The U.S. Cybersecurity and Infrastructure Security Agency is employing Anthropic’s AI model Mythos to review government software for vulnerabilities, according to three people familiar with the effort. The initiative reflects growing federal interest in the startup’s technology amid its ongoing tensions with the White House.
CISA is applying the tool to examine code repositories for flaws that could be exploited by foreign actors or cybercriminals, the sources said. The agency’s Attack Surface Evaluation team is conducting the assessments.
Anthropic did not comment on the project. A CISA spokesperson previously indicated they would look into the matter but has not provided further details.
Two sources reported that the reviews have identified numerous vulnerabilities, though specifics on the volume of code examined or the severity of issues remain unclear.
Anthropic, which has filed confidentially for a U.S. IPO, has faced friction with the government. In February, the company declined to remove safeguards against uses in autonomous weapons or domestic surveillance, leading the Pentagon to issue a supply-chain risk designation. A judge blocked the measure in March.
Relations have since improved following the release of Mythos, which excels at detecting cybersecurity weaknesses. The NSA has reportedly used the model since April. However, a public version called Fable prompted White House demands to restrict foreign access, causing a temporary global shutdown that ended last week.
The NSA and White House did not respond to requests for comment.


