CISA deploys Anthropic’s Mythos AI to hunt vulnerabilities in government code

CISA deploys Anthropic’s Mythos AI to hunt vulnerabilities in government code

The cybersecurity agency gained full access to Anthropic's most advanced code-auditing model, reportedly finding classified system flaws in hours instead of weeks

The US government’s top cybersecurity agency is now running one of the most powerful AI models ever built against its own code. The Cybersecurity and Infrastructure Security Agency has obtained full access to Anthropic’s Mythos Preview model, putting machine learning to work on the decidedly unglamorous but critical task of finding security holes in government computer systems.

From excluded to all-access

When Anthropic first briefed the agency and the Commerce Department on the model’s capabilities back in April 2026, CISA was notably left out of the initial access cohort. That first group included roughly 50 organizations, and CISA wasn’t among them.

Advertisement

By mid-June 2026, CISA had secured full access to the model under Anthropic’s Project Glasswing initiative, a broader program designed to enhance code analysis across critical infrastructure and government sectors. Project Glasswing had just expanded in early June to approximately 150 additional partner organizations spanning more than 15 countries. CISA’s inclusion came shortly after that expansion.

What Mythos actually does

During testing exercises with intelligence agencies, the Mythos model reportedly uncovered vulnerabilities in classified systems within hours. The traditional timeline for that kind of work? Weeks, at minimum.

No specific metrics on CISA’s internal deployment results have been disclosed yet. But the fact that the agency moved from being excluded in April to demanding full access by June tells its own story about what preliminary testing revealed.

The bigger picture for Anthropic and AI security

Anthropic is navigating real complexity here. Using AI for both offensive and defensive cybersecurity raises questions that don’t have clean answers. Export controls on advanced AI models remain a live policy debate. Military applications hover at the edge of every government AI deployment.

The expansion of Project Glasswing to over 15 countries adds another layer. International partners gaining access to the same model that audits US government code creates shared capability, but also shared risk.

Disclosure: This article was edited by Editorial Team. For more information on how we create and review content, see our Editorial Policy.

CISA deploys Anthropic’s Mythos AI to hunt vulnerabilities in government code

CISA deploys Anthropic’s Mythos AI to hunt vulnerabilities in government code

The cybersecurity agency gained full access to Anthropic's most advanced code-auditing model, reportedly finding classified system flaws in hours instead of weeks

The US government’s top cybersecurity agency is now running one of the most powerful AI models ever built against its own code. The Cybersecurity and Infrastructure Security Agency has obtained full access to Anthropic’s Mythos Preview model, putting machine learning to work on the decidedly unglamorous but critical task of finding security holes in government computer systems.

From excluded to all-access

When Anthropic first briefed the agency and the Commerce Department on the model’s capabilities back in April 2026, CISA was notably left out of the initial access cohort. That first group included roughly 50 organizations, and CISA wasn’t among them.

Advertisement

By mid-June 2026, CISA had secured full access to the model under Anthropic’s Project Glasswing initiative, a broader program designed to enhance code analysis across critical infrastructure and government sectors. Project Glasswing had just expanded in early June to approximately 150 additional partner organizations spanning more than 15 countries. CISA’s inclusion came shortly after that expansion.

What Mythos actually does

During testing exercises with intelligence agencies, the Mythos model reportedly uncovered vulnerabilities in classified systems within hours. The traditional timeline for that kind of work? Weeks, at minimum.

No specific metrics on CISA’s internal deployment results have been disclosed yet. But the fact that the agency moved from being excluded in April to demanding full access by June tells its own story about what preliminary testing revealed.

The bigger picture for Anthropic and AI security

Anthropic is navigating real complexity here. Using AI for both offensive and defensive cybersecurity raises questions that don’t have clean answers. Export controls on advanced AI models remain a live policy debate. Military applications hover at the edge of every government AI deployment.

The expansion of Project Glasswing to over 15 countries adds another layer. International partners gaining access to the same model that audits US government code creates shared capability, but also shared risk.

Disclosure: This article was edited by Editorial Team. For more information on how we create and review content, see our Editorial Policy.