CISA Utilizes Anthropic’s Mythos AI for Security Audits
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has started using Anthropic’s AI model, Mythos, to perform security audits on government software repositories, according to information from three sources familiar with the process. It’s worth noting that Anthropic’s relationship with the federal government hasn’t exactly been smooth, particularly following a controversial lawsuit with the Department of Defense.
According to a report, CISA has begun utilizing the Mythos model to scan government code repositories in search of security vulnerabilities that could be exploited by foreign intelligence agencies or cybercriminals. This development indicates a governmental interest in employing technology from the AI startup, even amid ongoing tensions between Anthropic and the White House.
One source mentioned that the scanning is being executed by CISA’s Attack Surface Assessment Team, a specialized group tasked with conducting digital security assessments and hacking exercises across government systems. The aim is to discover bugs and weaknesses in government software that could pose security risks.
Two sources indicated that the ongoing audit has already uncovered a notable number of vulnerabilities, though specific details on these findings were not shared. The full extent of the code review, including the amount of government software examined and the specific nature and severity of the identified issues, remains unclear.
Anthropic did not provide a response to inquiries regarding this initiative. A representative from CISA noted last month that the agency might consider sharing more information, but did not answer further email requests on the matter.
Anthropic’s relationship with the U.S. government has featured considerable conflict. The company, based in San Francisco, recently filed for an initial public offering in the U.S., but its interactions with federal regulators have been unstable. This situation intensified when Anthropic challenged the Trump administration over the Department of Defense’s decision to blacklist it due to supply chain concerns.
The company claims that federal contracts are being terminated, raising uncertainties about both existing and future private sector deals. This environment could jeopardize hundreds of millions of dollars in revenue in the near term. Anthropic’s CFO, Krishna Rao, added that the financial ramifications could extend even further, estimating that government actions might reduce the company’s revenue by billions by 2026.
A supply chain risk designation, recently reaffirmed, is an unusual classification typically reserved for foreign adversaries. As a result, defense vendors and contractors are required to verify that they do not use Anthropic’s AI model, Claude, in any contracts for the Department of Defense, significantly limiting participation in defense-related projects.
Most recently, the Trump administration enforced an export ban on Anthropic’s Fable and Mythos AI models, a ban that was later lifted after negotiations took place with the company.
The Trump administration’s ban effectively prohibited foreign governments, companies, and individuals from accessing the Fable 5 and Mythos 5 models. In response, Anthropic restricted all access to ensure compliance with the new regulations, impacting various foreign governments and some of its own foreign-born employees.
High-level discussions occurred recently between government officials and Anthropic’s leadership about Fable 5, a streamlined version of Mythos intended for public use. Attendees included Secretary of Commerce Howard Lutnick, National Cyber Director Sean Cairncross, and Tom Brown, Anthropic’s co-founder.
Wynton Hall from Breitbart News expressed that while AI has significant potential, it also presents substantial risks, comparing it to landmines. He highlighted that AI reviews of government code are a positive application, but acknowledged that even beneficial uses can have their hidden dangers. Hall wrote a book discussing how the MAGA movement can approach AI in a manner that benefits society without ceding control to tech giants or foreign powers.





