Anthropic, valued at $965 billion, published a blog post calling for a global pause on frontier AI development this week, but the same company has embedded approximately six engineers inside the National Security Agency (NSA) to deploy its most advanced model for offensive cyber operations against foreign adversaries. The contradiction highlights a growing tension between the company's public safety messaging and its private military partnerships.

What Is Anthropic Actually Proposing?

On Thursday, Anthropic Institute researchers Marina Favaro and Jack Clark published a blog post titled "When AI builds itself," arguing that artificial intelligence systems are approaching a critical threshold called "recursive self-improvement," where AI could autonomously design and build its own successors without human oversight. They claimed this milestone could arrive within two years.

In their proposal, the researchers stated: "We believe it would be good for the world to have the option to slow or temporarily pause frontier AI development to enable societal structures and alignment research to keep up with the advance of the technology." They compared the challenge to arms control agreements, noting that "training runs are far easier to conceal than missile silos" and that a meaningful pause would require "multiple well-resourced labs at or near the frontier, in multiple countries, agreeing to stop under the same conditions".

Why Does Anthropic's NSA Partnership Complicate This Message?

According to reporting from the Financial Times, Anthropic has stationed roughly six engineers inside the NSA building to help deploy Mythos, a frontier cybersecurity model that Anthropic refuses to release publicly because of its potential for misuse. Mythos is not a general-purpose chatbot; it is specifically designed to identify and exploit security vulnerabilities in computer systems.

The capabilities of Mythos are substantially more advanced than Anthropic's previous models. Security researchers at the Cloud Security Alliance found that Mythos produced 181 working exploits in a Firefox engine benchmark. By contrast, Claude Opus 4.6, Anthropic's previous flagship model released in 2026, had a near-zero autonomous exploit success rate. Mythos can autonomously read source code, generate vulnerability hypotheses, write and execute test cases against running software, and confirm exploitable bugs without human guidance at each step.

Anthropic demonstrated a 20-gadget Return-Oriented Programming chain against FreeBSD and a four-vulnerability browser sandbox escape, showcasing the model's offensive capabilities. One person familiar with the NSA arrangement told the Financial Times that Mythos would be useful for infiltrating networks operated by countries including China and Iran. Whether the embedded engineers are assisting active operations or confined to model customization remains unclear; the NSA declined to confirm or deny, and Anthropic did not respond to requests for comment.

How Does This Fit Into Anthropic's Broader Business Strategy?

The contradiction between Anthropic's public messaging and private operations extends beyond the NSA partnership. The company just closed a $65 billion Series H funding round at a $965 billion valuation, filed confidential IPO paperwork with the Securities and Exchange Commission (SEC), and committed to building 10 gigawatts of compute infrastructure across three continents. This massive investment in computational capacity directly contradicts the company's call for others to pause AI development.

The situation becomes even more complex when considering Anthropic's legal battles with the U.S. government. The company sued the Department of Defense after it designated Anthropic a "supply-chain risk," a designation that reportedly came about because Anthropic refused to allow its models to be used for mass domestic surveillance and autonomous weapons. Yet simultaneously, Anthropic is embedding engineers inside the NSA to deploy Mythos for offensive cyber operations against foreign adversaries.

What Are the Incentive Structures Behind the Pause Proposal?

Analysts and venture capitalists have raised questions about whether Anthropic's pause proposal serves the company's competitive interests. David Sacks, a venture capitalist and informal adviser to President Trump, has previously accused Anthropic of running a "regulatory capture agenda," using safety rhetoric to encourage regulations that would ban lower-cost open-source models while protecting Anthropic's market position.

A global pause on AI development would create several advantages for Anthropic and other frontier labs:

• Competitive Moat: A pause would disproportionately hurt smaller competitors and open-source efforts that lack the massive compute resources and funding that Anthropic possesses.
• Market Entrenchment: A development freeze would lock in the current market leaders, Anthropic, OpenAI, and Google DeepMind, preventing new entrants from catching up.
• Regulatory Advantage: A pause gives Anthropic time to build the regulatory framework it prefers while competitors are frozen in place.

Rob Enderle, an analyst at the Enderle Group, called the strategy "strategic marketing," noting that Anthropic is promoting recursive self-improvement capabilities to investors while simultaneously arguing those capabilities are too dangerous to allow competitors to develop. Holger Mueller of Constellation Research posed the question more diplomatically: "Is it trying to freeze the status quo so it can catch up, or simply retain its lead? A freeze would certainly help Anthropic to maintain its leading position in B2B AI systems and perhaps even expand its market share".

How Is Anthropic Expanding Its Cybersecurity Program?

Beyond the NSA deployment, Anthropic expanded Project Glasswing, its controlled-access Mythos cybersecurity program, to approximately 150 organizations across more than 15 countries this week. The expansion includes power utilities, water infrastructure operators, healthcare networks, and hardware manufacturers. In six weeks, Glasswing participants found more than 10,000 high- or critical-severity vulnerabilities.

The defensive side of Glasswing is genuinely impressive. Anthropic committed $100 million in usage credits to the program and implemented a structured disclosure approach to help organizations patch vulnerabilities before they can be exploited. However, the NSA deployment represents the offensive side of the same technology. While Glasswing finds vulnerabilities so they can be patched, Mythos at the NSA finds vulnerabilities so they can be exploited by U.S. intelligence agencies.

What Does the Data Show About Recursive Self-Improvement?

The most revealing aspect of Anthropic's blog post is the internal data it presents about the company's own acceleration. Anthropic engineers now ship 8 times as much code per quarter as they did from 2021 to 2025. Public benchmarks show the trend accelerating across model capabilities.

The progression of Claude models demonstrates this acceleration in task complexity:

• Claude Opus 3 (March 2024): Could reliably handle tasks requiring approximately 4 minutes of human work.
• Claude Sonnet 3.7 (2025): Managed tasks requiring approximately 90 minutes of human work.
• Claude Opus 4.6 (2026): Handles tasks requiring approximately 12 hours of human work.

If this trend continues, tasks that take a skilled person days could come into range by the end of 2026, and week-long tasks by 2027. This represents the actual content of recursive self-improvement: not a science fiction scenario where an AI wakes up and redesigns itself, but a steady, measurable acceleration where AI does more of the work of building AI.

How Should Stakeholders Interpret Anthropic's Dual Strategy?

The safety concerns about recursive self-improvement are legitimate, and Anthropic deserves credit for raising the alarm about genuine risks. However, the concern becomes complicated when the alarm comes from a company that is simultaneously the most valuable AI startup on Earth, embedding engineers at the NSA for offensive operations, building 10 gigawatts of compute infrastructure, preparing for an IPO, expanding its cybersecurity program to 150 organizations, and suing the Pentagon while working with the NSA.

The contradiction is not subtle, and it raises fundamental questions about whether Anthropic's pause proposal is driven by genuine safety concerns or by competitive strategy. When the fire department is also the arsonist, observers are justified in questioning the sincerity of the fire safety briefing. The global AI governance framework that emerges from these debates will shape the future of the technology for years to come, making the alignment between Anthropic's public statements and private actions a matter of significant public interest.