The US Cybersecurity and Infrastructure Security Agency (CISA) is using Anthropic’s powerful Mythos AI model to scan and audit federal government software for security vulnerabilities, according to a report from Reuters.
Citing three sources familiar with the matter, Reuters reported that CISA is utilizing Mythos to scan code repositories across federal agencies. The operation aims to proactively discover and patch security bugs that could otherwise be exploited by foreign intelligence agencies and cybercriminals.
The audits are reportedly being spearheaded by CISA’s Attack Surface Evaluation team, a specialized unit tasked with conducting digital defense assessments and simulated hacking exercises across the federal landscape. Two sources stated that the AI-driven initiative has already uncovered a “large number” of software vulnerabilities. However, specific details regarding the severity of the flaws, the impacted agencies, or the volume of software reviewed have not been disclosed.
Neither Anthropic nor CISA provided formal on-the-record comments to Reuters regarding the operation.
Tensions between Anthropic and federal officials spiked dramatically earlier this year after the company refused administration demands to remove built-in safeguards restricting its models from being used for autonomous weaponry or domestic surveillance. In response, the Pentagon designated Anthropic as a supply-chain risk, a classification typically reserved for foreign firms suspected of espionage.
The National Security Agency (NSA) is also believed to be using Mythos in its operations.
Late last month, a US official told the Associated Press (AP) that one of Anthropic’s artificial intelligence models had identified vulnerabilities in highly sensitive and secure U.S. government computer systems during a testing exercise.
While the private application of Mythos has accelerated within the U.S. intelligence and defense communities, Anthropic’s public-facing rollouts have triggered separate regulatory battles. When the company launched its public version of the model in early June, called Fable, concerns from the White House regarding foreign nationals accessing the tool prompted an abrupt administrative demand to restrict access. The ensuing standoff led to a temporary global shutdown of the Fable model, which was only lifted last week.
Learn More at the AI Risk Summit | Ritz-Carlton, Half Moon Bay

Related: OpenAI and Anthropic Limit New AI Models to Trump-Approved Customers During Cybersecurity Review
Related: When Information Becomes the Attack Surface – Understanding AI Agent Traps

