Zendoric
← Back to the day · July 8, 2026

CISA uses Anthropic's Mythos to audit government code despite tension with the White House

🕒 Published on Zendoric: July 8, 2026 · 09:15

Reuters reveals, citing three sources familiar with the matter, that the US Cybersecurity and Infrastructure Security Agency (CISA) is using Mythos, Anthropic's AI model specialized in cybersecurity, to audit government code repositories in search of vulnerabilities exploitable by spies…

🎉 We're already a big community — and growing every dayJoin the readers who never miss the AI analysis that sets the momentum. Subscribe free.

We'll send you a confirmation email (double opt-in). Privacy.

🎧 Listen to the analysis

Reuters reveals, citing three sources familiar with the matter, that the U.S. Cybersecurity and Infrastructure Security Agency (CISA) is using Mythos, Anthropic's AI model specialized in cybersecurity, to audit government code repositories in search of vulnerabilities exploitable by foreign spies or cybercriminals. The work is specifically carried out by CISA's Attack Surface Evaluation team, responsible for digital security assessments and hacking exercises within the government. According to two of the sources, the audits have already uncovered a large number of vulnerabilities, though Reuters could not determine how much code has been reviewed or the severity of the flaws found. Neither Anthropic nor CISA responded with details about the initiative.

What makes the case notable is the context: Anthropic maintains a tense and contradictory relationship with the U.S. government. In February, the company refused to remove the safeguards that prevent its AI from being used in autonomous weapons or domestic surveillance, prompting the Pentagon to impose a formal supply-chain risk designation on it, a label until then reserved for foreign companies suspected of espionage. A judge blocked that extraordinary ban in March, and tensions eased following the private release of Mythos, described as an extremely capable model for finding and exploiting cybersecurity vulnerabilities.

The article adds that the NSA, the powerful U.S. government eavesdropping agency, had already been using Mythos since April despite the Pentagon's blacklist, as Axios had previously reported. The New York Times also reported that NSA analysts had tested Mythos in classified environments and had been impressed with its capabilities. However, when Anthropic released a public version of Mythos called Fable—which included supposed cybersecurity safeguards—the White House suddenly demanded that its use by foreigners be banned, triggering a global shutdown of the model that was only lifted last week.

This episode illustrates the underlying paradox: while different branches of the U.S. government (CISA, NSA) actively adopt Anthropic's tools to strengthen their own cyber defenses, the White House maintains a regulatory standoff with the company over its responsible AI use policies, at a time when Anthropic has confidentially filed for an initial public offering in the U.S. The story also hints at a broader tension in Washington between the desire to harness cutting-edge AI capabilities for national security and the will to impose political controls on the companies developing them, especially when those companies resist certain military or surveillance uses.

🔗 Related on Zendoric

Sources & references

Get the analysis by email · free

One email a day analysing the AI essentials. Free, no spam, unsubscribe anytime.

We'll send you a confirmation email (double opt-in). Privacy.