Particle.news

CISA Is Using Anthropic’s Mythos to Scan Federal Code

The deployment shows U.S. agencies are relying on powerful AI to find software bugs faster, prompting unresolved questions about access controls, oversight, transparency.

Overview

  • Multiple news outlets reported that CISA began running Anthropic’s Mythos this week to audit government code repositories and that anonymous sources say the scans have already turned up a large number of vulnerabilities.
  • The work is being carried out by CISA’s Attack Surface Evaluation team, a unit that performs simulated hacks and security assessments across federal agencies to find bugs that spies or criminals could exploit.
  • Reporting says the model being used is Mythos, Anthropic’s most capable tool, which U.S. intelligence agencies including the NSA have tested privately and found fast at finding and exploiting vulnerabilities.
  • The deployment follows months of tension between Anthropic and the government, including a Pentagon supply‑chain risk designation that a judge blocked in March and a White House demand earlier this month that led Anthropic to restrict access to a public variant called Fable.
  • The move could speed patching of real security flaws across government systems while also raising policy choices about who may use such dual‑use AI, how access will be controlled, and how much the government will disclose about findings.