Key facts
- The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is using Anthropic's AI model Mythos.
- Mythos is being employed to audit government software code for vulnerabilities.
- The audits have reportedly identified a significant number of security flaws.
- Anthropic previously faced a supply-chain risk designation from the Pentagon, which was later blocked by a judge.
- The National Security Agency has also been using Mythos for testing.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is reportedly utilizing Anthropic's AI model, Mythos, to scrutinize government software code for security flaws. This initiative, confirmed by three individuals familiar with the matter, signifies the government's increasing reliance on advanced AI tools for cybersecurity.
The Mythos model is being deployed by CISA's Attack Surface Evaluation team to scan code repositories for vulnerabilities that could be exploited by foreign adversaries and cybercriminals. While the sources indicated that a substantial number of bugs have already been discovered, specific details regarding the quantity or severity of these vulnerabilities were not disclosed.
Anthropic's engagement with the U.S. government has been marked by challenges. The AI company had a contentious relationship with U.S. authorities after refusing to remove safeguards that prevented its AI from being used for autonomous weapons or domestic surveillance, leading to a temporary supply-chain risk designation by the Pentagon. This designation was later overturned by a judge.
Despite these past issues, the National Security Agency (NSA) has reportedly been using Mythos since April, even during the period of the designation. Reports suggest NSA analysts have been impressed with the model's capabilities in classified settings. The White House's recent demand for Anthropic to ban foreigners from running a public version of Mythos, called Fable, led to a temporary global shutdown of the model.
