The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is utilizing Anthropic's AI model Mythos to scan government software repositories for security flaws that could be exploited by foreign spies or cybercriminals, insider sources reveal.

  • CISA's Attack Surface Evaluation team leads AI-assisted code audits
  • Mythos identifies critical software vulnerabilities in government systems
  • Anthropic's AI use amidst tense government relations and restrictions

What happened

The Cybersecurity and Infrastructure Security Agency (CISA) has started using Mythos, an AI model developed by Anthropic, to analyze government code repositories. This scanning targets bugs that could create access points for unauthorized actors, including foreign intelligence services and cybercriminal groups. Multiple sources familiar with the initiative confirmed the use of Mythos in these ongoing audits.

The effort is being carried out by CISA's Attack Surface Evaluation team, which specializes in digital security assessments and simulating cyber attacks within government systems. While specific details on the volume of code reviewed or the precise nature of detected vulnerabilities remain undisclosed, insiders indicated that a significant number of bugs have already been unearthed.

Why it matters

This deployment of Anthropic's Mythos reflects a broader trend of government agencies integrating advanced AI tools to enhance cybersecurity protections. Given the rising complexity and frequency of cyber threats targeting federal infrastructure, leveraging AI for code auditing provides an innovative approach to preempting attacks and strengthening defenses.

However, the collaboration is set against a backdrop of strained relations between the U.S. government and Anthropic. Earlier disputes included the Pentagon imposing a supply-chain risk designation on the company, as well as White House demands restricting public access to AI models. Despite this, Mythos has been used by top agencies like the NSA in classified environments, highlighting its perceived value in national security contexts.

What to watch next

Attention will focus on how extensively Mythos is further integrated across federal cybersecurity operations and whether its efficacy leads to broader adoption by other governmental entities. Monitoring the nature and severity of vulnerabilities found will also be critical in assessing the AI's practical impact on reducing cyber risks.

Additionally, evolving government policies towards AI startups like Anthropic, especially regarding technology safeguards and export controls, will influence the trajectory of AI-assisted cybersecurity tools. Observers will want to track whether tensions ease or escalate, as this will affect innovation and collaboration between public agencies and private AI developers.

Source assisted: This briefing began from a discovered source item from Economic Times Tech. Open the original source.
How SignalDesk reports: feeds and outside sources are used for discovery. Public briefings are edited to add context, buyer relevance and attribution before they are published. Read the standards

Related briefings