The Sheffield Press

Technology

CISA uses Anthropic AI to scan government code for flaws

By Marcus Chen ·
CISA uses Anthropic AI to scan government code for flaws

The U.S. Cybersecurity and Infrastructure Security Agency has begun using Anthropic’s Mythos model to scan government software for security flaws. The agency’s Attack Surface Evaluation team is carrying out the audits, combing through government code repositories for bugs that could open doors for foreign intelligence services or ordinary cybercriminals.

The move puts a frontier AI system into a job that federal security teams have long handled by hand. The reviews have already uncovered a large number of vulnerabilities, though their seriousness and the amount of code examined were not disclosed. For CISA, the appeal is speed: a model that can sift through repositories faster than a human reviewer could help agencies catch weaknesses before attackers do.

AI-generated illustration
AI-generated illustration

Large language models can misread code, flag harmless patterns as threats, or miss subtle flaws that a seasoned engineer would catch. They also tend to operate inside opaque systems that make it hard to see why a piece of code was flagged, what was skipped, or how much trust a reviewer should place in the output. In government cybersecurity, one false alarm can waste scarce staff time and one missed defect can expose a network.

Anthropic’s path to federal work has been complicated. Earlier this year, the company resisted pressure to remove safeguards that kept its AI from being used for autonomous weapons or domestic surveillance. That clash led the Pentagon to label Anthropic a supply-chain risk until a federal judge blocked the designation. The dispute later eased after Mythos was released privately as a model built to find and exploit cybersecurity weaknesses.

Related photo

The National Security Agency has also been using Mythos since at least April.

Sources

  1. [1]usnews.com
technologyCISAAnthropic AI