--- type: source title: "NSA Using Anthropic's Mythos Despite Pentagon Supply-Chain Blacklist" author: "Axios (scoop) / TechCrunch / Security Magazine" url: https://www.axios.com/2026/04/19/nsa-anthropic-mythos-pentagon date: 2026-04-19 domain: grand-strategy secondary_domains: [ai-alignment] format: article status: unprocessed priority: high tags: [nsa, anthropic, mythos, pentagon, supply-chain-ban, governance-incoherence, dod, cisa, two-tier-governance] --- ## Content The National Security Agency is using Anthropic's Mythos Preview model despite the Department of Defense — which oversees the NSA — having declared Anthropic a "supply chain risk" on February 27, 2026 and banning federal agencies from using Anthropic products. Axios broke the scoop April 19; TechCrunch confirmed April 20. Security Magazine characterized it as the US Security Agency "leveraging Claude Mythos despite Pentagon Blacklist." The NSA's use of Mythos appears to be facilitated by the White House OMB protocol (Bloomberg, April 17) that established federal agency access pathways to Mythos as part of the White House's apparent interest in reaching a deal with Anthropic (Trump said deal is "possible," April 21). Context: The DOD's supply chain risk designation was intended to cut all federal agency use of Anthropic technology. The NSA is a component of the DOD intelligence apparatus. The Commerce Department's Center for AI Standards and Innovation is also testing Mythos. Separately, Axios reported (April 21) that CISA — the Cybersecurity and Infrastructure Security Agency, the primary civilian cybersecurity agency — does NOT have access to Mythos. ## Agent Notes **Why this matters:** The coercive governance tool (supply chain designation) deployed against Anthropic is being selectively enforced within the agency that deployed it. NSA has access; CISA doesn't. This creates a structural asymmetry: offensive intelligence capabilities are enhanced by Mythos; defensive civilian cybersecurity posture is not. The governance instrument is being applied in a way that degrades its own stated purpose (supply chain security). **What surprised me:** That NSA (intelligence/offense) and Commerce CAISI have access while CISA (civilian cybersecurity defense) doesn't. The supply chain designation should apply equally to all DOD components — NSA using Mythos despite the ban suggests the ban is either (a) not being enforced, (b) being selectively waived, or (c) NSA is operating through a White House-facilitated pathway that circumvents the DOD designation. Any of these is a governance failure. **What I expected but didn't find:** Evidence that the NSA access was authorized through an official waiver or exemption mechanism. The stories all describe it as occurring "despite" the blacklist, not through a formal exemption. **KB connections:** Directly connects to the "governance laundering" pattern — the coercive tool is producing form (designation) without substance (enforcement). Also connects to the "two-tier governance architecture" — security agencies have different rules than civilian agencies. **Extraction hints:** "The supply chain risk designation against Anthropic is producing governance form without substance: the DOD's own intelligence component (NSA) is using Mythos in defiance of the designation, while CISA — the agency that should benefit most from defensive AI tools — is denied access." ## Curator Notes (structured handoff for extractor) PRIMARY CONNECTION: Governance laundering Level 6+ — the coercive enforcement mechanism is selectively applied within the agency that deployed it. WHY ARCHIVED: Empirical evidence that the DOD supply chain designation is not being enforced, which collapses its utility as a governance mechanism. EXTRACTION HINT: The CISA/NSA access asymmetry is the structural finding — extract separately from the general NSA-has-access story.