NSA is reportedly using Mythos despite Anthropic's designation as a supply-chain risk.

Summary

By the N2K CyberWire staff

NSA is reportedly using Mythos despite Anthropic's designation as a supply-chain risk.

Axios reports that the US National Security Agency (NSA) is using Anthropic's Mythos Preview model, despite the Pentagon labeling the AI company as a supply chain risk. Mythos excels at finding software vulnerabilities, which makes it valuable for both defensive and offensive operations. Anthropic has granted around 40 organizations access to the model through Project Glasswing, which aims to apply Mythos defensively with industry partners to secure critical infrastructure. Neither Anthropic nor the NSA has commented on the agency's reported use of the tool. Axios notes that MI5, the NSA's UK counterpart, said it has access to Mythos through the AI Security Institute.

Anthropic is embroiled in a lawsuit over its designation as a supply-chain risk, although the company's CEO Dario Amodei met with senior White House officials last week in a meeting that both sides described as "productive." The Pentagon labeled Anthropic a risk after the company insisted on limitations to surveillance- and weapons-related development during contract negotiations earlier this year. The NSA's reported use of Mythos highlights a tension between the practical value of advanced AI capabilities and the government's public dispute with Anthropic.

Afternoon Cyber Tea: Brewing cyber insights.

Afternoon Cyber Tea is your insightful midday break for staying ahead of cyber risks. Join Ann Johnson, Microsoft’s Corporate Vice President and Executive Security Advisor, as she sits down with leading experts to explore the biggest developments in today’s cyber landscape. Whether it’s boardroom objectives or emerging technologies, each episode delivers key insights to help decision makers thrive in the modern era of digital transformation. Steep, sip, and stay informed.

US Coast Guard updates its cybersecurity regulations.

The US Coast Guard has updated its maritime security regulations with new cybersecurity requirements for US-flagged vessels, ports, and offshore facilities, GovInfoSecurity reports. The new rules include "requirements to develop and maintain a Cybersecurity Plan, designate a Cybersecurity Officer, and take various measures to maintain cybersecurity within the marine transportation system." Maritime operators must appoint a cybersecurity officer and conduct security assessments by mid-July 2027.

New NGate malware variant performs NFC relay attacks.

ESET has discovered a new variant of NGate, a strain of malware designed to conduct NFC relay attacks to steal payment card information and perform unauthorized ATM withdrawals. The threat actors are using a Trojanized version of the legitimate Android NFC payment app "HandyPay." The researchers note, "The threat actors took the app, which is used to relay NFC data, and patched it with malicious code that appears to have been AI-generated."

The malware is targeting residents of Brazil, and is being distributed via a website impersonating a Brazilian lottery. The malicious app was not placed in the Google Play Store, and users are advised to install their apps from trustworthy sources.

Notes.

Today's issue includes events affecting , and .

Selected Reading

Attacks, Threats, and Vulnerabilities

Actively exploited Apache ActiveMQ flaw impacts 6,400 servers (BleepingComputer) Nonprofit security organization Shadowserver found that over 6,400 Apache ActiveMQ servers exposed online are vulnerable to ongoing attacks exploiting a high-severity code injection vulnerability.

Iran claims US used backdoors in networking equipment (The Register) And China is loving it

StealTok: 130k Users Compromised by Data Stealing TikTok Video “Downloaders” (LayerX) LayerX security researchers have uncovered a campaign of at least 12 interrelated browser extensions that masquerade as TikTok video downloaders but in reality track user activity and collect data. The extensions share a common codebase and are all clones or lightly modified versions of each other, indicating that this is a long-standing and persistent […]

Products, Services, and Solutions

The State of the Agent: Understanding Adoption, Risk, and Mitigation (Rubrik) Rubrik Zero Labs' findings show many organizations are operationalizing autonomous systems without the controls required to govern them.

Industry Events

For a complete running list of events, please visit the Event Tracker.

Events

CSA Agentic AI Security Summit 2026 (Virtual, Apr 29 - 30, 2026) Securing the Future of Autonomous Intelligence. Welcome to the Agentic Wild Kingdom—where autonomous AI agents don’t just assist… they act, collaborate, compete, and evolve. Over two action-packed days, we’ll explore the explosive growth of agentic ecosystems and the new reality they create: a dynamic, unpredictable environment where agents interact across tools, data, and each other—often beyond direct human control. This is not just the future of AI. It’s a whole new operational paradigm. At the center of it all is a critical challenge: securing the agentic control plane.

CyberArk IMPACT 2026 (Austin, Texas, USA, May 11 - 13, 2026) At CyberArk IMPACT, cybersecurity practitioners and leaders will come together to explore today’s #1 attack vector – identity. Attendees will acquire a deep understanding of the latest developments in identity-based cyberattacks, including sophisticated attacker techniques that leverage AI and other methods. And most importantly, they will learn how to shut out attackers and prevent unauthorized access by securing every identity across the organization with the right level of privilege controls.

KB4-CON 2026 (Orlando, Florida, USA, May 12 - 14, 2026) Since its inception in 2018, KB4-CON has evolved from a user-focused gathering to the must-attend event for anyone serious about staying ahead in the security landscape. It is the human risk management industry’s premier event, bringing together KnowBe4 customers, channel partners, prospects, plus security advocates and industry professionals. This is your exclusive opportunity to engage with and learn from the industry’s most influential players, all under one roof.

ASCEND 2026 (Washington, DC, USA, May 19 - 21, 2026) ASCEND connects the civil, commercial, and national security space sectors, along with adjacent industries, to embrace the opportunities and address the challenges that come with increased activity in space. Building our sustainable off-world future requires long-term thinking. Strategic planning, innovation, scientific exploration, and effective regulations and standards will help us preserve space for future generations. ASCEND will enable the technical exchanges, debates, and collaboration that will help forge a sustainable off-world future for all.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.

Daily Briefing for 04.21.26

Top stories.

NSA is reportedly using Mythos despite Anthropic's designation as a supply-chain risk.

US Coast Guard updates its cybersecurity regulations.

New NGate malware variant performs NFC relay attacks.

Notes.

Attacks, Threats, and Vulnerabilities

Products, Services, and Solutions

Events