{"slug": "us-cyber-agency-is-using-anthropics-mythos-to-audit-government-code-sources-say", "title": "US cyber agency is using Anthropic’s Mythos to audit government code, sources say", "summary": "The US Cybersecurity and Infrastructure Security Agency is using Anthropic's AI model Mythos to audit government code for vulnerabilities, according to three anonymous sources. The arrangement comes despite a recent Pentagon blacklisting of Anthropic over safety concerns, highlighting a thaw in relations as Washington embraces the startup's tools for cybersecurity.", "body_md": "*A federal defender is reportedly pointing a private, offensive-grade AI model at the government’s own software, though almost nothing about the work is on the record.*\n\nThe US Cybersecurity and Infrastructure Security Agency is using Anthropic’s AI model Mythos to hunt for bugs in government software, according to three people familiar with the matter who spoke to [Reuters](https://www.reuters.com/world/us-cyber-agency-is-using-anthropics-mythos-audit-government-code-sources-say-2026-07-06/).\n\nThe arrangement, first reported on 6 July, is the latest sign that Washington’s appetite for the startup’s tools has outlasted a bruising standoff with the White House.\n\nMythos is the same model that reportedly [found flaws in classified US systems](https://thenextweb.com/news/anthropic-mythos-classified-systems-vulnerabilities) during an earlier government test, and its path into federal hands has been anything but smooth. It lands at CISA even as [Anthropic and the administration keep sparring](https://thenextweb.com/news/anthropic-amodei-wiles-mythos-white-house-pentagon-cybersecurity) over who is allowed to run it.\n\nAccording to the sources, CISA is pointing Mythos at government code repositories to flag vulnerabilities that could let foreign spies or cybercriminals in.\n\nThe scanning is being carried out by the agency’s Attack Surface Evaluation team, one person said, a unit that runs digital security assessments and hacking exercises across government.\n\nTwo of the sources told Reuters the audits had already turned up a large number of vulnerabilities, though none would elaborate. Reuters said it could not establish how much code the team had reviewed, or the nature and severity of the bugs.\n\nAnthropic did not respond to questions about the initiative, and a CISA representative said last month he would check whether there was anything to share, then went quiet.\n\nNone of the operational detail is confirmed on the record. Every claim about CISA’s use of Mythos rests on anonymous sources, and both the agency and the company have declined to describe the work. It should be read as reported, not settled.\n\nWhat sits on firmer ground is Mythos itself. Anthropic has spent 2026 marketing the model, part of a cybersecurity push it calls Project Glasswing, as unusually good at finding software flaws, and it has [widened access to 150 organisations](https://thenextweb.com/news/anthropic-says-mythos-is-too-dangerous-for-the-public-it-just-gave-150-more-organisations-access) across more than 15 countries.\n\nThe company, which has confidentially filed for a US initial public offering, describes Mythos as extremely capable at both finding and exploiting vulnerabilities.\n\nThat dual-use quality is exactly what soured relations with Washington. Ties hit a low in February, when the San Francisco company refused to strip out safeguards blocking its AI from being used for autonomous weapons or domestic surveillance.\n\nThe Pentagon responded with a formal supply-chain risk designation, a label normally reserved for foreign firms suspected of enabling espionage. A judge blocked the blacklisting in March.\n\nThe thaw came with Mythos. Axios [reported in April](https://www.axios.com/2026/04/19/nsa-anthropic-mythos-pentagon) that the NSA had been using the model despite the Pentagon ban, and the New York Times later said NSA analysts had tested it in classified settings and come away impressed.\n\nBut when Anthropic released a public version called Fable, the White House abruptly demanded it bar foreigners from running it, triggering a global shutdown of both models that lifted only last week.\n\nThe optics are hard to miss. An agency charged with defending government networks is now leaning on a private model from a company the Pentagon recently treated as a security risk, to read the government’s own code. Whether that reads as pragmatism or overreach may depend on what the audits actually found, and neither CISA nor Anthropic is saying.\n\nFor now, the scope stays murky. There is no public accounting of which systems have been scanned, how findings are triaged, or what happens to the vulnerabilities once Mythos surfaces them.\n\nRivals are circling the same ground, with OpenAI pitching its own [cyber-defence model](https://thenextweb.com/news/openai-daybreak-anthropic-mythos-cyber-defence) as an alternative. What is clear is that the government’s experiment with offensive-grade AI on defensive duty is already under way, whatever the paperwork says.\n\n## Get the TNW newsletter\n\nGet the most important tech news in your inbox each week.", "url": "https://wpnews.pro/news/us-cyber-agency-is-using-anthropics-mythos-to-audit-government-code-sources-say", "canonical_source": "https://thenextweb.com/news/cisa-anthropic-mythos-government-code-audit", "published_at": "2026-07-07 09:39:30+00:00", "updated_at": "2026-07-07 10:03:07.575056+00:00", "lang": "en", "topics": ["ai-safety", "ai-policy", "ai-products"], "entities": ["CISA", "Anthropic", "Mythos", "Reuters", "Pentagon", "NSA", "White House", "Project Glasswing"], "alternates": {"html": "https://wpnews.pro/news/us-cyber-agency-is-using-anthropics-mythos-to-audit-government-code-sources-say", "markdown": "https://wpnews.pro/news/us-cyber-agency-is-using-anthropics-mythos-to-audit-government-code-sources-say.md", "text": "https://wpnews.pro/news/us-cyber-agency-is-using-anthropics-mythos-to-audit-government-code-sources-say.txt", "jsonld": "https://wpnews.pro/news/us-cyber-agency-is-using-anthropics-mythos-to-audit-government-code-sources-say.jsonld"}}