Overview
- CISA, which began using Anthropic’s Mythos on Monday, is running code scans through its Attack Surface Evaluation team and sources say the audits have already uncovered a large number of vulnerabilities.
- The Attack Surface Evaluation team conducts simulated hacking and security assessments across federal agencies and is using Mythos to look for bugs that could let in foreign spies or cybercriminals.
- Details on how much code was reviewed and the severity of the flaws remain undisclosed so agencies have not said which systems were affected or what fixes are under way.
- The NSA has also been using Mythos since at least April and the model’s adoption comes after a judge blocked a Pentagon supply-chain designation against Anthropic.
- Anthropic expanded access through Project Glasswing and briefly limited public use of a related model, Fable, after a White House demand, raising broader questions about export controls, oversight and who should be allowed to run dual-use AI tools.