The Cybersecurity and Infrastructure Security Agency is using Anthropic's Mythos AI model to audit government code repositories, already identifying a significant number of vulnerabilities across federal systems.
CISA's Attack Surface Evaluation team has begun using Mythos, an AI model developed by Anthropic, to scan software repositories used by U.S. government agencies. According to sources familiar with the initiative, the audits have uncovered a substantial volume of security vulnerabilities.
The deployment represents an expansion of automated security testing within federal infrastructure. Mythos assists in identifying potential weaknesses in codebases that could be exploited by adversaries, accelerating the vulnerability discovery process beyond traditional manual review.
CISA established its Attack Surface Evaluation team to proactively identify security gaps in critical government systems. The use of advanced AI models like Mythos allows the agency to process larger code repositories more efficiently and flag issues for remediation by development teams.
The initiative underscores growing reliance on machine learning tools for cybersecurity defense across the federal government. As code repositories expand and development cycles accelerate, manual vulnerability detection alone has proven insufficient for maintaining security posture.
Anthropanic's involvement in government security operations reflects broader industry trends of deploying large language models for technical analysis. The company has positioned its AI systems as tools for analyzing complex codebases and identifying security patterns.
Details on the specific vulnerabilities discovered and affected agencies remain limited. CISA typically coordinates remediation efforts with relevant departments when vulnerabilities are identified in critical systems.
The effort aligns with the Biden administration's broader cybersecurity initiatives, which have emphasized both government modernization and threat prevention. Federal agencies have faced increasing pressure to strengthen defenses against sophisticated cyber threats from state and non-state actors.
It remains unclear whether the program will expand to other government agencies or become a standard component of CISA's security operations.
U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.
Tailscale disclosed a critical vulnerability in its SSH implementation that allowed attackers to gain root access through insecure argument handling. The flaw has been patched in recent versions.
A new study found that social media platforms referred over 5.7 million visits to nonconsensual deepfake pornography sites between December 2025 and March 2026, with YouTube and X accounting for the majority of traffic.