CISA Turns to Anthropic’s Mythos to Hunt Bugs in U.S. Government Code

The U.S. government is increasingly turning to advanced artificial intelligence not just for productivity or analysis, but for core cybersecurity work. The Cybersecurity and Infrastructure Security Agency, or CISA, is using Anthropic’s AI model Mythos to scan government software repositories for vulnerabilities that could be exploited by foreign intelligence services or cybercriminals. According to three people familiar with the matter, the work is being carried out by CISA’s Attack Surface Evaluation team, a unit that conducts security assessments and hacking-style tests across government systems.  

The goal is practical and high stakes: find bugs in government code before adversaries do. AI is being used to audit software for flaws that might leave doors open to espionage or cyberattacks. Two of the sources said that the audits have already uncovered a large number of vulnerabilities, though the report does not specify how much code has been reviewed or how severe the bugs are. Even without those details, the implication is clear: the federal government sees AI-assisted code review as promising enough to deploy in real operational settings, not just experimental labs.  

What makes the story especially striking is the political context around Anthropic. The company has had a rocky relationship with the U.S. government. Tensions worsened in February after Anthropic refused to remove safeguards that prevented its AI from being used for autonomous weapons or domestic surveillance. In response, the Pentagon placed the company under a formal supply-chain risk designation, an unusually severe step more commonly associated with foreign firms suspected of helping espionage. A judge blocked that blacklist in March, and relations have eased since the private release of Mythos, which is described as especially capable at finding and exploiting cybersecurity weaknesses.  

That means the government’s embrace of Mythos is happening even as official distrust has not fully disappeared. The National Security Agency has reportedly been using Mythos since at least April despite the earlier blacklist. Seemingly, NSA analysts tested Mythos in classified settings and came away impressed. So the pattern appears broader than just CISA: parts of the U.S. national security apparatus are adopting Anthropic’s tools because of their technical value, even while policymakers have been uneasy about the company’s refusal to bend on certain safeguards. 

The White House’s more recent clash with Anthropic also highlights how strategically important these tools have become. When Anthropic released a public version of Mythos called Fable, including what it described as cybersecurity safeguards, the White House demanded that it ban foreigners from using it. That demand triggered a global shutdown that was lifted only last week. In other words, Washington now views frontier cyber-capable AI models as sensitive technologies whose distribution could affect national security, not just as commercial software products.  

CISA’s reported use of Mythos also says something broader about the future of cyber defense. Traditionally, code auditing at government scale has depended on human reviewers, penetration testers, and static analysis tools. AI does not replace those functions yet, but it is becoming a force multiplier — one that may help agencies sift through huge codebases faster and identify vulnerabilities earlier. If that proves effective, AI-based auditing could become standard practice across civilian and intelligence agencies.   

The U.S. government is making a pragmatic choice: despite political and policy tensions with Anthropic, agencies appear willing to use its AI when it offers a clear security advantage. The story is less about abstract AI hype than about a concrete shift in how the federal government protects its software — by putting increasingly powerful models to work searching for bugs before America’s rivals find them first.  

Facebook
Twitter
LinkedIn
Pinterest
WhatsApp

Subscribe Now

Never miss any important news. Subscribe to our newsletter.