2 Sources
[1]
EXCLUSIVE: US cyber agency is using Anthropic's Mythos to audit government code, sources say
WASHINGTON, July 6 (Reuters) - The U.S. cyber defense agency CISA is using Anthropic's AI model Mythos to audit government software, three people familiar with the matter said on Monday, another sign of government enthusiasm for adopting the AI startup's tools even as the company navigates an ongoing standoff with the White House. The Cybersecurity and Infrastructure Security Agency is using Mythos to scan government code repositories for bugs that could leave the door open for foreign spies and cybercriminals, the sources said. Anthropic did not respond to questions about the initiative. A CISA representative said last month that he would check to see if there was anything to share about the matter but did not respond to further emails. The scanning is being done by CISA's Attack Surface Evaluation team, according to one of the sources. The team is a group within CISA that conducts digital security assessments and hacking exercises across government. Two of the sources said the audits had already uncovered a large number of vulnerabilities but did not elaborate. Reuters could not establish exactly how much government code the team had gone through or the nature or severity of the bugs it discovered. ANTHROPIC'S ROCKY U.S. GOVERNMENT TIES Anthropic, which has confidentially filed for a U.S. initial public offering, has had a tumultuous relationship with the U.S. government. Relations reached a nadir in February after the San Francisco-based company refused to remove safeguards that prevented its AI from being used for autonomous weapons or domestic surveillance. That prompted the Pentagon to slap it with a formal supply-chain risk designation, a label heretofore applied to foreign companies suspected of facilitating espionage. The extraordinary blacklisting was blocked by a judge in March, and the conflict has eased following the private release of Anthropic's Mythos, an AI model described as extremely capable at finding and exploiting cybersecurity vulnerabilities. The National Security Agency, the U.S. government's powerful eavesdropping agency, has been using Mythos as far back as April despite the blacklist, Axios has reported, opens new tab. Late last month, the New York Times said that NSA analysts had been testing Mythos in classified settings and coming away impressed with its capabilities, opens new tab. But when Anthropic rolled out a public version of Mythos called Fable, which included what it described as cybersecurity safeguards, the White House suddenly demanded that it ban foreigners from running it. This triggered a global shutdown of the model that was lifted only last week. The NSA and the White House did not immediately respond to requests for comment. Reporting by Raphael Satter in Washington; Editing by Matthew Lewis Our Standards: The Thomson Reuters Trust Principles., opens new tab * Suggested Topics: * Cybersecurity * Data Privacy Raphael Satter Thomson Reuters Reporter covering cybersecurity, surveillance, and disinformation for Reuters. Work has included investigations into state-sponsored espionage, deepfake-driven propaganda, and mercenary hacking.
[2]
Exclusive-US Cyber Agency Is Using Anthropic's Mythos to Audit Government Code, Sources Say
WASHINGTON, July 6 (Reuters) - The U.S. cyber defense agency CISA is using Anthropic's AI model Mythos to audit government software, three people familiar with the matter said on Monday, another sign of government enthusiasm for adopting the AI startup's tools even as the company navigates an ongoing standoff with the White House. The Cybersecurity and Infrastructure Security Agency is using Mythos to scan government code repositories for bugs that could leave the door open for foreign spies and cybercriminals, the sources said. Anthropic did not respond to questions about the initiative. A CISA representative said last month that he would check to see if there was anything to share about the matter but did not respond to further emails. The scanning is being done by CISA's Attack Surface Evaluation team, according to one of the sources. The team is a group within CISA that conducts digital security assessments and hacking exercises across government. Two of the sources said the audits had already uncovered a large number of vulnerabilities but did not elaborate. Reuters could not establish exactly how much government code the team had gone through or the nature or severity of the bugs it discovered. ANTHROPIC'S ROCKY U.S. GOVERNMENT TIES Anthropic, which has confidentially filed for a U.S. initial public offering, has had a tumultuous relationship with the U.S. government. Relations reached a nadir in February after the San Francisco-based company refused to remove safeguards that prevented its AI from being used for autonomous weapons or domestic surveillance. That prompted the Pentagon to slap it with a formal supply-chain risk designation, a label heretofore applied to foreign companies suspected of facilitating espionage. The extraordinary blacklisting was blocked by a judge in March, and the conflict has eased following the private release of Anthropic's Mythos, an AI model described as extremely capable at finding and exploiting cybersecurity vulnerabilities. The National Security Agency, the U.S. government's powerful eavesdropping agency, has been using Mythos as far back as April despite the blacklist, Axios has reported. Late last month, the New York Times said that NSA analysts had been testing Mythos in classified settings and coming away impressed with its capabilities. But when Anthropic rolled out a public version of Mythos called Fable, which included what it described as cybersecurity safeguards, the White House suddenly demanded that it ban foreigners from running it. This triggered a global shutdown of the model that was lifted only last week. The NSA and the White House did not immediately respond to requests for comment. (Reporting by Raphael Satter in Washington; Editing by Matthew Lewis)
Share
Copy Link
The US Cybersecurity and Infrastructure Security Agency is using Anthropic's AI model Mythos to audit government software for vulnerabilities that could expose systems to foreign spies and cybercriminals. The deployment comes as Anthropic navigates a contentious relationship with the White House over AI safeguards and national security concerns.
The Cybersecurity and Infrastructure Security Agency is actively using Anthropic Mythos to audit government software, marking a significant expansion of AI-powered cybersecurity tools within federal systems
1
. Three sources familiar with the matter confirmed that CISA is deploying the AI model Mythos to scan government code repositories for bugs that could leave critical infrastructure vulnerable to foreign spies and cybercriminals2
. The US cyber agency's Attack Surface Evaluation team, a specialized group that conducts digital security assessments and hacking exercises across government, is leading the initiative .
Source: Reuters
Two sources indicated that the audits conducted by CISA have already uncovered a large number of vulnerabilities, though specific details about the nature or severity of the bugs remain undisclosed
2
. The exact scope of how much government code the team has examined remains unclear. This deployment to audit government software for vulnerabilities demonstrates growing federal confidence in AI-powered cybersecurity tools, even as Anthropic faces scrutiny over AI policy and national security concerns. The AI model has been described as extremely capable at finding and exploiting cybersecurity vulnerabilities, making it particularly valuable for defensive operations .The San Francisco-based company, which has confidentially filed for a US initial public offering, has navigated a tumultuous relationship with the US government
1
. Relations hit a low point in February when Anthropic refused to remove AI safeguards that prevented its technology from being used for autonomous weapons or domestic surveillance. This stance prompted the Pentagon to issue a formal supply-chain risk designation—a label typically reserved for foreign companies suspected of facilitating espionage2
. A judge blocked the extraordinary blacklisting in March, and tensions have eased following the private release of Mythos to select government agencies.Related Stories
The NSA has been using Mythos since April despite the earlier blacklist, with analysts testing the model in classified settings and expressing strong approval of its capabilities . However, when Anthropic released a public version called Fable with cybersecurity safeguards, the White House demanded restrictions on foreign access. This triggered a global shutdown of the model that was only lifted last week
2
. The ongoing standoff highlights the complex balance between maintaining AI safeguards and meeting national security demands. As federal agencies increasingly adopt advanced AI models for critical cybersecurity functions, questions about access controls, AI policy frameworks, and the role of private companies in protecting government infrastructure will likely intensify.Summarized by
Navi
[1]
19 Jun 2026•Policy and Regulation

05 Jun 2026•Technology

19 Apr 2026•Policy and Regulation

1
Policy and Regulation

2
Policy and Regulation

3
Policy and Regulation
