US Cyber Agency Adopts Anthropic’s Mythos for Code Audits
A federal defender is reportedly employing a private, advanced AI model to scrutinize the government’s own software, though details are scarce.
According to three sources who spoke with Reuters, the US Cybersecurity and Infrastructure Security Agency (CISA) is utilizing Anthropic’s AI model, Mythos, to hunt for vulnerabilities in government code repositories.
This arrangement, revealed on July 6th, signifies Washington’s continued interest in Anthropic’s tools despite previous tensions.
Mythos, responsible for identifying flaws in classified US systems during a prior test, now finds itself within federal hands. The integration comes as Antropic and the administration continue their disagreement over who is authorized to run it.
Sources indicate that CISA’s Attack Surface Evaluation team is behind the scanning, which aims to identify potential entry points for foreign spies or cybercriminals.
While two sources disclosed that numerous vulnerabilities had been discovered, they refrained from elaborating further. Reuters was unable to verify the extent of the code reviewed or the severity of the bugs found.
Anthropic and a CISA representative declined to comment on the initiative when reached for this article.
The Details Are Hazy
None of the operational specifics have been confirmed publicly. Every claim regarding CISA’s use of Mythos relies on anonymous sources, leading to a lack of definitive information.
While Mythos itself has gained traction in 2026 through Anthropic’s Project Glasswing initiative, offering enhanced software flaw detection capabilities, its dual-use nature sparked tensions with Washington earlier this year.
Tensions escalated when Anthropic refused to remove safeguards designed to prevent the AI from being utilized for autonomous weapons or domestic surveillance. This led to a formal supply-chain risk designation by the Pentagon and subsequent legal challenges.
The Thaw and Mythos’ Rise
A subsequent thawing of relations resulted in the NSA’s reported use of Mythos, despite the original ban, as Axios and The New York Times revealed. This eventually led to the release of a public version called Fable.
However, when Antropic barred foreigners from running Fable, it triggered a global shutdown of both models until the issue was resolved.