Search
Advertisement
US cyber agency CISA uses Anthropic’s Mythos to audit government software

US cyber agency CISA uses Anthropic’s Mythos to audit government software

CISA is using Mythos to examine government code repositories for vulnerabilities that could be exploited by foreign intelligence agencies and cybercriminals.

Business Today Desk
Business Today Desk
  • Updated Jul 7, 2026 11:19 AM IST
US cyber agency CISA uses Anthropic’s Mythos to audit government softwareAnthropic

The US Cybersecurity and Infrastructure Security Agency is using Anthropic’s Mythos artificial intelligence model to scan government software for security flaws, Reuters reported, citing three people familiar with the matter.

The development points to growing adoption of Anthropic’s AI tools across US security agencies, even as the company continues to navigate a strained relationship with the White House and the Pentagon.

Advertisement

CISA is using Mythos to examine government code repositories for vulnerabilities that could be exploited by foreign intelligence agencies and cybercriminals, according to the Reuters report.

The audits are being carried out by CISA’s Attack Surface Evaluation team, one of the people said. The unit conducts cybersecurity assessments and simulated hacking exercises across US government agencies.

Two people familiar with the work told Reuters that the audits had already uncovered a large number of vulnerabilities. However, they did not provide details on the severity of the flaws, the agencies affected or how much government software had been reviewed.

A CISA representative had said last month that he would check whether the agency had anything to share on the matter, but did not respond to subsequent emails, the report added.

Advertisement

The use of Mythos comes amid Anthropic’s complicated relationship with the US government. The AI startup, which has confidentially filed for a US initial public offering, faced a major confrontation with the administration in February after it refused to remove safeguards restricting the use of its models for autonomous weapons and domestic surveillance.

The Pentagon subsequently designated Anthropic as a formal supply-chain risk, a classification that had previously been used largely against foreign companies suspected of enabling espionage.

A US judge blocked the designation in March. Tensions have since eased following the private release of Mythos, which has been described as highly capable of identifying and exploiting cybersecurity vulnerabilities.

The National Security Agency has also been using Mythos since at least April, Axios previously reported. The New York Times later reported that NSA analysts had tested the model in classified environments and were impressed by its capabilities.

Advertisement

The relationship came under pressure again after Anthropic released a public version of Mythos called Fable, which included cybersecurity safeguards.

The White House subsequently directed Anthropic to prevent foreign nationals from accessing the model. The demand led to a global shutdown of Fable, which was lifted only last week.
 

For Unparalleled coverage of India's Businesses and Economy – Subscribe to Business Today Magazine

Published on: Jul 7, 2026 11:19 AM IST