[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fU8RKjaZ6FfC9l7geZqjvYnI_Y0zIaNnLXDgBITVaI7Y":3},{"article":4,"iocs":47},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":24,"category":25,"article_tags":29},"56e8d9d4-334b-49f8-a47e-19f0fb69aa45","CISA Reportedly Using Anthropic’s Mythos to Scan Government Software for Flaws","cisa-reportedly-using-anthropic-s-mythos-to-scan-government-software-for-flaws-d4b82b","The audits are reportedly being spearheaded by CISA’s Attack Surface Evaluation team, a specialized unit tasked with conducting digital defense assessments and simulated hacking exercises. The post CISA Reportedly Using Anthropic’s Mythos to Scan Government Software for Flaws appeared first on SecurityWeek.","The US Cybersecurity and Infrastructure Security Agency (CISA) is reportedly leveraging Anthropic's Mythos AI model to proactively scan federal government software repositories for security vulnerabilities. This initiative, led by CISA's Attack Surface Evaluation team, aims to identify and patch flaws before they can be exploited by adversaries. While the program has reportedly uncovered a significant number of vulnerabilities, specific details remain undisclosed.","CISA is reportedly using Anthropic's Mythos AI to scan government software for vulnerabilities.","The US Cybersecurity and Infrastructure Security Agency (CISA) is using Anthropic’s powerful Mythos AI model to scan and audit federal government software for security vulnerabilities, according to a report from Reuters. Citing three sources familiar with the matter, Reuters reported that CISA is utilizing Mythos to scan code repositories across federal agencies. The operation aims to proactively discover and patch security bugs that could otherwise be exploited by foreign intelligence agencies and cybercriminals. The audits are reportedly being spearheaded by CISA’s Attack Surface Evaluation team, a specialized unit tasked with conducting digital defense assessments and simulated hacking exercises across the federal landscape. Two sources stated that the AI-driven initiative has already uncovered a “large number” of software vulnerabilities. However, specific details regarding the severity of the flaws, the impacted agencies, or the volume of software reviewed have not been disclosed. Neither Anthropic nor CISA provided formal on-the-record comments to Reuters regarding the operation. Tensions between Anthropic and federal officials spiked dramatically earlier this year after the company refused administration demands to remove built-in safeguards restricting its models from being used for autonomous weaponry or domestic surveillance. In response, the Pentagon designated Anthropic as a supply-chain risk, a classification typically reserved for foreign firms suspected of espionage. The National Security Agency (NSA) is also believed to be using Mythos in its operations. Advertisement. Scroll to continue reading. Late last month, a US official told the Associated Press (AP) that one of Anthropic’s artificial intelligence models had identified vulnerabilities in highly sensitive and secure US government computer systems during a testing exercise. While the private application of Mythos has accelerated within the US intelligence and defense communities, Anthropic’s public-facing rollouts have triggered separate regulatory battles. When the company launched its public version of the model in early June, called Fable, concerns from the White House regarding foreign nationals accessing the tool prompted an abrupt administrative demand to restrict access. The ensuing standoff led to a temporary global shutdown of the Fable model, which was only lifted last week. Learn More at the AI Risk Summit | Ritz-Carlton, Half Moon Bay Related: OpenAI and Anthropic Limit New AI Models to Trump-Approved Customers During Cybersecurity Review Related: When Information Becomes the Attack Surface – Understanding AI Agent Traps Written By Mike Lennon For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is founder and director of several leading cybersecurity industry conferences around the world. Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights. More from Mike Lennon SecurityWeek ICS Cybersecurity Conference Heads to Nashville for Special 25-Year Anniversary EditionCisco Moves to Acquire Astrix Security to Tackle Non-Human Identity RisksIran-Linked Hackers Disrupt US Critical Infrastructure via PLC AttacksSenate Confirms Joshua Rudd to Lead NSA and US Cyber CommandUS Cyber Strategy Targets Adversaries, Critical Infrastructure, and Emerging TechnologiesZscaler Acquires Browser Security Firm SquareX CrowdStrike to Acquire Browser Security Firm Seraphic for $420 MillionTim Kosiba Named NSA Deputy Director Latest News Critical Adobe ColdFusion Vulnerability Exploited in AttacksIran-Linked Hackers Using Modular C&C Framework in CyberattacksCISO Conversations: Tarah Wheeler, Cybersecurity Leader, Thought Leader and Original ThinkerLinux Kernel Vulnerability Allows VM Escape on Intel and AMD SystemsKeyfactor Scores $1 Billion+ Investment for AI, Post-Quantum SecurityBlogspot-Hosted Payloads Delivered in ‘Veil#Drop’ AttacksThe Shift Toward Business-Aligned Risk ManagementArmored Likho APT Targeting Government, Electric Power Entities Trending Daily Briefing NewsletterSubscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Why Email Security Keeps Failing (And What Has to Change) July 8, 2026 Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more. Register Virtual Event: 2026 Cloud Security Summit July 16, 2026 This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments. Register People on the MoveJames Phillips has been promoted to the role of Vice President, Cybersecurity Risk Management at AT&T.Rafal Los has joined Binary Defense as Chief Strategy Officer.Tracey Mustacchio has joined Everfox as Chief Marketing Officer.More People On The MoveExpert Insights The Shift Toward Business-Aligned Risk Management Moving from isolated, technical data to a continuous risk lifecycle can help organizations align security controls with actual business consequences. (Steve Durbin) How to Conduct a Successful Audit of AI-Driven Software Development As AI-generated code becomes commonplace, CISOs need new audit strategies to measure developer practices, govern AI tool usage, and identify software risks before they reach production. (Matias Madou) Frontier AI: Six Questions Every Enterprise Should Ask Security Vendors From model selection and automation to validation and measurable results, the right questions can help enterprises separate genuine AI capabilities from marketing hype. (Joshua Goldfarb) The AI Token Costs That Can Break Cybersecurity As cybersecurity platforms embrace agentic AI, organizations must balance detection performance against the escalating costs of token consumption, deployment architecture, and AI credits. (Danelle Au) When Information Becomes the Attack Surface – Understanding AI Agent Traps From hidden content injections to cognitive state poisoning, attackers are turning trusted data sources into traps for autonomous AI. (Etay Maor) Flipboard Reddit Whatsapp Whatsapp Email","https:\u002F\u002Fwww.securityweek.com\u002Fcisa-reportedly-using-anthropics-mythos-to-scan-government-software-for-flaws\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2026\u002F04\u002FClaude-Mythos-cybersecurity-AI.jpg","2026-07-07T13:13:02+00:00","2026-07-07T14:01:01.863536+00:00",7,[18,21],{"name":19,"type":20},"Anthropic","vendor",{"name":22,"type":23},"Mythos","product","e7b231c8-5f79-4465-8d38-1ef13aea5a14",{"id":24,"icon":26,"name":27,"slug":28},null,"Threat Intelligence","threat-intelligence",[30,35,40,45],{"category":31},{"id":32,"icon":26,"name":33,"slug":34},"02371804-cf6d-4449-98de-f1a2d4d9b266","Tools","tools",{"category":36},{"id":37,"icon":26,"name":38,"slug":39},"6cbdd207-aaa1-4176-9534-e156b125e917","Nation-state","nation-state",{"category":41},{"id":42,"icon":26,"name":43,"slug":44},"839da5c1-3c34-47e2-9499-f7201640e3ac","AI Security","ai-security",{"category":46},{"id":24,"icon":26,"name":27,"slug":28},[]]