CISA Uses Anthropic Mythos to Audit Federal Code CISA is using Anthropic Mythos to audit federal code repositories for vulnerabilities, according to reports from Reuters, SecurityWeek, and The Next Web. The Attack Surface Evaluation team has already found many bugs, though details on affected systems and remediation remain undisclosed. The development highlights the need for strict code-access controls and human oversight in AI-assisted vulnerability discovery. CISA is reportedly using Anthropic Mythos to audit federal code repositories for vulnerabilities, according to Reuters-based reporting published July 6-7, 2026. SecurityWeek and The Next Web say the work involves CISA's Attack Surface Evaluation team and has already found many bugs, although CISA and Anthropic have not disclosed the affected systems, severity mix, or remediation pipeline. For practitioners, the durable lesson is not just that a frontier model can help review code; it is that AI-assisted vulnerability discovery needs tight code-access controls, human triage, finding provenance, and audit trails before it becomes part of government cyber operations.