with the CEO of AI platform Snowflake, Sridhar Ramaswamy, during the keynote presentaton at Snowflake Summit 26 in San Francisco on June 1, 2026. The Pentagon has designated Anthropic, which partners with Snowflake, a supply chain risk. Jeff Chiu/AP

Such a “jailbreak” could theoretically allow Fable 5 users access to some of the same capabilities exhibited by Mythos 5, such as finding exploitable software vulnerabilities.

In an interview with The Epoch Times, Marpole.ai founder Dmitri Maxim raised the prospect of an AI model gradually mapping out the infrastructure of a secure network and devising a complex plan to attack it.

“It digests millions of pages of unrelated infrastructure configuration and instantly calculates how these microscopic, trivial bugs interact, and chains them together into catastrophic automated attack paths that grant full system administrative control,” Maxim said.

Skepticism Follows Claims AI Breached Classified Systems

Yet some cybersecurity professionals have expressed skepticism about advanced AI models breaching classified U.S. networks.

Dahvid Schloss, who is the chief operating officer at cybersecurity service Suzu Labs and served in the U.S. Air Force as an offensive cyber operator supporting U.S. Special Operations Forces, questioned Warner’s claim that an AI model simply broke into secure U.S. systems.

Classified U.S. government networks, such as those used by the military and intelligence community, are specifically designed to be compartmented from public-facing networks. Highly advanced encryption devices, known as TACLANEs, are used to manage the flow of sensitive data over unclassified networks.

image-6058710

Schloss posited that Mythos was deliberately introduced into a secure network, which he said is different from the AI model gaining entry to the network from the outside.

“Once you’re inside of a network, that’s the easy part. It’s going from the outside in that is the most difficult,” he told The Epoch Times.

image-6058707
A U.S. Air Force airman checks wiring and system operations in an electronics closet near a transmission tower at Joint Base Charleston in Charleston, S.C., on June 13, 2025. A cybersecurity analyst says he is skeptical that AI models could gain entry from the outside into classified government systems such as those used by the military. Airman 1st Class Adriana Jordan-Alcañiz/U.S. Air Force

Schloss said he’d never heard of a TACLANE being breached in his years of working with classified cyber systems and was doubtful an AI model could do so as a means to gain further entry into a classified network.

Michael Lopez Chiesa, a former U.S. Army cybersecurity specialist turned independent cybersecurity consultant, was similarly skeptical that an AI model simply gained entry into a classified system from the outside. In the context of Project Glasswing, he said, it’s more likely that the AI model was deliberately introduced to a secure network to study its capabilities in that setting.

“We basically gave them the keys to the kingdom, and we’re surprised that they found the front door,” he told The Epoch Times.

On June 24, Sen. John Cornyn (R-Texas), another member of the Intelligence Committee member, told The Epoch Times he hoped to “get to the bottom” of the Mythos claims and expert skepticism through a classified briefing at some point.

image-6058700
Sen. John Cornyn (R-Texas), speaks with reporters at the U.S. Capitol on May 20, 2026. Cornyn, a Senate Intelligence Committee member, said he wants to get to the bottom of claims that Anthropic's Mythos AI model can breach classified systems. J. Scott Applewhite/AP

Automation Could Scale Attacks

Although there are doubts about AI models simply breaching secure networks and highly encrypted data flows, AI’s potential for automating and scaling up processes could strengthen other techniques malicious actors use to steal secrets and wreak havoc.

In February, Anthropic accused three of China’s leading AI developers of attempting to train their models with Anthropic’s Claude chatbot in what is known as a “distillation” attack.
image-6058715

Anthropic said the three Chinese AI developers—DeepSeek, Moonshot AI, and MiniMax—used 24,000 fraudulent accounts to submit more than 16 million prompts to Claude. These Chinese AI developers could use the outputs from the prompts to refine their own models.

AI models can also expedite what are known as supply-chain attacks.

In a supply-chain attack, a malicious actor attempts to slip a segment of exploitable code into a targeted open-source codebase shared by other users. If that exploitable code is added to a targeted codebase, a malicious actor may exploit the flawed code, bypassing a downstream user’s cyber defenses.

image-6058703
The DeepSeek app is displayed on a phone screen in this photo illustration. Anthropic has accused DeepSeek and other Chinese AI developers of attempting to train their models using its Claude chatbot. Oleksii Pydsosonnii/The Epoch Times

For a supply chain attack like this to succeed, a piece of exploitable code would have to pass review before it’s accepted into the larger open-source codebase. Lopez Chiesa said AI could automate this process until an exploitable piece of code finally passes review.

“AI lets you write that one line of code, and you can try that a million times in a billion different ways, because it’ll just go through and try everything,” Lopez Chiesa said. “You don’t have to touch it at all. You give it the objective, and it will do it until it dies.”

Keeping Up With Evolving AI Threats

As the capabilities of AI continue to grow, policymakers and cybersecurity experts will have to make a concerted effort to adjust to new challenges.

Branden McIntyre spent years developing network infrastructure for companies such as Cisco and Rakuten. Now, as a co-founder of Trussed.ai, he helps organizations implement tools to control how AI models interact with sensitive data and systems.

In an interview with The Epoch Times, McIntyre explained that users often aren’t able to monitor what information is flowing into and out of the AI models they use. He also raised the concern that many workers may turn to AI models to keep pace with their workflows without always being mindful of the potentially sensitive information they’re feeding into these constantly learning models.

Many AI developers may attempt to implement guardrails within their models, but McIntyre warned this isn’t a universal solution.

image-6058704
The United Nations Security Council meets on the impacts of cyber threats on international peace and security, at U.N. headquarters in New York City on June 20, 2024. The Five Eyes intelligence-sharing alliance, which includes the United States, Australia, Canada, New Zealand, and the UK, recently issued a warning about the rising potential for AI-driven cyberattacks. Yuki Iwamura/AFP via Getty Images

“Most models have been focused on internal guardrails, and it’s kind of patchy across the board, right? So one company will have a guardrail for one thing, another company will have a guardrail for another thing. There’s not a whole lot of overlap,” McIntrye said.

McIntyre recommends organizations implement external guardrail products, such as those developed by Trussed.ai, that can sit between an organization’s sensitive data and the AI models it uses to regulate what information flows into these models.

The June 22 Five Eyes warning about AI lists practical steps organizations can take to limit their exposure, including limiting access to sensitive systems, accelerating the speed at which vulnerabilities are fixed, and implementing layers of defensive measures in IT systems.

McIntyre said the advice from the Five Eyes cybersecurity chiefs isn’t new. Instead, he said the advisory highlights “the fact, with AI, things move a lot quicker.”

“You cannot make the same assumptions you used to five years ago, around when you patch things and what’s actually a vulnerability and what’s not a vulnerability, because AI can test everything at once incredibly quickly with variations like we’ve never been able to have before,” he said.

AD