The NSA Would Be Using an Anthropic Model Despite a Pentagon Ban, Revealing a Growing Fracture Between Capability and Governance
A revealing conflict within the U.S. government is exposing an uncomfortable reality about artificial intelligence: governance frameworks can no longer keep pace with its adoption.
According to recent reports, the National Security Agency (NSA) is actively using Anthropic’s Mythos Preview model, despite the Department of Defense (DoD), which oversees the NSA itself, having classified the company as a “supply chain risk.”
The contradiction is significant. It reflects a deeper problem: those who regulate AI are no longer aligned with those who need to use it.
The Central Conflict: Control vs. Capability
At the heart of this dispute is control.
The Pentagon reportedly pressed for broader access to Anthropic’s models for “all lawful uses,” including applications the company itself has restricted, such as mass surveillance or the development of autonomous weapons.
Anthropic, for its part, attempts to impose limits directly into the model.
The result is a fragmented reality:
- One agency restricts the provider
- Another actively uses it
- And the provider attempts to impose rules from outside
This is not just bureaucratic friction. It is an early signal of a breakdown in AI governance.
The Rise of “Shadow AI”
This case reveals a broader pattern: when access to advanced tools is restricted, teams don’t stop using them—they simply find ways around the restrictions.
This gives rise to what we might call “shadow AI”:
- Use of tools outside official channels
- Risk assessments ignored or incomplete
- Lack of visibility even within the same organization
In companies, this is already a reality. In governments, the impact is far greater.
A Problem That Goes Beyond the Public Sector
This is not just a national security issue. It is a preview of what we will see in companies around the world.
The pattern repeats:
- Security teams attempt to restrict
- Technical teams seek alternatives
- Providers attempt to impose limits via APIs
The result is a fragmented and difficult-to-govern ecosystem.
The Inevitable Shift: From Policy to Architecture
If policies cannot control AI use, architecture will have to.
We are already seeing clear signals:
- strict permissions at the tool level
- auditing of model interactions
- isolated execution environments
- “zero trust” approaches applied to AI
In other words, governance is moving from documents to code.
Conclusion
The conflict between the NSA and Anthropic is not an exception. It is the first visible crack in a system under pressure.
AI capability advances faster than the institutions attempting to regulate it. And when that happens, rules are not broken—they are circumvented.
The real question is no longer whether AI can be governed.
It is whether governance can evolve fast enough to remain relevant.