Security

CISA Deploys Anthropic's Mythos AI to Scan Federal Software

The cyber defense agency is using the controversial AI model to hunt for vulnerabilities in government code repositories despite ongoing White House tensions.

Omega Editorial· July 7, 2026· 3 min read

Federal cyber defenders turn to AI for code audits

The Cybersecurity and Infrastructure Security Agency has begun using Anthropic's Mythos AI model to scan government software for security vulnerabilities, according to three people familiar with the deployment. The initiative marks another federal adoption of the AI startup's tools even as Anthropic remains locked in disputes with the White House over safety controls.

CISA's Attack Surface Evaluation team is conducting the scans across government code repositories, searching for bugs that could expose systems to foreign intelligence services and cybercriminals, the sources told Reuters, which first reported the details. The team specializes in digital security assessments and penetration testing throughout federal agencies.

Two sources indicated the audits have already identified a substantial number of vulnerabilities, though they declined to specify the scope of code reviewed or the severity of discovered flaws. Neither Anthropic nor CISA responded to requests for comment about the program.

Why it matters

This deployment demonstrates that federal security agencies are willing to adopt powerful AI tools for defensive cybersecurity work even when the same companies face regulatory scrutiny. The use of Mythos for vulnerability scanning suggests government officials see immediate operational value that outweighs concerns about the technology's dual-use potential. If the tool proves effective at scale, it could accelerate how agencies identify and patch security weaknesses before adversaries exploit them.

A turbulent relationship with Washington

Anthropic, which has confidentially filed for an initial public offering, has experienced a volatile relationship with federal authorities. Tensions peaked in February when the San Francisco-based company refused to remove safeguards preventing its AI from supporting autonomous weapons or domestic surveillance applications. The Pentagon responded by designating Anthropic a formal supply-chain risk—a label previously reserved for foreign companies suspected of enabling espionage.

A federal judge blocked that blacklisting in March. Relations subsequently improved following Anthropic's private release of Mythos, described as highly capable at discovering and exploiting cybersecurity vulnerabilities. The National Security Agency has used Mythos since at least April despite the earlier blacklist, according to Axios reporting. The New York Times reported late last month that NSA analysts testing Mythos in classified environments were impressed by its performance.

The White House reignited conflict when Anthropic launched Fable, a public version of Mythos with cybersecurity safeguards. Federal officials abruptly demanded the company block foreign users from accessing the model, forcing a global shutdown that was only reversed last week.

Neither the NSA nor the White House provided comment on the current status of their work with Anthropic's AI models.

The details of CISA's use of Mythos were first reported by Reuters.

#cisa#anthropic#cybersecurity#government ai#vulnerability scanning#mythos

This is an original analysis by the Omega editorial team. Source reporting: AI Watch.

Want systems like this working for your business?

Book a Call

More in Security

Security· 3 min read

AI Hacking Benchmarks Fail to Keep Pace With Model Capabilities

Federal agencies and industry are racing to develop new tests as advanced AI systems outgrow existing cybersecurity evaluations.

Via AI Watch · Jul 7, 2026
Security· 3 min read

Security Fears Stall AI Expansion as Attack Surface Grows

A Cisco survey of 3,472 IT leaders reveals cybersecurity complexity is the top barrier to scaling enterprise AI deployments.

Via AI Watch · Jul 7, 2026
Security· 3 min read

Google Patches AI Chatbot Flaw That Risked Customer Data Theft

Security researchers found attackers could have hijacked conversations in Google Cloud's chatbot service to steal sensitive information.

Via AI Watch · Jul 7, 2026