CISA Uses Anthropic's Mythos to Audit Federal Code Repositories

Get the Tech newsletter
Daily tech — startups, AI labs, chips, the launches that shape the next decade. Free.
- CISA's Attack Surface Evaluation team is using Anthropic's AI model Mythos to audit government software code repositories, according to three sources familiar with the program
- The Mythos-assisted audit has already uncovered a large number of vulnerabilities across the repositories reviewed so far
- Anthropic's Mythos — the specific model named in the sourcing — is being deployed by the U.S. cyber defense agency for systematic code review, not just experimental trial use
- The disclosure comes via Reuters' Raphael Satter, making it the first publicly reported instance of CISA embedding a named commercial frontier model directly into federal vulnerability-finding workflows
Why it matters: CISA is the lead U.S. agency for federal cyber defense, so Mythos surfacing vulnerabilities in government repositories means weaknesses are now being flagged at AI-driven speed — and Anthropic gains a high-profile inroad into the federal security-buying pipeline that competitors will have to match or undercut.

