The US Cybersecurity and Infrastructure Security Agency (CISA) has begun utilizing Anthropic’s Mythos artificial intelligence model to scrutinize government software for potential security vulnerabilities. This initiative, first reported by Reuters, marks a growing integration of advanced AI tools within US security operations, despite Anthropic's complex relationship with federal agencies.
CISA’s objective in deploying Mythos is to meticulously examine government code repositories for weaknesses that could be exploited by foreign intelligence agencies or cybercriminals. The audits are being carried out by CISA's Attack Surface Evaluation team, a unit responsible for conducting cybersecurity assessments and simulated hacking exercises across various US government entities.
Significant Flaws Uncovered
Sources familiar with the operation indicate that these audits have already identified a substantial number of vulnerabilities within government software. While specific details regarding the severity of these flaws, the affected agencies, or the total volume of software reviewed have not been disclosed, the findings underscore the critical need for such advanced security measures.
Anthropic's Shifting Government Relationship
The adoption of Mythos by CISA comes amid a strained, yet evolving, relationship between Anthropic and the US government. The AI startup, which has confidentially filed for an initial public offering, previously faced a significant confrontation with the administration after declining to remove safeguards that restricted its models from being used for autonomous weapons and domestic surveillance.
This dispute led to the Pentagon designating Anthropic as a formal supply-chain risk in February, a classification typically reserved for foreign companies suspected of espionage. However, a US judge subsequently blocked this designation in March, and tensions have reportedly eased following the private release of Mythos, a model highly capable of identifying and exploiting cybersecurity weaknesses. The National Security Agency (NSA) has also been reportedly using Mythos since April, with analysts expressing strong impressions of its capabilities in classified environments.
Further complexities arose when Anthropic released a public version of Mythos, named Fable, which included cybersecurity safeguards. The White House then directed Anthropic to prevent foreign nationals from accessing the model, leading to a temporary global shutdown of Fable, which was only lifted recently.