Moineauworld

Tag: red teaming

NSA Uses Anthropic Despite Pentagon Rift | Analysis by Brian Moineau

Posted on by Brian Moineau

When national security meets corporate feud: why the government's cybersecurity needs are outweighing the Pentagon's feud with Anthropic

The government's cybersecurity needs are outweighing the Pentagon's feud with Anthropic — and that blunt contradiction is the headline worth unpacking. On April 19–20, 2026 reporting from Axios (later echoed by other outlets) revealed the National Security Agency was using Anthropic’s powerful Mythos Preview model even though the Defense Department has labeled the company a “supply chain risk.” That tension — between institutional caution and operational necessity — is reshaping how Washington balances security policy, procurement politics, and the raw utility of frontier AI.

Quick orientation: what happened and why it matters

  • Anthropic released Mythos as a highly capable model the company has warned is too risky for broad public release.
  • The Pentagon formally designated Anthropic a supply-chain risk in March 2026 after a dispute over the company’s refusal to accede to certain DoD demands about use cases.
  • Despite that designation, the NSA reportedly obtained access to Mythos Preview and began using it for cybersecurity or other internal purposes.
  • The White House has engaged Anthropic executives in recent days, indicating broader government interest despite official friction.

This story matters because it’s not just about one company and one label. It’s about how agencies on the front lines of national defense and intelligence make pragmatic choices when capabilities matter more than policy purity.

Main implications to keep in mind

  • Capability trumps policy when the threat is immediate.
  • Inter-agency dynamics (NSA vs. Pentagon leadership) can produce mixed signals.
  • The blacklisting debate is as much about governance and ethics as it is about tactical advantage.

The technical draw: why Mythos is irresistible

Anthropic has positioned Mythos as a leap forward in generative AI safety and capability. Reported strengths include exceptional code reasoning and the ability to rapidly uncover software vulnerabilities — the exact skills defenders and red teams prize.

When agencies face sophisticated adversaries that probe networks and exploit zero-days, tools that can speed vulnerability discovery, triage alerts, and automate defensive playbooks become invaluable. For the NSA, that kind of edge can mean the difference between containing an intrusion and losing critical data. So even if the Pentagon leadership calls Anthropic a supply-chain risk, an operational unit focused on cryptologic and cyber missions may still adopt whatever works.

The policy paradox: blacklist on paper, use in practice

Blacklists and risk designations serve several purposes: they send political signals, protect supply chains, and set procurement guardrails. But policy instruments can collide with on-the-ground needs.

  • The Pentagon’s March 2026 designation of Anthropic as a supply-chain risk was intended to pressure vendors and enforce safeguards around military applications.
  • Yet the intelligence community often operates with different trade-offs and handling authorities. Agencies like the NSA sometimes have statutory missions and classified workflows that permit selective compromises.
  • The result: a public posture of restriction paired with private, controlled use of the very tools deemed risky.

This dichotomy erodes policy clarity. If agencies pick and choose when to honor a blacklist, the designation becomes less a categorical ban and more a political lever, which complicates accountability and oversight.

The governance problem: safety, trust, and oversight

There are three governance threads tangled in this episode.

  • Safety: Anthropic itself has argued for restrained release of Mythos to avoid misuse. That position complicates both commercial access and government requests.
  • Trust: The Pentagon’s designation reflects concerns about supply-chain exposure, potential backdoors, or policy noncompliance. But selective internal use by agencies like NSA suggests trust — or at least a pragmatic tolerance — where it counts.
  • Oversight: When tools cross into classified use, congressional and public oversight gets harder. The public debate about blacklists assumes consistent enforcement; inconsistent use invites questions about who decides, and on what basis.

If the government wants both capability and principled procurement, it must build transparent exception processes, rigorous evaluation pipelines, and clear accountability for when and why exceptions are made.

The broader strategic picture

This episode signals a few larger shifts.

  • Governments will prioritize operational advantage when national security is at stake, even if that undercuts broader policy goals.
  • Tech vendors will find themselves squeezed between safety commitments to the public and demands from powerful government clients. That squeeze creates legal, ethical, and commercial headaches.
  • Rivalry between agencies can produce mixed communications to the public and vendors, muddying incentives and making consistent policy harder.

Meanwhile, industry players will watch closely. Companies that refuse broad concessions to military use may gain moral credibility but also risk losing contracts or facing political pushback. Conversely, vendors that comply might secure market access but face internal and external criticism.

What comes next

Expect three near-term developments:

  • More interagency conversations and possible carve-outs that formalize how classified units can access restricted models under strict controls.
  • Legal and oversight pressure: Congress and watchdogs will likely push for clarity about who authorized use and how risks are mitigated.
  • Vendor positioning: Anthropic and peers will continue to shape narratives about safe deployment, arguing for guarded, auditable access rather than unrestricted use.

Taken together, these moves will determine whether the current patchwork becomes a managed exception regime or a repeating source of controversy.

My take

This story captures a pragmatic truth about modern defense: tools that materially improve defense or intelligence tasks will get used. Policy labels like “blacklist” matter — but they don’t always override mission imperatives. That tension isn’t new, but it’s sharper now because generative AI can rapidly amplify both benefit and harm.

If Washington wants consistent, ethical governance of transformative AI, it needs rules that recognize operational realities. That means formal exception pathways, rigorous red-team testing, and public-accountability mechanisms that survive classification. Otherwise, we’ll keep seeing public edicts that drift into private exceptions — and public trust will erode one exception at a time.

Things to watch

  • Official statements from the Pentagon, NSA, and Anthropic clarifying scope and safeguards.
  • Congressional inquiries or hearings on the use of restricted AI models by intelligence agencies.
  • Any published guidelines for controlled access to dangerous models across federal agencies.

Sources



Related update: We recently published an article that expands on this topic: read the latest post.

Related update: We recently published an article that expands on this topic: read the latest post.

When Firms Pause AI to Protect | Analysis by Brian Moineau

Posted on by Brian Moineau

Hook: When a lab tells the world its own creation is "too dangerous," you should probably listen

Within days of Anthropic flagging Claude Mythos as “too dangerous for the wild,” governments, bank CEOs and cybersecurity teams sprinted to reassess assumptions about how we defend critical systems. How Anthropic Learned Mythos Was Too Dangerous for the Wild landed like cold water: a frontier AI that can find and chain together software vulnerabilities at speeds humans can’t match, and a company choosing to limit release rather than race to market. That combination — power plus restraint — is reshaping how we think about AI risk, readiness and responsibility.

Why this matters now

  • Mythos represents a class of models that can do more than generate text: they can reason across code, systems, and exploit chains.
  • Banks, regulators and national-security officials were reportedly briefed after Anthropic’s revelation; worries centered on systemic risk if such a capability falls into the wrong hands.
  • Anthropic’s decision to withhold a broad release and instead gate access through a vetted consortium reframes the public-versus-private debate about advanced AI.

The news forced a rapid reorientation: we’re no longer debating whether AIs will be risky — we’re deciding how to contain tools whose primary skill could be to break the digital scaffolding of modern life.

The story so far

Anthropic released documentation describing a frontier model called Claude Mythos (sometimes referenced in press as “Mythos Preview”). Internal and public materials emphasized two things: exceptional capability at identifying security vulnerabilities (including old, obscure bugs), and a heightened potential to autonomously devise exploit sequences that could lead to system takeovers.

In response, Anthropic limited Mythos’ availability and launched "Project Glasswing," a controlled program that gives a small set of tech firms, financial institutions and security vendors access so they can hunt for and patch vulnerabilities before they can be weaponized. Meanwhile, U.S. financial regulators and the Treasury reportedly convened bank executives to make sure institutions understood the threat and had plans to defend themselves. Other governments and big tech firms likewise moved to evaluate what this means for infrastructure resilience.

This isn’t pure alarmism. Multiple reporting outlets and security analysts have noted that Mythos reportedly flagged vulnerabilities across major operating systems and widely used software — in some cases surfacing decades-old issues. Whether every flagged item was a true high-severity zero-day is still a matter for forensic review; critics caution that numbers and headlines can be inflated. Still, the structural issue remains: AI lowers the skill and time required to find and exploit complex, chained vulnerabilities.

Mythos and the cybersecurity shift

  • Speed matters. Traditionally, finding and exploiting chainable zero-days required specialized teams and time. Mythos threatens to compress months of expert work into hours.
  • Scale matters. If a model can sift through repositories, documentation, and binary fingerprints at huge scale, it can locate obscure attack surfaces humans never saw.
  • Asymmetry matters. Defenders must patch, test and roll out fixes across heterogeneous systems. Attackers only need one exploitable chain. AI-driven offense increases the odds that defenders lag.

Put simply: the offense-defence balance shifts if powerful models become widely available. That’s why Anthropic’s gating strategy — and the government huddles — are attempts to keep the window of vulnerability narrow while defenders catch up.

The public vs. private release dilemma

Anthropic’s posture — calling Mythos too dangerous to release publicly while offering controlled access to banks, tech firms and security vendors — highlights a tension.

  • On one hand, limiting distribution buys time for defenders and gives security teams better tooling to find and patch vulnerabilities at scale.
  • On the other, concentrating capability inside a small set of organizations creates inequality in cyberdefense and raises questions about transparency, oversight and accountability. What obligations do companies have when they develop tools that could destabilize infrastructure? Who gets access, and under what governance?

These are governance questions, not just technical ones. They force public institutions and private firms into urgent policy discussions about licensing, auditing and liability — fast.

What defenders can actually do

  • Assume rapid discovery. Treat AI-driven vulnerability discovery as an accelerating threat and triage accordingly.
  • Harden the basics. Defense-in-depth still matters: segmentation, least privilege, timely patching, and rigorous change management reduce exploitable attack surface.
  • Invest in resilient architecture. Systems that can tolerate failures or compromises limit the blast radius of any exploit chain.
  • Run AI-assisted red teams. If Mythos can find chained exploits, defenders should use AI (in controlled environments) to discover and patch them first.

Those steps aren’t glamorous, but they’re practical and urgent. The hard truth is that tooling like Mythos magnifies existing systemic weaknesses; fixing processes and architecture is essential.

A broader implication for AI governance

Anthropic’s public caution sets a precedent: not every technological advance should be immediately unleashed. That stance will complicate business models that prize rapid distribution and scale. It will also place renewed emphasis on multistakeholder risk frameworks: companies, regulators, standards bodies and civil society must collaborate on who gets access to what, under what oversight, and with what safeguards.

We should also accept an uncomfortable possibility: gating advanced models may only delay diffusion. Open-source actors or competing labs could replicate similar capabilities. If that happens, the debate shifts to global coordination: export controls, shared security research, and international norms for handling “cyber-capable” AI.

What to watch next

  • How quickly other labs replicate comparable cyber-capable models, and whether a new norm emerges around staged, audited releases.
  • Whether governments move from private briefings to public regulation or emergency standards for AI that can weaponize vulnerabilities.
  • How financial institutions and critical infrastructure operators adapt their resilience programs — and whether those changes reduce real-world risk.

My take

Anthropic’s callout reads like a stress-test notice for society. For years, we debated hypothetical harms of frontier AI; now we’re seeing a practical example where capability meets infrastructure fragility. The company’s restraint is commendable, but restraint alone won’t fix the underlying exposures. We need faster, cooperative defense, clearer governance, and realistic expectations about how technology proliferates.

Until then, treat Mythos as both warning and wake-up call: the future of cyber risk is arriving faster than expected, and our response must be faster still.

Further reading

Sources



Related update: We recently published an article that expands on this topic: read the latest post.

Microsofts AI Ultimatum: Humanity First | Analysis by Brian Moineau

Posted on by Brian Moineau

When a Tech Giant Says “We’ll Pull the Plug”: Microsoft’s Humanist Spin on Superintelligence

The image is striking: a company with one of the deepest pockets in tech quietly promising to shut down its own creations if they ever become an existential threat. It sounds like science fiction, but over the past few weeks Microsoft’s AI chief, Mustafa Suleyman, has been saying precisely that — and doing it in a way that tries to reframe the whole conversation about advanced AI.

Below I unpack what he said, why it matters, and what the move reveals about where big players want AI to go next.

Why this moment matters

  • Leaders at the largest AI firms are no longer just debating features and market share; they’re arguing about the future of humanity.
  • Microsoft is uniquely positioned: deep cloud, vast compute, a close-but-separate relationship with OpenAI, and now an explicit public pledge to prioritize human safety in its superintelligence ambitions.
  • Suleyman’s language — calling unchecked superintelligence an “anti-goal” and promoting a “humanist superintelligence” instead — reframes the technical race as a values problem, not merely an engineering one.

What Mustafa Suleyman actually said

  • He warned that autonomous superintelligence — systems that can set their own goals and self-improve without human constraint — would be very hard to contain and align with human values.
  • He described such systems as an “anti-goal”: powerful for the sake of power is not a positive vision.
  • Microsoft could halt development if AI risk escalated to a point that threatens humanity; Suleyman framed this as a real responsibility, not PR theater.
  • Rather than chasing unconstrained autonomy, Microsoft says it will pursue a “humanist superintelligence” — designed to be subordinate to human interests, controllable, and explicitly aimed at augmenting people (healthcare, learning, science, productivity).

(Sources linked below reflect his interviews, blog posts, and coverage across outlets.)

The investor and industry dilemma

  • Pressure for performance: Investors and customers expect tangible returns from AI investments (products like Copilot, cloud revenue, optimization). Slowing the pace for safety can be costly.
  • Risk of competitive leak: If one major player decelerates while others keep pushing, the safety-first company may lose market position or influence over standards.
  • Yet reputational and regulatory risk is real: companies seen as reckless invite stricter rules, public backlash, and long-term damage.

Microsoft’s stance reads like a bet that establishing a safety-first brand and norms will pay off — both ethically and strategically — even if it means moving more carefully.

Is Suleyman’s “humanist superintelligence” feasible?

  • Technically, the idea of heavily constrained, human-centered models is plausible: you can limit autonomy, add human-in-the-loop controls, and prioritize interpretability and robustness.
  • The big challenge is alignment at scale: ensuring complex, highly capable systems reliably follow human values in edge cases remains unsolved in research.
  • There’s also the governance question: who decides the threshold for “shut it down”? Internal boards, regulators, or multi-stakeholder panels? The answer matters enormously.

The wider debate: democracy, regulation, and narrative

  • Suleyman’s rhetoric pushes back on two trends: (1) a competitive “whoever builds the smartest system wins” race, and (2) a cultural drift toward anthropomorphizing AIs (calling them conscious or deserving rights).
  • He argues anthropomorphism is dangerous — it can mislead users and blur responsibility. That perspective has supporters and critics across academia and industry.
  • This conversation will influence policy. Public commitments by heavyweight companies make it easier for regulators to design realistic oversight because they signal which controls the industry might accept.

Practical implications for businesses and developers

  • Expect more emphasis on safety engineering, red teams, and orchestration platforms that keep humans in control.
  • Companies building on advanced models will likely face stronger documentation, audit expectations, and questions about fallback/shutdown plans.
  • For developers: design for graceful degradation, explainability, and human oversight. Those are features that will count commercially and legally.

Signs to watch next

  • Specific governance mechanisms from Microsoft: independent audits, kill-switch designs, escalation protocols.
  • How Microsoft defines the threshold for existential risk in operational terms.
  • Reactions from competitors and regulators — cooperation or competitive divergence will reveal whether this is a new norm or a lone ethical stance.
  • Research milestones and whether Microsoft pauses or limits certain capabilities in public models.

A few caveats

  • Promises matter, but incentives and execution matter more. Words don’t equal action unless paired with transparent governance and technical controls.
  • “Shutting down” an advanced model is nontrivial in distributed systems and in ecosystems that mirror models across many deployments.
  • The broader AI ecosystem includes many players (open, academic, state actors). Microsoft’s choice matters — but it cannot by itself eliminate global risk.

Things that give me hope

  • Public-facing commitments like this push the safety conversation into boardrooms and legislatures — a prerequisite for collective action.
  • Building human-first systems can deliver valuable benefits (healthcare, climate, education) while constraining dangerous uses.
  • The debate is maturing: more voices are recognizing that capability progress and safety must be coupled.

Final thoughts

Hearing a major AI leader say “we’ll walk away if it gets too dangerous” is morally reassuring and strategically savvy. It signals a shift from bravado to responsibility. But the hard work lies ahead: translating this ethic into rigorous technical limits, transparent governance, and multilateral agreements so that “pulling the plug” isn’t just a slogan but a real, enforceable safeguard.

We’re in an era where the decisions of a few large firms will shape the technology that shapes everyone’s lives. If Suleyman and Microsoft make good on their stance, they could help create a model where innovation and caution coexist — and that’s a narrative worth following closely.

Quick takeaways

  • Microsoft’s AI head frames unconstrained superintelligence as an “anti-goal” and promotes a “humanist superintelligence.”
  • The company says it would halt development if AI posed an existential risk.
  • The pledge is significant but must be backed by clear governance, technical controls, and broader cooperation to be effective.

Sources