U.S. Cyber Defense Agency Reportedly Using Anthropic’s Mythos to Audit Government Code Repositories

In Cybersecurity News - Original News Source is cybersecuritynews.com by Blog Writer

Spread the love

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is reportedly deploying Anthropic’s advanced AI model, Mythos, to audit federal government code repositories, signaling a growing reliance on artificial intelligence for proactive vulnerability discovery.

According to Reuters, the initiative, CISA’s Attack Surface Evaluation team is using Mythos to scan internal software systems for security flaws that threat actors, including foreign intelligence services and cybercriminal groups, could exploit.

The team, known for conducting penetration testing and security assessments across federal infrastructure, is leveraging the model’s capability to identify complex coding errors and potential attack paths at scale.

Early findings suggest that the AI-assisted audits have already uncovered a significant number of vulnerabilities. However, specific details about the affected systems or severity levels remain undisclosed.

Reuters said it is unclear how extensive the scanning is or how much government code has been analyzed, but the move signals growing use of AI for automated security validation.

U.S. Cyber Agency Using Anthropic’s Mythos

Mythos, developed by the AI firm Anthropic, has been described as highly effective at identifying and exploiting software vulnerabilities, making it particularly valuable for offensive security testing and red teaming exercises.

Its adoption by CISA comes despite Anthropic’s recent tensions with the U.S. government, which previously labeled the company a supply chain risk after it refused to remove safeguards that prevent misuse of its models for surveillance or autonomous weapons.

A federal judge later blocked that designation, and relations between Anthropic and government agencies appear to have improved.

Reports indicate that the National Security Agency (NSA) has also been experimenting with Mythos in classified environments since at least April, with analysts reportedly impressed by its performance in vulnerability discovery and exploitation scenarios.

The broader rollout of Mythos follows the controlled release of a public version, Fable, that includes additional safety restrictions and limited cybersecurity capabilities.

However, regulatory scrutiny intensified when the U.S. government briefly restricted foreign access to the model, citing national security concerns.

Those export controls were lifted only recently, highlighting the ongoing policy challenges surrounding powerful AI systems. The use of AI-driven tools like Mythos represents a significant evolution in how governments approach software security.

Traditional code audits are often time-consuming and resource-intensive. However, AI models can analyze vast codebases rapidly, flagging subtle logic flaws or insecure configurations that might otherwise go unnoticed.

For example, an AI system like Mythos can automatically trace data flows across multiple services to identify injection points or privilege escalation paths, tasks that would typically require extensive manual review by security engineers.

As cyber threats continue to grow in sophistication, integrating AI into vulnerability management workflows may become a standard practice across both public and private sectors.

However, the deployment of such powerful tools also raises questions about oversight, misuse, and the balance between security innovation and policy control.

Stop Accepting SLAs Written for 2019 SOCs – Here’s the 2026 AI SLA Vendor Checklist – Download Free AI SOC SLA Guide

The post U.S. Cyber Defense Agency Reportedly Using Anthropic’s Mythos to Audit Government Code Repositories appeared first on Cyber Security News.