TechDogs-"US Cyber Agency Uses Anthropic’s Mythos To Audit Government Code, Sources Say"

Cyber Security

US Cyber Agency Uses Anthropic’s Mythos To Audit Government Code, Sources Say

By Utkarsh Hiwale

Updated on Tue, Jul 7, 2026

Overall Rating

The U.S. Cybersecurity and Infrastructure Security Agency is reportedly using Anthropic’s powerful Mythos AI model to scan government code for security flaws, highlighting how frontier AI tools are becoming central to both cyber defense and national security debates.


TL;DR

 
  • CISA is reportedly using Anthropic’s Mythos to audit government software repositories.
  • The scans are being carried out by CISA’s Attack Surface Evaluation team.
  • Sources told Reuters that the audits have already found many vulnerabilities.
  • The move comes despite recent friction between Anthropic and the U.S. government over model access and safety restrictions.


The United States’ top cyber defense agency is turning to Anthropic’s powerful AI model Mythos to audit government software, according to a Reuters report citing three people familiar with the matter.

Source


The Cybersecurity and Infrastructure Security Agency, better known as CISA, is using Mythos to scan government code repositories for bugs that could be exploited by foreign spies or cybercriminals. The work is reportedly being carried out by CISA’s Attack Surface Evaluation team, which conducts digital security assessments and hacking exercises across federal systems.


Two sources told Reuters that the audits have already uncovered a large number of vulnerabilities, although the exact number, severity, and affected systems remain unclear. Reuters also reported that Anthropic did not respond to questions about the initiative, while CISA did not provide further comment after an initial response.


The development marks another major sign that AI is moving deeper into government cybersecurity operations, even as U.S. agencies continue debating how much access should be given to frontier models with strong offensive cyber capabilities.


Anthropic introduced Mythos Preview under Project Glasswing in April, describing it as a model built to help defenders secure critical software. The company said Mythos Preview had already found thousands of high-severity vulnerabilities, including flaws in major operating systems and web browsers.


Anthropic also said Project Glasswing was “an urgent attempt” to put powerful cyber capabilities to work for defensive purposes. As part of the program, Anthropic committed up to $100 million in usage credits for Mythos Preview and $4 million in direct donations to open-source security organizations.


However, Mythos has also raised safety concerns. Anthropic’s own research said the model could identify and exploit zero-day vulnerabilities in major software when directed to do so. The UK AI Security Institute also found that Mythos Preview represented “a step up” over previous frontier models, with major gains on multi-step cyber-attack simulations.


This explains the balancing act now playing out in Washington. On one side, U.S. cyber teams appear eager to use Mythos to find software weaknesses before adversaries do. On the other, the model’s capabilities have triggered scrutiny over access, safeguards, and national security risks.


In June, the U.S. government applied export controls to Anthropic’s Fable 5 and Mythos 5 models, forcing Anthropic to suspend access for all users because it said it could not verify nationality in real time. Anthropic later said those controls were lifted on June 30, with Fable 5 restored globally and Mythos 5 restored for a set of approved U.S. organizations.

 

Topics for more insights: 



“We have also restored access to Mythos 5 for a set of US organizations,” Anthropic said, adding that it would continue coordinating with the government to expand access to domestic and international Project Glasswing partners.


This was not the first report of U.S. intelligence interest in Mythos. Axios reported in April that the National Security Agency was using Mythos despite a Department of Defense supply-chain risk dispute with Anthropic.


For now, CISA’s reported use of Mythos suggests the U.S. government is willing to lean on restricted AI tools when the defensive upside is considered high. Yet the same story also underlines a larger cybersecurity dilemma: the AI models that can help defenders discover hidden bugs may also become dangerous if similar capabilities reach attackers without guardrails.

First published on Tue, Jul 7, 2026

Liked what you read? That’s only the tip of the tech iceberg!

Explore our vast collection of tech articles including introductory guides, product reviews, trends and more, stay up to date with the latest news, relish thought-provoking interviews and the hottest AI blogs, and tickle your funny bone with hilarious tech memes!

Plus, get access to branded insights from industry-leading global brands through informative white papers, engaging case studies, in-depth reports, enlightening videos and exciting events and webinars.

Dive into TechDogs' treasure trove today and Know Your World of technology like never before!

Disclaimer - Reference to any specific product, software or entity does not constitute an endorsement or recommendation by TechDogs nor should any data or content published be relied upon. The views expressed by TechDogs' members and guests are their own and their appearance on our site does not imply an endorsement of them or any entity they represent. Views and opinions expressed by TechDogs' Authors are those of the Authors and do not necessarily reflect the view of TechDogs or any of its officials. While we aim to provide valuable and helpful information, some content on TechDogs' site may not have been thoroughly reviewed for every detail or aspect. We encourage users to verify any information independently where necessary.

Loading comments...

  • Dark
  • Light