According to sources, the US cyber agency is utilizing Anthropic's Mythos to examine government code.
A federal defender is reportedly directing a private, offensive-grade AI model at the government’s own software, though little is officially documented about this endeavor. The US Cybersecurity and Infrastructure Security Agency (CISA) is utilizing Anthropic’s AI model, Mythos, to identify bugs in government software, according to three sources familiar with the situation who spoke to Reuters.
This arrangement, first disclosed on July 6, indicates that Washington's interest in the startup’s tools has persisted despite a contentious standoff with the White House. Mythos was previously noted for uncovering flaws in classified US systems during an earlier government evaluation, and its transition to federal use has faced obstacles. It now reaches CISA even as Anthropic and the administration continue to debate who is authorized to operate it.
Sources indicate that CISA is employing Mythos to examine government code repositories for vulnerabilities that could allow foreign spies or cybercriminals access. The agency's Attack Surface Evaluation team is reportedly executing this scanning initiative, which conducts digital security assessments and hacking simulations across the government.
Two sources informed Reuters that these audits have already revealed many vulnerabilities, although no further details were provided. Reuters was unable to determine the amount of code reviewed or the nature and severity of the identified bugs. Anthropic did not answer inquiries regarding the initiative, and a CISA representative mentioned last month they would look into whether there was anything available to share, but subsequently did not follow up.
All operational specifics remain unverified on the record. Claims concerning CISA’s usage of Mythos are based solely on anonymous sources, and both the agency and the company have refrained from discussing the project. This should be regarded as reported rather than confirmed.
What is more certain is the existence of Mythos. Anthropic has dedicated 2026 to promoting the model, part of a cybersecurity initiative termed Project Glasswing, renowned for its effectiveness in identifying software flaws, and it has expanded access to 150 organizations across more than 15 countries.
The company, which has secretly filed for a US initial public offering, describes Mythos as highly proficient in both locating and exploiting vulnerabilities. This dual-use capability is precisely what soured relations with Washington. The relationship reached a low point in February, when the San Francisco firm declined to remove safeguards preventing its AI from being employed for autonomous weapons or domestic surveillance.
The Pentagon responded by designating it as a formal supply-chain risk, a label typically reserved for foreign firms suspected of facilitating espionage, although a judge later blocked this blacklisting in March.
Relations began to improve with the use of Mythos. Axios reported in April that the NSA had adopted the model despite the Pentagon's ban, and the New York Times subsequently revealed that NSA analysts had tested it in classified environments and were impressed.
However, when Anthropic launched a public version named Fable, the White House swiftly requested that it prevent foreigners from using it, leading to a global shutdown of both models that only ended last week.
The implications are significant. An agency tasked with protecting government networks is now relying on a private model from a company that the Pentagon had recently categorized as a security risk to analyze the government’s own code. Whether this is perceived as practicality or overreach may hinge on the outcomes of the audits, and neither CISA nor Anthropic has provided insight.
Currently, the extent of the initiative remains unclear. There is no public record of the systems that have been scanned, how findings are prioritized, or what transpires with the vulnerabilities once Mythos identifies them. Competitors are also exploring the same area, with OpenAI promoting its own cyber-defense model as an alternative. What is evident is that the government’s experimentation with offensive-grade AI in a defensive role is already in progress, regardless of what the paperwork indicates.
Other articles
According to sources, the US cyber agency is utilizing Anthropic's Mythos to examine government code.
According to sources, CISA is said to be employing Anthropic’s Mythos AI to examine government code for vulnerabilities, just months following a confrontation with the White House.
