Particle.news

CISA Deploys Anthropic’s Mythos to Scan U.S. Government Code

Speeding vulnerability discovery, the deployment raises questions about who may run powerful code-auditing AI.

Overview

  • CISA, which began using Anthropic’s Mythos on Monday, is running code scans through its Attack Surface Evaluation team and sources say the audits have already uncovered a large number of vulnerabilities.
  • The Attack Surface Evaluation team conducts simulated hacking and security assessments across federal agencies and is using Mythos to look for bugs that could let in foreign spies or cybercriminals.
  • Details on how much code was reviewed and the severity of the flaws remain undisclosed so agencies have not said which systems were affected or what fixes are under way.
  • The NSA has also been using Mythos since at least April and the model’s adoption comes after a judge blocked a Pentagon supply-chain designation against Anthropic.
  • Anthropic expanded access through Project Glasswing and briefly limited public use of a related model, Fable, after a White House demand, raising broader questions about export controls, oversight and who should be allowed to run dual-use AI tools.