US National Cybersecurity Agency Using Anthropic’s Mythos For Bug Hunting 

CISA has reportedly deployed Anthropic’s Mythos to catch bugs in federal code.

Published on Jul 9, 2026
Akshaya Asokan Written by Akshaya Asokan
US National Cybersecurity Agency Using Anthropic’s Mythos For Bug Hunting 

The US Cybersecurity and Infrastructure Security Agency (CISA) is using Anthropic’s AI model, Mythos, to find vulnerabilities in government code repositories, Reuters reported Monday, citing unidentified sources.

The Attack Surface Evaluation teams at CISA, responsible for digital security and resilience, are overseeing the testing, Reuters reported. CISA and Anthropic did not immediately respond to requests for comment on the types of systems tested or the vulnerabilities found.

Anthropic previewed Mythos in April under its initiative, called Project Glasswing, an industry-led collaboration that seeks to secure software applications. The initiative was launched by Anthropic because it believed the capabilities of Mythos “could reshape cybersecurity.”

Dispute With The PentagonThe developments surrounding Mythos’ capabilities, however, led to panic over its disruptive potential, with the US government imposing an interim export ban on Anthropic models Mythos and Fable. 

The US government lifted the ban in July only after Anthropic put in place adequate security measures to prevent potential model exploitation by threat actors.

In February, the company was also embroiled in tensions with the Pentagon over its decision not to remove Claude security guardrails to allow the US military to use the model for autonomous weapons and surveillance capabilities.

With tensions between Washington and Anthropic subsiding, more government entities have announced plans to deploy frontier models for vulnerability discovery in legacy systems.

The UK National Cyber Security Centre on Tuesday announced plans to build “Cyber Shield,” a custom agentic AI system to identify vulnerabilities in legacy systems, generate automated insights, and coordinate security remediation at a national level.

On Monday, the Alberta government said its custom AI agents, built using Anthropic’s Claude Code, Claude Opus, and Claude Sonnet, scanned 466 million lines of code in 20 hours to identify 185 vulnerable systems. The report, however, does not provide any additional information on the types of vulnerabilities discovered or how they were identified.

This field is for validation purposes and should be left unchanged.

FREE NEWSLETTER

Cyber Weekly

Get curated cybersecurity news, threats and insights delivered free every Thursday.

Written By Written By
Akshaya Asokan
Akshaya Asokan Freelance Journalist

Akshaya Asokan is a U.K.-based cybersecurity and technology journalist with experience covering nation‑state hacking operations, cyber and tech policy, and emerging cybercrime trends. She previously served as the senior European cybersecurity correspondent for Information Security Media Group’s Global News Desk. Before that, she reported on IT developments for IDG Media and covered artificial intelligence and machine learning for Analytics India Magazine. Earlier in her career, she wrote on sexual and religious minority rights as a reporter for The New Indian Express.