The Cybersecurity and Infrastructure Security Agency (CISA) is reportedly using Anthropic’s advanced artificial intelligence model, Mythos, to identify security vulnerabilities in U.S. government software, according to multiple sources familiar with the initiative.
The deployment reflects growing interest among U.S. government agencies in using AI-powered cybersecurity tools to strengthen software resilience and proactively detect vulnerabilities that could be exploited by cybercriminals or foreign threat actors.
Sources said CISA is using the Mythos model to scan government code repositories for potential software flaws. The work is being carried out by the agency’s Attack Surface Evaluation team, a specialist unit responsible for conducting cybersecurity assessments and offensive security exercises across government systems.
According to two of the sources, the AI-assisted reviews have already identified a significant number of software vulnerabilities, although details regarding the affected systems, the scale of the assessments, or the severity of the findings have not been disclosed.
Neither Anthropic nor CISA has officially confirmed the programme. While a CISA spokesperson previously indicated the agency would review whether information could be shared publicly, no further details have been provided.
AI Expands Role in Government Cybersecurity
The reported deployment comes as Anthropic continues to deepen its presence within the U.S. national security ecosystem, despite recent tensions with government authorities over AI governance and national security policies.
The company, which confidentially filed for an initial public offering (IPO) earlier this year, experienced a challenging period after declining to remove safeguards designed to prevent its AI models from being used for autonomous weapons systems or domestic surveillance applications.
That disagreement led the United States Department of Defense to designate Anthropic as a supply-chain risk earlier this year. However, the designation was subsequently blocked by a U.S. court, allowing government engagement with the company to continue.
Since then, relations between Anthropic and U.S. agencies have reportedly improved following the development of Mythos, an AI model specifically designed to identify and exploit cybersecurity vulnerabilities in controlled security testing environments.
Previous reports have indicated that the National Security Agency (NSA) has also been evaluating Mythos in classified environments, with analysts reportedly assessing its capabilities for advanced cybersecurity applications.
Anthropic later introduced a public version of the technology, known as Fable, incorporating additional cybersecurity safeguards. The rollout was briefly disrupted after U.S. authorities imposed export restrictions limiting foreign access to the model, although those restrictions were lifted shortly afterwards.
Growing Adoption of AI in Cyber Defence
The reported use of AI-driven vulnerability assessment tools by CISA underscores the increasing role of artificial intelligence in strengthening public sector cybersecurity. As governments face increasingly sophisticated cyber threats, AI is emerging as a critical capability for automating code reviews, identifying software weaknesses more quickly, and improving the resilience of digital infrastructure.
If confirmed, CISA’s adoption of Mythos would represent another step in the broader integration of AI into government cybersecurity operations, where machine learning models are increasingly being deployed to complement traditional security testing and vulnerability management processes.
Comments