AI & Computing NewsNews

US Cyber Defense Agency Is Quietly Using Anthropic’s Mythos to Hunt Bugs in Government Code

The Cybersecurity and Infrastructure Security Agency has begun scanning federal code repositories with Anthropic's Mythos model, a striking sign of government trust in the AI startup even as it continues to clash with the White House over how its technology gets used.

Key Takeaways

  • CISA is using Anthropic’s Mythos model to scan government software for security flaws that foreign hackers or cybercriminals could exploit.
  • The work is being led by CISA’s Attack Surface Evaluation team, which has already found numerous vulnerabilities, although officials have not disclosed how many or how serious they are.
  • The project comes just months after the Pentagon gave Anthropic a formal supply-chain risk designation, a label typically used for companies suspected of posing foreign espionage risks.
  • The NSA has separately been using Mythos since as early as April, even while the Pentagon blacklist was still technically in effect.

The Cybersecurity and Infrastructure Security Agency (CISA), the federal government’s front-line cyber defense body, is using Anthropic’s Mythos model to scan government code repositories for vulnerabilities, Reuters reported.

The system is designed to identify bugs that could leave federal networks exposed to foreign intelligence services or cybercriminals, another sign of Washington’s growing reliance on Anthropic’s tools despite the company’s unusually tense relationship with the White House.

Anthropic did not respond to Reuters’ request for comment, while a CISA representative who said last month he would look into the matter has yet to follow up.

Inside the Attack Surface Evaluation Team’s Work

The scanning work is being handled by CISA’s Attack Surface Evaluation team, a unit that specializes in improving digital security and hacking exercises across federal government networks, according to Reuters’ sourcing. 

Two of the people briefed on the effort said the audits had already turned up a substantial number of vulnerabilities, though they declined to detail how severe those flaws were or how much government code the team had reviewed so far. 

Reuters likewise said it could not independently confirm the scale of the project. 

The use of an outside company’s AI model to probe the security of federal code is notable given how sensitive government systems typically are to third-party access, highlighting just how capable Mythos is considered to be at identifying exploitable weaknesses

A Relationship Defined by Whiplash

The CISA disclosure comes amid an unusually turbulent year for Anthropic’s relationship with Washington. 

Tensions peaked in February when Anthropic refused Pentagon pressure to remove AI safeguards, prompting a formal supply-chain risk designation.

A federal judge blocked the designation in March, and relations gradually thawed after the private release of Mythos, which Anthropic says is exceptionally capable of finding and exploiting cybersecurity vulnerabilities. 

Meanwhile, Axios reported the NSA had been using Mythos since April, despite the designation technically remaining in place, and later reports noted that NSA analysts testing the model in classified settings came away impressed with its capabilities

Public Access Still Recovering From a Forced Shutdown

The friction didn’t stop there. When Anthropic later rolled out a public version of Mythos called Fable 5, complete with what the company described as built-in cybersecurity safeguards. 

The White House abruptly demanded that Anthropic block foreign users from accessing it, a mandate that proved impossible to enforce cleanly and forced Anthropic, unwillingly, into a global shutdown of the model. 

That shutdown was lifted only last week alongside the launch of Sonnet 5, restoring public access even as government agencies like CISA and the NSA continued relying on Mythos internally the entire time. 

Anthropic has also confidentially filed for a U.S. initial public offering, adding financial stakes to a relationship with Washington that continues to swing between adversarial and deeply reliant, sometimes within the same government.

Source: US cyber agency is using Anthropic’s Mythos to audit government code

Fawad Malik

Fawad Malik is a digital marketing professional and technology writer with over 15 years of industry experience. He specializes in SEO, SaaS, AI, consumer technology, internet services, and content strategy. He is the Founder and CEO of WebTech Solutions, a digital agency focused on helping businesses grow through modern online strategies. Through NogenTech, Fawad shares practical insights on internet technology, WiFi, apps, AI tools, digital trends, and the latest tech updates for readers worldwide.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button