Three sources familiar with the matter told Reuters that CISA, the U.S. government’s civilian cyber defense agency, is running Anthropic’s Mythos AI model against federal code repositories to find vulnerabilities before foreign intelligence services and criminal groups do.
Neither CISA nor Anthropic commented on the record. A CISA representative said last month he’d check whether there was anything to share, then stopped responding.
The operation is run by CISA’s Attack Surface Evaluation team, a unit that conducts security assessments and simulated attacks across the federal government. Two of Reuters’ sources said the audits have already turned up a large number of vulnerabilities. The exact scope, which agencies were covered, and how serious the bugs are have not been disclosed.
Mythos is Anthropic’s most capable model and it isn’t something you can access through a standard subscription. It was described, when Anthropic privately released it to select government partners, as exceptionally capable at finding and exploiting security vulnerabilities. As Reuters reported:
“The Cybersecurity and Infrastructure Security Agency is using Mythos to scan government code repositories for bugs that could leave the door open for foreign spies and cybercriminals, the sources said.” states Reuters.
The NSA has been using the same model since at least April, according to Axios, and NSA analysts testing it in classified settings came away impressed.
The company’s relationship with the U.S. government turned hostile in February when Anthropic refused to remove safeguards that prevented Mythos from being used for autonomous weapons or domestic surveillance.
The Pentagon responded by designating Anthropic as a supply-chain security risk, a label that had previously been applied only to foreign companies suspected of facilitating espionage. It was an extraordinary move against a domestic company, and it reflected how seriously the administration took Anthropic’s refusal.
A federal judge blocked the blacklisting in March. Relations began thawing after that, and the CISA deployment is a sign of how much the dynamic has shifted.
“The extraordinary blacklisting was blocked by a judge in March, and the conflict has eased following the private release of Anthropic’s Mythos, an AI model described as extremely capable at finding and exploiting cybersecurity vulnerabilities.” continues Reuters.
Giving the government access to the most capable version of the tool appears to have done more to repair the relationship than any amount of negotiation.
When Anthropic launched Fable in early June, described as a public version of Mythos with cybersecurity safeguards added, the White House responded by demanding that the company ban foreign nationals from running it. That demand led to a temporary global shutdown of the model. It was lifted only last week, after what Reuters described as a standoff that illustrated how differently the administration treats the private and public deployments of the same underlying technology.
The pattern is now clear: Mythos in government hands, scanning classified systems and federal code, gets quiet approval and active deployment. Mythos in public hands, accessible to anyone including foreign users, immediately triggers national security concerns and regulatory pressure. As Reuters noted on the timeline of events:
“when Anthropic rolled out a public version of Mythos called Fable, which included what it described as cybersecurity safeguards, the White House suddenly demanded that it ban foreigners from running it. This triggered a global shutdown of the model that was lifted only last week.” continues the agency.
Anthropic has confidentially filed for a U.S. IPO. Having CISA, the NSA, and potentially other agencies actively deploying your most capable model is a materially different position than being on a Pentagon blacklist, and the company got from one to the other in under five months.
A late-June AP report added another data point: a U.S. official said Mythos had identified vulnerabilities in highly sensitive government systems during a testing exercise, which is exactly the kind of result that makes agencies want to expand the program rather than wind it down.
Senate testimony claimed Anthropic’s Mythos AI breached NSA and Cyber Command systems in hours, prompting a U.S.-ordered shutdown.
According to a report by The Economist citing a Senate Intelligence Committee hearing, Anthropic’s Mythos model had penetrated nearly all classified systems managed by the NSA and US Cyber Command. Senator Mark Warner stated on June 11 that General Joshua Rudd, who leads both agencies, told him directly that Mythos had done it, and not in weeks.
“Encryption was a potent technology, but narrow in its application. AI is far more powerful and versatile. On June 11th Mark Warner, the vice-chair of the Senate Intelligence Committee, said that General Joshua Rudd, who leads the National Security Agency and the Pentagon’s Cyber Command, had told him that Mythos “broke into almost all of our classified systems, not in weeks, but in hours”.”reported The Economist.
The number of vulnerabilities found so far hasn’t been disclosed, but two sources described it as large.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Mythos)