The U.S. Cybersecurity and Infrastructure Security Agency has begun using Anthropic’s most advanced AI model, Mythos, to scan federal government code repositories for security vulnerabilities, marking the first large-scale deployment of frontier AI for defensive cybersecurity inside the U.S. government.
The deployment, confirmed by multiple sources familiar with the program, represents a significant milestone in the government’s effort to use artificial intelligence to stay ahead of adversaries who are themselves using AI to probe federal systems for weaknesses. CISA is using Mythos to audit millions of lines of code across civilian agencies, looking for bugs that could be exploited by foreign intelligence services or criminal hackers.

What Mythos Brings to the Fight
Mythos, developed by Anthropic, is one of the most powerful AI models ever created. It was initially restricted by the U.S. government in June 2026 over national security concerns — the Commerce Department briefly blocked its wider release, and Anthropic was forced to disable the model globally for a period. But after negotiations, the government loosened restrictions, allowing CISA and select other agencies to deploy it for defensive cybersecurity work.
The model has already found vulnerabilities in classified government systems, according to officials. Its ability to reason about complex code structures and identify subtle security flaws — the kind that human reviewers might miss — makes it uniquely suited to the task of hardening federal networks against increasingly sophisticated attacks.
The AI Cybersecurity Arms Race
The CISA deployment reflects a broader shift in how governments think about AI and cybersecurity. For years, the dominant concern was that AI would empower attackers — enabling automated vulnerability discovery, sophisticated phishing, and AI-generated malware. Those concerns are valid, and evidence suggests that state-sponsored hacking groups are already using AI tools to accelerate their operations.
But the CISA program demonstrates the flip side: AI can also be a powerful defensive weapon. By automating the tedious and error-prone work of code review, models like Mythos can help defenders find and fix vulnerabilities before attackers discover them. It is a race, and the government is betting that giving its defenders access to the best AI available is essential to winning it.
What Comes Next
The Senate has urged the Department of Defense to adopt Anthropic’s AI for its own cybersecurity programs, and several other federal agencies are reportedly evaluating similar deployments. The White House’s June 2026 executive order on AI and cybersecurity explicitly directed agencies to accelerate the adoption of AI-enabled defensive tools, and the CISA program is the most visible result of that directive so far.
For Anthropic, the government deployment validates its approach to AI safety. The company has positioned itself as the responsible alternative in the AI industry, emphasizing security testing and controlled deployment. Having its most powerful model trusted to protect federal networks is a significant endorsement of that strategy — and a signal that the government sees frontier AI as essential infrastructure, not just a commercial product.