The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is utilizing Anthropic's AI model Mythos to scan government software repositories for security flaws that could be exploited by foreign spies or cybercriminals, insider sources reveal.
- CISA's Attack Surface Evaluation team leads AI-assisted code audits
- Mythos identifies critical software vulnerabilities in government systems
- Anthropic's AI use amidst tense government relations and restrictions
What happened
The Cybersecurity and Infrastructure Security Agency (CISA) has started using Mythos, an AI model developed by Anthropic, to analyze government code repositories. This scanning targets bugs that could create access points for unauthorized actors, including foreign intelligence services and cybercriminal groups. Multiple sources familiar with the initiative confirmed the use of Mythos in these ongoing audits.
The effort is being carried out by CISA's Attack Surface Evaluation team, which specializes in digital security assessments and simulating cyber attacks within government systems. While specific details on the volume of code reviewed or the precise nature of detected vulnerabilities remain undisclosed, insiders indicated that a significant number of bugs have already been unearthed.
Why it matters
This deployment of Anthropic's Mythos reflects a broader trend of government agencies integrating advanced AI tools to enhance cybersecurity protections. Given the rising complexity and frequency of cyber threats targeting federal infrastructure, leveraging AI for code auditing provides an innovative approach to preempting attacks and strengthening defenses.
However, the collaboration is set against a backdrop of strained relations between the U.S. government and Anthropic. Earlier disputes included the Pentagon imposing a supply-chain risk designation on the company, as well as White House demands restricting public access to AI models. Despite this, Mythos has been used by top agencies like the NSA in classified environments, highlighting its perceived value in national security contexts.
What to watch next
Attention will focus on how extensively Mythos is further integrated across federal cybersecurity operations and whether its efficacy leads to broader adoption by other governmental entities. Monitoring the nature and severity of vulnerabilities found will also be critical in assessing the AI's practical impact on reducing cyber risks.
Additionally, evolving government policies towards AI startups like Anthropic, especially regarding technology safeguards and export controls, will influence the trajectory of AI-assisted cybersecurity tools. Observers will want to track whether tensions ease or escalate, as this will affect innovation and collaboration between public agencies and private AI developers.