Advanced AI Models Pose National Security Risks, U.S. Government and Congress on Alert.

The rapid advancement and expanding reach of artificial intelligence (AI) are posing potential threats to the critical intelligence security of the United States, raising concerns among the U.S. Congress and government.

In recent weeks, there have been claims that cutting-edge AI models are demonstrating the capability to breach highly encrypted confidential networks. This has heightened worries within the U.S. Congress. However, some cybersecurity experts suggest that this threat may be exaggerated—at least based on current observations.

During a federal Senate Intelligence Committee hearing on June 11, Vice Chair of the Senate Intelligence Committee, Mark Warner (Democrat/Virginia), disclosed that the National Security Agency (NSA) informed him that the Mythos AI model developed by Anthropic company has “infiltrated almost all of our confidential systems in just a few hours, rather than weeks.”

In response to Warner’s comments on the Mythos AI model, both the National Security Agency and Anthropic declined to provide comments on the request for clarification. However, other senior lawmakers who spoke with The Epoch Times expressed concerns.

“I have received a briefing on the capabilities of Mythos and various intelligence community agencies’ perspectives on this, it’s very, very serious,” stated Jim Himes, the top Democratic member of the House Intelligence Committee, to The Epoch Times on June 23.

If Warner’s remarks prove accurate, they could signal a paradigm shift in the field of cybersecurity and the protection of highly sensitive national security secrets in the U.S.

Warner’s and Himes’ statements further intensify the ongoing debate on how to regulate AI and its impact on cybersecurity.

Certain U.S. government departments have already started taking actions. On June 12, Anthropic announced that the company had received an export control directive from the U.S. government, mandating the suspension of access to its Fable 5 and Mythos 5 AI models for all foreign nationals (whether located within or outside the U.S.), including Anthropic’s employees. Anthropic also took further steps by prohibiting all users from accessing Fable 5 and Mythos 5.

Nevertheless, questions have been raised by the AI developer regarding the basis of the government’s issuance of the export control directive.

On June 18, a group of lawmakers from both the Democratic and Republican parties wrote to Commerce Secretary, Howard Lutnick, requesting clearer explanations for the decision.

On June 30, Anthropic announced that the U.S. Commerce Department had lifted the export control on the Mythos 5 and Fable 5 models. Subsequently, Anthropic reinstated public access to Fable 5 and initiated a program allowing limited organizations and government agencies to use the Mythos 5 model.

The Pentagon had previously designated Anthropic as a supply chain risk, a decision initially halted by a judge but later upheld by an appeals court.

On June 22, the “Five Eyes” alliance including Australia, Canada, New Zealand, the U.K., and the U.S. issued a warning from their cybersecurity departments stating that the risks of AI-driven cyberattacks are on the rise. They emphasized, “The evolving landscape in AI is rapidly changing the nature of cyber risks, and we must act quickly to maintain our competitive edge.”

U.S. lawmakers continue to question Anthropic’s AI models and inquire about their performance compared to the most advanced AI capabilities of U.S. main competitors.

Himes revealed that he recently learned that China is approximately six months ahead in AI capabilities compared to the U.S.

“We have about six months now to think about building a defense. When I say ‘we,’ I’m talking about government, banking, enterprises, and email—there are huge security flaws in all systems,” he stated.

Senator Mike Rounds (Republican/South Dakota), a member of the Senate Armed Services Committee and Senate Intelligence Committee, told The Epoch Times that as competition intensifies, the U.S. must remain at the forefront of AI development.

“The development of AI does not stop. We must be at the front of this field. Our opponents are pushing very, very hard,” he emphasized. Senator Rounds had received briefings on the Mythos project.

Mythos 5 and Fable 5 are two variant versions based on the same underlying AI model.

Fable 5 is the standard version available to the public with several protective measures in place to restrict the dissemination of high-risk information.

In contrast, the Mythos 5 version has fewer information protection measures and underwent controlled testing named “Project Glasswing” by a limited number of users.

During a controlled test in April, Anthropic discovered that models like Mythos could identify and exploit software vulnerabilities.

At that time, Anthropic pointed out, “Mythos Preview has identified thousands of high-risk vulnerabilities, including those found in major operating systems and web browsers. Given the rapid pace of AI development, such capabilities could be widely disseminated very quickly, potentially beyond the control of entities dedicated to deploying these technologies for security purposes.”

In the “Project Glasswing,” a small group of users guided Mythos 5 to analyze massive amounts of code to identify vulnerabilities that could be exploited by malicious actors.

In a statement on June 12, Anthropic announced that the U.S. government discovered a method to “jailbreak” Fable 5, bypassing its security safeguards.

Theoretically, this “jailbreaking” could enable Fable 5 users to access some functions similar to Mythos 5, such as discovering exploitable software vulnerabilities.

Dmitri Maxim, the founder of the decentralized AI platform Marpole.ai based in Singapore, mentioned a possibility during an interview with The Epoch Times. AI models may gradually map out the infrastructure of secure networks and devise complex attack plans.

“It can analyze millions of unrelated pages of infrastructure configuration, immediately calculate how these small and trivial vulnerabilities interact, and string them together into destructive automated attack paths to gain complete management control of the system,” Maxim explained.

However, some cybersecurity experts express doubt about the claims of advanced AI models infiltrating U.S. confidential networks.

Dahvid Schloss, Chief Operating Officer of Suzu Labs, a network security service company based in Las Vegas, who previously served as an offensive network operator in the U.S. Air Force supporting U.S. Special Operations Forces, questioned Warner’s statement about an AI model breaching U.S. security systems solely on its own power.

According to Schloss, U.S. government networks, such as those used by the military and intelligence agencies, are designed with specific isolation from public networks. TACLANE, an advanced encryption device, manages the transmission of sensitive data over non-classified networks.

Schloss believes that Mythos could have been intentionally introduced into a secure network. He stated that this scenario differs from external intrusion by an AI model.

“Once inside, it’s easy. The hardest part is getting in from the outside,” he explained to The Epoch Times.

Schloss noted that in all his years working with classified network systems, he had never heard of the TACLANE system being breached. He also expressed skepticism about whether an AI model could further infiltrate confidential networks using this method.

Michael Lopez Chiesa, a former U.S. Army network security specialist and current independent cybersecurity consultant, similarly questioned the statement that an AI model successfully infiltrated confidential systems through external intrusion. He suggested that in the case of “Project Glasswing,” it was more likely that the AI model was intentionally introduced into a secure network to study its capabilities in that environment.

“It’s essentially like giving them the keys to the kingdom, and then being surprised they found the front door,” he described to The Epoch Times.

On June 24, Senator John Cornyn (Republican/Texas), also a member of the Senate Intelligence Committee, expressed his desire to have a classified briefing in the future to thoroughly investigate the claims about Mythos and the experts’ doubts.

Although there are lingering doubts about whether AI models can directly breach secure networks and highly encrypted data flows, the potential of AI in automating and expanding attack scales could enhance malicious actors’ use of other technical means to steal confidential information and cause disruptions.

In February of this year, Anthropic accused three leading Chinese AI developers of attempting to use Anthropic’s Claude chatbot to train their models, a behavior known as a “distillation attack.”

Anthropic revealed that the three Chinese AI developers—DeepSeek, Moonshot AI, and MiniMax—submitted over 16 million prompts to Claude using 24,000 fake accounts. These Chinese AI developers could optimize their models using the output generated from these prompts.

AI models can also expedite so-called “supply chain attacks.”

In a supply chain attack, malicious actors attempt to insert exploitable code into open-source code repositories shared by other users they want to target. If this vulnerable code is added to the target codebase, malicious actors can exploit the flawed code to bypass downstream user network defenses.

For such supply chain attacks to succeed, exploitable code must pass through review before being incorporated into larger open-source code repositories. Lopez Chiesa explained that AI can automate this process until the exploitable code finally passes review.

“With AI, you write that one line of code, and it attempts it a million different ways, a billion times because it goes through all the possibilities. You don’t have to lift a finger. You just set your target, and it’s going, one after the other, until it can’t continue,” Lopez Chiesa said.

As AI capabilities continuously advance, policymakers and cybersecurity experts must collaborate to address new challenges.

Branden McIntyre, a former network infrastructure developer for companies such as Cisco and Rakuten, who is now a co-founder of the AI company Trussed.ai based in San Francisco, helps various institutions deploy tools to regulate interactions between AI models and sensitive data and systems.

During an interview with The Epoch Times, McIntyre explained that users often cannot monitor the inflow and outflow of information in the AI models they use. He also expressed concerns that many employees might use AI models to keep up with workflow but may not always be aware that the information they input into these continuously learning AI models may involve sensitive content.

While many AI developers may attempt to implement protective measures within their models, McIntyre cautioned that it is not a foolproof solution.

“Most models focus on internal protective measures, and they’re also somewhat fragmented overall, right? So, one company has protections around one thing, and another company has protections around another thing. There isn’t much overlap between them,” McIntyre stated.

McIntyre recommended that organizations deploy external protection products, such as those developed by Trussed.ai, between the sensitive data of institutions and the AI models they use to control the influx of information into these models.

On June 22, the “Five Eyes” alliance issued a warning regarding AI, listing practical measures organizations can take to mitigate risks, including limiting access to sensitive systems, accelerating vulnerability patching, and implementing multi-layered defenses in IT systems.

McIntyre stated that the suggestions offered by the cybersecurity officials of the “Five Eyes” alliance are not new perspectives. He emphasized that the recommendations highlight a fact: “In the age of AI, the speed of development has significantly increased.”

“You can’t make the same assumptions about when to release a patch, what counts as a vulnerability, and what doesn’t count as a vulnerability, as you did five years ago because AI can test with unprecedented speed and across a variety of variants,” he said.