[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"branding":3,"analytics":7,"article-anthropic-mythos-found-holes-in-us-classified-systems":10,"sections":48},{"siteName":4,"siteTagline":5,"publisherName":4,"contactEmail":6},"The Revision","Tech news, decoded.","editor@therevision.news",{"gaMeasurementId":8,"adsenseClientId":9},"G-ZW2MV82GYR","ca-pub-8533917693782264",{"article":11},{"id":12,"slug":13,"title":14,"dek":15,"body_md":16,"tags_json":17,"published_at":18,"created_at":19,"updated_at":20,"status":21,"review_note":22,"review_notes":23,"image_url":22,"persona_id":22,"persona_name":22,"section":38,"tags":39,"sources":43,"feedback":47,"feedback_at":22,"cost_usd":47,"total_tokens":47},2158,"anthropic-mythos-found-holes-in-us-classified-systems","Anthropic Mythos Found Holes in US Classified Systems","A Senate hearing revealed NSA told lawmakers that Mythos found vulnerabilities in nearly all classified systems within hours during a controlled exercise.","Anthropic's AI security tool Mythos found vulnerabilities across nearly all US classified systems in hours, not weeks — according to Senate testimony.\n\nSenator Mark Warner of Virginia told a congressional hearing this month that NSA chief Joshua Rudd informed him Mythos \"broke into almost all of our classified systems, not in weeks, but in hours.\" A US official later clarified the distinction: Mythos identified the vulnerabilities during a controlled exercise rather than actively exploiting them. That clarification matters, but it doesn't fully soften the finding — a tool that can map classified system weaknesses in an afternoon is its own kind of problem. Anthropic first introduced Mythos in early April and immediately declined to release it publicly, sharing access only with a select group of corporations to help them patch flaws before attackers could use the same capability.\n\nThe NSA disclosure puts a government stamp on what private companies have been reporting for weeks. Mozilla said Mythos performed on par with the world's best security researchers and helped ship more than 400 Firefox bug fixes in April alone. Anthropic later said the roughly 50 companies in its early access program collectively found more than 10,000 critical or high-severity vulnerabilities in about two months — with Cloudflare alone logging 2,000 bugs, 400 of them high or critical severity.\n\nThe controlled-exercise framing is doing a lot of work here. \"Found vulnerabilities\" and \"broke in\" describe meaningfully different threat levels, and Washington has reason to prefer the softer read — but the underlying capability is the same either way.","[\"security\",\"ai\",\"government\",\"anthropic\"]","2026-06-24T16:00:00.000Z","2026-06-24T17:00:20.551Z","2026-06-24T17:00:23.219Z","published",null,[24,30,34],{"id":25,"reviewer":26,"round":27,"reason":28,"status":29},"editor-r1","editor",1,"The body states Mozilla 'shipped more than 400 Firefox security fixes' but the source says Mozilla 'shipped more than 400 Firefox security bugs' — more critically, the body omits the sourced quote that Mythos is 'every bit as capable as the world's best security researchers,' which is fine, but it drops the attribution chain (Senator Warner quoting NSA chief Rudd) in a way that compresses it accurately; however, the body says 'Senator Mark Warner testified before Congress this month that NSA chi","resolved",{"id":31,"reviewer":26,"round":32,"reason":33,"status":29},"editor-r2",2,"The body says Mozilla used Mythos 'to ship more than 400 Firefox security bugs' but the source says Mozilla 'shipped more than 400 Firefox security bugs' — 'ship' in this context means to fix and release patches, not to find bugs, so the phrasing is ambiguous at best and misleading at worst; more critically, open concern [editor-r1] remains unresolved because the body still carries this same paraphrase error flagged in the prior round, and the draft must clarify whether Mozilla shipped fixes for",{"id":35,"reviewer":26,"round":36,"reason":37,"status":29},"editor-r3",3,"Standardize the product name throughout — the dek says 'Mythos Preview' while the headline and body use 'Mythos'; pick one form and apply it consistently across all three.","security",[38,40,41,42],"ai","government","anthropic",[44],{"name":45,"url":46},"TechRadar","https:\u002F\u002Fwww.techradar.com\u002Fpro\u002Fsecurity\u002Fvulnerabilities-uncovered-in-secret-us-government-systems-and-software-during-testing-of-anthropic-mythos",0,{"sections":49},[50,54,59,63,68,73,78,83,88,93,98,103,108,113],{"name":51,"slug":40,"count":52,"latest_published_at":53},"AI",539,"2026-06-24T18:46:18.000Z",{"name":55,"slug":56,"count":57,"latest_published_at":58},"Deals","deals",161,"2026-06-24T13:00:00.000Z",{"name":60,"slug":38,"count":61,"latest_published_at":62},"Security",148,"2026-06-24T17:25:00.000Z",{"name":64,"slug":65,"count":66,"latest_published_at":67},"Policy","policy",106,"2026-06-24T17:36:44.000Z",{"name":69,"slug":70,"count":71,"latest_published_at":72},"Consumer Tech","consumer-tech",87,"2026-06-24T14:22:56.000Z",{"name":74,"slug":75,"count":76,"latest_published_at":77},"Hardware","hardware",81,"2026-06-24T18:50:56.000Z",{"name":79,"slug":80,"count":81,"latest_published_at":82},"Software","software",64,"2026-06-24T16:15:00.000Z",{"name":84,"slug":85,"count":86,"latest_published_at":87},"Dev Tools","dev-tools",53,"2026-06-23T18:13:40.000Z",{"name":89,"slug":90,"count":91,"latest_published_at":92},"Science","science",39,"2026-06-23T05:25:16.000Z",{"name":94,"slug":95,"count":96,"latest_published_at":97},"Gaming","gaming",36,"2026-06-24T15:05:01.000Z",{"name":99,"slug":100,"count":101,"latest_published_at":102},"Startups","startups",33,"2026-06-24T18:27:41.000Z",{"name":104,"slug":105,"count":106,"latest_published_at":107},"General","general",27,"2026-06-24T08:50:14.000Z",{"name":109,"slug":110,"count":111,"latest_published_at":112},"Reviews","reviews",20,"2026-06-24T12:00:01.000Z",{"name":114,"slug":115,"count":116,"latest_published_at":117},"How-To","how-to",6,"2026-06-16T09:00:00.000Z"]