CISA Is Reportedly Using Anthropic's Mythos to Hunt for Software Flaws
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is reportedly using Anthropic’s Mythos AI model to review government software for security weaknesses, according to a Reuters report ci...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is reportedly using Anthropic’s Mythos AI model to review government software for security weaknesses, according to a Reuters report citing people familiar with the effort.
The reported initiative is focused on scanning code repositories across federal agencies in an effort to find vulnerabilities before they can be abused by foreign intelligence services or criminal groups. Reuters said the work is being led by CISA’s Attack Surface Evaluation team, a unit that specializes in digital assessments and simulated offensive testing.
Early findings and limited detail
Two of the sources cited by Reuters said the AI-assisted reviews have already surfaced a “large number” of flaws. However, the report did not identify which agencies were affected, how severe the issues were, or how much software has been examined so far.
- The scope of the scans has not been made public.
- The affected government systems have not been named.
- The severity of the vulnerabilities has not been disclosed.
Neither CISA nor Anthropic provided formal comment to Reuters about the reported program.
Anthropic’s expanding government role
The reported use of Mythos comes as the model appears to be gaining traction in U.S. defense and intelligence circles. Last month, an official told the Associated Press that one of Anthropic’s models had found vulnerabilities in highly sensitive government systems during a testing exercise. The NSA is also believed to be using the model in some capacity, according to the report.
At the same time, Anthropic has faced friction with federal officials over how its tools should be controlled. Earlier this year, the company rejected pressure to remove safeguards that limited use of its models for autonomous weapons and domestic surveillance. That dispute reportedly prompted the Pentagon to classify Anthropic as a supply-chain risk. Separately, when Anthropic launched a public version of its model in early June, officials objected to foreign access concerns, leading to a temporary worldwide shutdown that was lifted only last week.
The reported CISA effort reflects a broader shift in how agencies are evaluating AI for cybersecurity tasks, particularly software review and vulnerability discovery. For now, though, the operational details remain largely opaque.
