The US Cybersecurity and Infrastructure Security Agency (CISA) is using an advanced artificial intelligence model developed by Anthropic to examine government software for security flaws, according to people familiar with the initiative, highlighting the growing role of AI in strengthening national cybersecurity.
Sources said CISA has deployed Anthropic’s AI model, Mythos, to scan government code repositories for vulnerabilities that could potentially be exploited by foreign intelligence agencies or cybercriminals. The effort is being carried out by the agency’s Attack Surface Evaluation team, which conducts cybersecurity assessments and penetration testing across US government systems.
People familiar with the project said the AI-assisted reviews have already identified a significant number of software vulnerabilities. However, they did not disclose how many government systems have been examined or provide details about the severity or nature of the weaknesses uncovered.
CISA has not officially confirmed the programme. A spokesperson previously said the agency would determine whether additional information could be shared but did not provide further comment. Anthropic also declined to comment on the reported initiative.
The reported deployment comes as Anthropic continues to navigate a complicated relationship with the US government.
Earlier this year, tensions emerged after the San Francisco-based AI company reportedly declined requests to remove safeguards that prevent its AI systems from being used for autonomous weapons or domestic surveillance. The disagreement led the Pentagon to designate Anthropic as a supply-chain risk, a move that temporarily raised questions about the company’s ability to work with government agencies.
The designation was later blocked by a federal judge, easing immediate concerns over the company’s government partnerships.
Since then, Anthropic’s cybersecurity-focused AI technology has attracted growing interest from US national security agencies.
Media reports have previously indicated that the National Security Agency (NSA) began testing Mythos earlier this year despite the earlier dispute. Officials reportedly evaluated the model in classified environments and found it effective at identifying software vulnerabilities and assessing cybersecurity risks.
Anthropic later introduced a public version of the technology known as Fable, which included built-in cybersecurity safeguards. Reports indicated that the White House subsequently requested restrictions on access to the model for users outside the United States, leading to a temporary suspension of international availability before those restrictions were eased last week.
The use of AI tools for software security reflects a broader effort by government agencies to automate vulnerability detection as cyber threats become increasingly sophisticated. AI systems are capable of reviewing large volumes of source code far more quickly than traditional manual methods, helping security teams identify weaknesses before they can be exploited.
Anthropic has confidentially filed for a US initial public offering, and its growing involvement in government cybersecurity projects could strengthen its position in the rapidly expanding market for AI-powered security technologies.
Neither the White House nor the NSA immediately commented on the reported use of Mythos within federal cybersecurity operations.

Facebook
Twitter
Instagram
LinkedIn
RSS