Mosaic News

Buy Me A Coffee
News without borders
Tuesday, 14 July 2026
Mosaic News is free to read — but not free to run. Your (monthly) donation keeps it going. →
United States·Technology

US cyber agency uses Anthropic's Mythos AI to scan government code for security flaws

Tuesday, 7 July 2026, 06:31 · 2 min read

The United States' primary civilian cyber defence agency is deploying a powerful artificial intelligence tool to hunt for vulnerabilities hidden in government software, multiple sources have revealed, underscoring Washington's growing reliance on AI even as the company behind the tool remains locked in a fractious relationship with the White House.

The Cybersecurity and Infrastructure Security Agency (CISA) — the federal body responsible for protecting critical national infrastructure from digital threats — is using Anthropic's AI model Mythos to scan government code repositories for bugs that could be exploited by foreign intelligence services or criminal hackers, according to three people familiar with the matter. The work is being carried out by CISA's Attack Surface Evaluation team, a specialised unit that conducts security assessments and simulated hacking exercises across government systems. Two of the sources said the audits had already uncovered a large number of vulnerabilities, though neither elaborated on their nature or severity. The full scope of the code reviewed remains unclear. Anthropic did not respond to requests for comment, and CISA has not officially confirmed the programme.

Mythos has attracted significant attention within US national security circles for its reported ability to identify and exploit cybersecurity weaknesses with unusual sophistication. The National Security Agency — the government's signals intelligence arm — had already been using the model as far back as April, and analysts testing it in classified settings were described as impressed by its capabilities. Yet Mythos arrived in government hands amid considerable turbulence. In February, the Pentagon issued Anthropic with a formal supply-chain risk designation — a label previously reserved for foreign companies suspected of enabling espionage — after the San Francisco-based company refused to strip out safeguards that prevent its AI from being used for autonomous weapons development or domestic surveillance. A federal judge blocked that blacklisting in March.

Tensions flared again when Anthropic released a public version of Mythos called Fable. The White House abruptly demanded that the company prohibit foreign users from accessing it, triggering a worldwide shutdown of the model that was lifted only last week. Anthropic has confidentially filed for a US initial public offering, adding a commercial dimension to its uneasy dealings with federal authorities.

The CISA deployment illustrates a broader pattern: even as policy disputes simmer at the highest levels of government, operational agencies are pressing ahead with AI adoption for tasks where the technology offers measurable advantages. For a country whose federal systems are a constant target of foreign cyber operations — from state-sponsored espionage to ransomware — automated vulnerability detection at scale represents a potentially significant defensive capability. How many flaws have been found, and how quickly they can be patched, may ultimately matter far more than the political battles surrounding the tool itself.

Sources
RapplerUS cyber agency is using Anthropic’s Mythos to audit government code, sources say ↗︎The HinduU.S. cyber agency is using Anthropic's Mythos to audit government code, sources say ↗︎
This article was automatically compiled by AI from the sources above. It may contain inaccuracies. Always read the original sources for the full context.