The Scramble to Tackle AI National Security Risks

By Ryan Morgan
Ryan Morgan
Ryan Morgan
Ryan Morgan is a reporter for The Epoch Times focusing on military and foreign affairs.
and Nathan Worcester
Nathan Worcester
Nathan Worcester
Senior Reporter
Nathan Worcester is an award-winning journalist for The Epoch Times based in Washington, D.C. He frequently covers Capitol Hill, elections, and the ideas that shape our times. He has also written about energy and the environment. Nathan can be reached at nathan.worcester@epochtimes.us
July 10, 2026Updated: July 10, 2026

WASHINGTON—As artificial intelligence grows in power and scope, it may be threatening critical U.S. intelligence.

Alarm has mounted on Capitol Hill in recent weeks amid claims that frontier AI models have shown the capacity to breach highly encrypted classified systems. However, some cybersecurity experts have said the threat may be overstated—at least for now.

At a Senate hearing on June 11, Senate Intelligence Committee Vice Chair Mark Warner (D-Va.) recounted being notified by the National Security Agency (NSA) that the Mythos AI model, developed by Anthropic, “broke into almost all of our classified systems, not in weeks, but in hours.”

Neither the NSA nor Anthropic responded to requests for comments about Warner’s statements about Mythos—but other top lawmakers who spoke with The Epoch Times signaled concern.

“I’ve been briefed on Mythos’s capability and the way our elements of the intelligence community are thinking about it, and it is very, very serious,” House Intelligence Committee Ranking Member Jim Himes (D-Conn.) told The Epoch Times on June 23.

If accurate, Warner’s claims could signal a paradigm shift for the cybersecurity field and the protection of highly sensitive U.S. national security secrets. 

Warner’s and Himes’s comments add to a growing debate about how to regulate AI and address its impact on cybersecurity.

Some parts of the government are already acting.

Anthropic announced on June 12 that it had received an export control directive from the U.S. government to suspend all access to its Fable 5 and Mythos 5 AI models by foreign nationals, whether inside or outside the United States. The directive includes Anthropic’s own employees.

Anthropic went further, disabling access to Fable 5 and Mythos 5 for all users. 

Still, the AI developer questioned the government’s basis for the export control directive.

A group of Democratic and Republican lawmakers sent a letter to Commerce Secretary Howard Lutnick on June 18 seeking more clarity on the decision.

On June 30, Anthropic announced the Commerce Department had dropped its export controls on the Mythos 5 and Fable 5 models. Anthropic has since restored public access to Fable 5, and restarted a program that allowed a limited group of organizations and government agencies to utilize the Mythos 5 model.

The Pentagon previously designated Anthropic a supply chain risk in a decision that was initially blocked by a judge but upheld by an appeals court.

On June 22, the cybersecurity branch of the Five Eyes intelligence-sharing alliance—which includes Australia, Canada, New Zealand, the UK, and the United States—issued a warning about the rising potential for AI-driven cyberattacks. They wrote that “the evolving landscape of artificial intelligence … is rapidly transforming cyber risk, and we must act swiftly to remain ahead.”

U.S. lawmakers are continuing to ask questions about the Anthropic AI models, as well as how they compare with the most advanced AI capabilities of America’s leading competitors.

Himes said he was recently briefed that Chinese AI capabilities are approximately six months behind those of the United States.

“We have six months right now to think about how we get our defenses built, and when I say we, I mean the government, I mean the financial sector, I mean corporations, I mean email—you name it, have huge vulnerabilities to all of those systems,” he said.

Sen. Mike Rounds (R-S.D.), who serves on the Senate Armed Services and Intelligence Committees, told The Epoch Times that the United States needs to stay at the forefront of AI development as competition mounts.

“The development of AI is not going to stop. We’ve got to be on the forefront of it. Our adversaries are pushing very, very hard,” he said, noting that he had been briefed on Mythos.

A Tool for Finding Weakness

Mythos 5 and Fable 5 are two variations of the same underlying AI model.

Fable 5 was the version prepared for the general public’s use, albeit with several guardrails to constrain its dissemination of high-risk information.

Mythos 5 has fewer of these information guardrails, but was tested with a limited number of users in a controlled effort known as Project Glasswing.

In a controlled rollout in April, Anthropic noted that AI models such ase Mythos find and exploit software vulnerabilities.

“Mythos Preview has already found thousands of high-severity vulnerabilities, including some in every major operating system and web browser. Given the rate of AI progress, it will not be long before such capabilities proliferate, potentially beyond actors who are committed to deploying them safely,” Anthropic said at the time.

In Project Glasswing, a limited set of users prompted Mythos 5 to parse troves of code to identify vulnerabilities that could be exploited by harmful actors.

In its June 12 statement, Anthropic said it had received few details about the export control directive concerning Mythos 5 and Fable 5. The AI developer said its understanding was that the U.S. government identified a means to “jailbreak” Fable 5, bypassing its guardrails.

Such a “jailbreak” could theoretically allow Fable 5 users access to some of the same capabilities exhibited by Mythos 5, such as finding exploitable software vulnerabilities.

In an interview with The Epoch Times, Marpole.ai founder Dmitri Maxim raised the prospect of an AI model gradually mapping out the infrastructure of a secure network and devising a complex plan to attack it.

“It digests millions of pages of unrelated infrastructure configuration and instantly calculates how these microscopic, trivial bugs interact, and chains them together into catastrophic automated attack paths that grant full system administrative control,” Maxim said.

Skepticism Follows Claims AI Breached Classified Systems

Yet some cybersecurity professionals have expressed skepticism about advanced AI models breaching classified U.S. networks.

Dahvid Schloss, who is the chief operating officer at cybersecurity service Suzu Labs and served in the U.S. Air Force as an offensive cyber operator supporting U.S. Special Operations Forces, questioned Warner’s claim that an AI model simply broke into secure U.S. systems.

Classified U.S. government networks, such as those used by the military and intelligence community, are specifically designed to be compartmented from public-facing networks. Highly advanced encryption devices, known as TACLANEs, are used to manage the flow of sensitive data over unclassified networks.

Schloss posited that Mythos was deliberately introduced into a secure network, which he said is different from the AI model gaining entry to the network from the outside.

“Once you’re inside of a network, that’s the easy part. It’s going from the outside in that is the most difficult,” he told The Epoch Times.

Schloss said he’d never heard of a TACLANE being breached in his years of working with classified cyber systems and was doubtful an AI model could do so as a means to gain further entry into a classified network.

Michael Lopez Chiesa, a former U.S. Army cybersecurity specialist turned independent cybersecurity consultant, was similarly skeptical that an AI model simply gained entry into a classified system from the outside. In the context of Project Glasswing, he said, it’s more likely that the AI model was deliberately introduced to a secure network to study its capabilities in that setting.

“We basically gave them the keys to the kingdom, and we’re surprised that they found the front door,” he told The Epoch Times.

On June 24, Sen. John Cornyn (R-Texas), another member of the Intelligence Committee member, told The Epoch Times he hoped to “get to the bottom” of the Mythos claims and expert skepticism through a classified briefing at some point.

Automation Could Scale Attacks

Although there are doubts about AI models simply breaching secure networks and highly encrypted data flows, AI’s potential for automating and scaling up processes could strengthen other techniques malicious actors use to steal secrets and wreak havoc.

In February, Anthropic accused three of China’s leading AI developers of attempting to train their models with Anthropic’s Claude chatbot in what is known as a “distillation” attack.

Anthropic said the three Chinese AI developers—DeepSeek, Moonshot AI, and MiniMax—used 24,000 fraudulent accounts to submit more than 16 million prompts to Claude. These Chinese AI developers could use the outputs from the prompts to refine their own models.

AI models can also expedite what are known as supply-chain attacks.

In a supply-chain attack, a malicious actor attempts to slip a segment of exploitable code into a targeted open-source codebase shared by other users. If that exploitable code is added to a targeted codebase, a malicious actor may exploit the flawed code, bypassing a downstream user’s cyber defenses.

For a supply chain attack like this to succeed, a piece of exploitable code would have to pass review before it’s accepted into the larger open-source codebase. Lopez Chiesa said AI could automate this process until an exploitable piece of code finally passes review.

“AI lets you write that one line of code, and you can try that a million times in a billion different ways, because it’ll just go through and try everything,” Lopez Chiesa said. “You don’t have to touch it at all. You give it the objective, and it will do it until it dies.”

Keeping Up With Evolving AI Threats

As the capabilities of AI continue to grow, policymakers and cybersecurity experts will have to make a concerted effort to adjust to new challenges.

Branden McIntyre spent years developing network infrastructure for companies such as Cisco and Rakuten. Now, as a co-founder of Trussed.ai, he helps organizations implement tools to control how AI models interact with sensitive data and systems.

In an interview with The Epoch Times, McIntyre explained that users often aren’t able to monitor what information is flowing into and out of the AI models they use. He also raised the concern that many workers may turn to AI models to keep pace with their workflows without always being mindful of the potentially sensitive information they’re feeding into these constantly learning models.

Many AI developers may attempt to implement guardrails within their models, but McIntyre warned this isn’t a universal solution.

“Most models have been focused on internal guardrails, and it’s kind of patchy across the board, right? So one company will have a guardrail for one thing, another company will have a guardrail for another thing. There’s not a whole lot of overlap,” McIntrye said.

McIntyre recommends organizations implement external guardrail products, such as those developed by Trussed.ai, that can sit between an organization’s sensitive data and the AI models it uses to regulate what information flows into these models.

The June 22 Five Eyes warning about AI lists practical steps organizations can take to limit their exposure, including limiting access to sensitive systems, accelerating the speed at which vulnerabilities are fixed, and implementing layers of defensive measures in IT systems.

McIntyre said the advice from the Five Eyes cybersecurity chiefs isn’t new. Instead, he said the advisory highlights “the fact, with AI, things move a lot quicker.”

“You cannot make the same assumptions you used to five years ago, around when you patch things and what’s actually a vulnerability and what’s not a vulnerability, because AI can test everything at once incredibly quickly with variations like we’ve never been able to have before,” he said.