The US cyber agency is reportedly utilizing Anthropic’s Mythos to review government code, according to sources.

The US cyber agency is reportedly utilizing Anthropic’s Mythos to review government code, according to sources.

      A federal defender is reportedly utilizing a private, offensive-grade AI model against the government’s own software, although little is officially documented about this effort. The US Cybersecurity and Infrastructure Security Agency (CISA) is employing Anthropic's AI model, Mythos, to identify bugs in government software, according to three sources familiar with the situation who spoke to Reuters. This arrangement, initially reported on July 6, exemplifies Washington’s ongoing interest in the startup's tools despite a contentious standoff with the White House.

      Mythos is the same model that allegedly uncovered vulnerabilities in classified US systems during a previous government evaluation, and its entry into federal use has faced numerous challenges. It arrives at CISA at a time when Anthropic and the administration are still in disagreement over who can operate it. The sources indicated that CISA is utilizing Mythos to assess government code repositories for weaknesses that might allow foreign spies or cybercriminals to infiltrate.

      The agency’s Attack Surface Evaluation team is conducting the scanning, according to one individual, and this unit performs digital security assessments and hacking exercises across the government. Two of the sources told Reuters that the audits had already identified a significant number of vulnerabilities, although no further details were provided. Reuters could not determine the amount of code reviewed or the nature and severity of the identified bugs.

      Anthropic did not reply to inquiries about the initiative, and a CISA representative stated last month that he would confirm whether there was information to share but then did not follow up. No operational details have been officially verified. Every assertion regarding CISA's use of Mythos relies on unnamed sources, and both the agency and the company have declined to comment on the work, which should be considered reported rather than conclusively established.

      What is more certain is the model itself. Anthropic has been promoting Mythos in 2026 as part of its cybersecurity initiative called Project Glasswing, claiming it is exceptionally good at detecting software flaws, and has expanded access to 150 organizations across over 15 countries. The company, which has filed confidentially for a US initial public offering, characterizes Mythos as highly effective at both identifying and exploiting vulnerabilities.

      This dual-use capability has strained relations with Washington. Tensions reached a low in February when the San Francisco firm declined to remove protections preventing its AI from being used for autonomous weapons or domestic surveillance. The Pentagon responded by designating the company with a formal supply-chain risk status, a classification usually applied to foreign firms suspected of facilitating espionage. A judge halted the blacklisting in March.

      Relations improved with the advent of Mythos. Axios reported in April that the NSA had been employing the model despite the Pentagon's prohibition, and the New York Times subsequently noted that NSA analysts who evaluated it in classified environments were favorably impressed. However, when Anthropic released a public version called Fable, the White House unexpectedly demanded that it restrict foreign use, resulting in a global halt of both models that was only lifted last week.

      The situation has noteworthy implications. An agency tasked with safeguarding government networks is now relying on a private model from a firm the Pentagon had recently classified as a security threat to analyze the government’s own code. Whether this reflects pragmatic decision-making or overreach may depend on the actual findings of the audits, which neither CISA nor Anthropic has disclosed.

      Currently, the details remain vague. There is no public record indicating which systems have been examined, how findings are prioritized, or what actions are taken regarding vulnerabilities once Mythos identifies them. Competitors are also exploring similar territory, with OpenAI presenting its own cyber-defense model as an alternative. What is evident is that the government's use of offensive-grade AI for defense purposes is already in progress, regardless of the administrative formalities.

Other articles

WiseTech co-founder Richard White resigns from his position as chair while retaining his seat on the board. WiseTech co-founder Richard White resigns from his position as chair while retaining his seat on the board. WiseTech co-founder Richard White has resigned from his position as executive chair during a police investigation, but remains on the board as chief innovation officer. Following this news, shares increased. Google and RWE support Proxima Fusion in a historic €411 million funding round. Google and RWE support Proxima Fusion in a historic €411 million funding round. Proxima Fusion in Munich has secured €411 million in funding from investors such as Google and RWE, marking the largest private fusion funding round in Europe to date. WiseTech co-founder Richard White resigns from his role as chair, yet retains his position on the board. WiseTech co-founder Richard White resigns from his role as chair, yet retains his position on the board. Richard White, co-founder of WiseTech, has resigned from his position as executive chair during a police investigation but will remain on the board as chief innovation officer. Shares increased. Nscale secures a $900 million revolving credit facility to finance its data center expansion. Nscale secures a $900 million revolving credit facility to finance its data center expansion. Nscale has finalized a $900 million revolving credit facility, which has been syndicated among 12 banks, enhancing its flexible liquidity for the development of AI data centers. Gyre Energy secures $1.3 million to optimize the efficiency of the world's cold storage facilities during peak energy costs. Gyre Energy secures $1.3 million to optimize the efficiency of the world's cold storage facilities during peak energy costs. Gyre Energy, founded in Oxford, has secured more than $1.3 million to implement its AI cooling system within one of the largest cold chains globally as heatwaves put pressure on power grids. TechEx Europe 2026: eight events, 8,000 technology leaders, a unified enterprise agenda. TechEx Europe 2026: eight events, 8,000 technology leaders, a unified enterprise agenda. TechEx Europe 2026 will take place at the RAI Amsterdam on October 19-20, combining eight co-located events into a unified enterprise agenda focused on execution.

The US cyber agency is reportedly utilizing Anthropic’s Mythos to review government code, according to sources.

According to sources, CISA is allegedly utilizing Anthropic's Mythos AI to examine government code for vulnerabilities, several months after a conflict with the White House.