The US Cybersecurity and Infrastructure Security Agency (CISA) is using Anthropic Mythos to scan government software for security vulnerabilities, according to people familiar with the project.

The AI model searches government code for weaknesses before hackers or foreign intelligence services can exploit them. Sources say the audits have already uncovered numerous vulnerabilities. However, officials have not revealed their severity or the affected systems.

Anthropic Mythos Scans Government Code

According to three Reuters sources, CISA has deployed Anthropic Mythos to review government code repositories for security flaws.

The work is being carried out by CISA’s Attack Surface Evaluation team. The group performs penetration testing and security assessments across US government systems.

Neither CISA nor Anthropic has officially confirmed the project. Anthropic declined to comment. A CISA spokesperson also has not provided additional details.

Reuters could not determine how much government code has been reviewed. The news agency also could not verify the type or severity of the vulnerabilities.

AI Audits Reportedly Uncover Numerous Flaws

Two sources told Reuters that the audits have already identified a large number of vulnerabilities.

They did not say whether the flaws were critical. They also did not identify the affected government agencies.

The findings show how Anthropic Mythos is being used to strengthen cybersecurity. AI can identify software weaknesses before attackers discover them.

Anthropic’s Relationship With Washington Has Improved

The CISA project follows a difficult period between Anthropic and the US government.

Earlier this year, the company reportedly refused to remove safeguards that blocked its AI from supporting autonomous weapons or domestic surveillance.

The Pentagon then assigned Anthropic a supply-chain risk designation. That label is usually reserved for companies suspected of creating espionage risks.

A judge blocked the designation in March. Relations reportedly improved after Anthropic privately released Mythos, which specializes in finding cybersecurity vulnerabilities.

NSA Has Also Tested Anthropic Mythos

Government agencies beyond CISA have also shown interest in Anthropic Mythos.

Axios reported that the National Security Agency (NSA) began using the model in April despite the earlier Pentagon designation.

Later, The New York Times reported that NSA analysts tested Mythos in classified environments. The report said they were impressed with its cybersecurity capabilities.

Anthropic later introduced a public version called Fable. The release included built-in cybersecurity safeguards.

The White House then pushed for restrictions on foreign access. That decision temporarily shut down the model worldwide.

Access was restored last week. Neither the NSA nor the White House responded to requests for comment.


0 responses to “CISA Uses Anthropic Mythos to Find Security Flaws in Government Code”