The US Cybersecurity and Infrastructure Security Agency (CISA) is using Anthropic's AI model Mythos to audit government software, according to three people familiar with the matter. The initiative marks another sign of government enthusiasm for adopting the AI startup's tools, even as the company navigates an ongoing standoff with the White House.
Mythos Scans Government Code for Bugs
CISA is using Mythos to scan government code repositories for bugs that could be exploited by foreign spies and cybercriminals, the sources said. The scanning is being conducted by CISA's Attack Surface Evaluation team, a group that performs digital security assessments and hacking exercises across government agencies.
Two of the sources said the audits had already uncovered a large number of vulnerabilities, though they did not elaborate on the specifics. Reuters could not establish exactly how much government code the team had reviewed or the nature or severity of the bugs discovered.
Anthropic did not respond to questions about the initiative. A CISA representative said last month that he would check to see if there was anything to share about the matter but did not respond to further emails.
Anthropic's Rocky Relationship with the US Government
Anthropic, which has confidentially filed for a US initial public offering, has had a tumultuous relationship with the US government. Relations reached a low point in February after the San Francisco-based company refused to remove safeguards that prevented its AI from being used for autonomous weapons or domestic surveillance.
That refusal prompted the Pentagon to slap Anthropic with a formal supply-chain risk designation, a label previously applied only to foreign companies suspected of facilitating espionage. The extraordinary blacklisting was blocked by a judge in March, and the conflict has since eased following the private release of Mythos, an AI model described as extremely capable at finding and exploiting cybersecurity vulnerabilities.
NSA Also Using Mythos Despite Blacklist
The National Security Agency (NSA), the US government's powerful eavesdropping agency, has been using Mythos as far back as April despite the blacklist, according to Axios. Late last month, the New York Times reported that NSA analysts had been testing Mythos in classified settings and came away impressed with its capabilities.
However, when Anthropic rolled out a public version of Mythos called Fable, which included what it described as cybersecurity safeguards, the White House suddenly demanded that it ban foreigners from running it. This triggered a global shutdown of the model that was lifted only last week.
The NSA and the White House did not immediately respond to requests for comment.



