Key Takeaways
- Multiple U.S. federal agencies, including CISA and the NSA, are reportedly using Anthropic’s AI model Mythos to scan government code for security vulnerabilities, despite a standing national‑security ban on the product.
- The ban originated in February after Anthropic refused to allow its technology to be used for domestic surveillance or autonomous weapons, prompting a Pentagon “supply‑chain risk” designation that took effect in March.
- Sources say CISA’s Attack Surface Evaluation team is employing Mythos in penetration‑testing exercises, uncovering a “large number” of flaws, with a focus on government‑maintained code repositories.
- Although Anthropic has not publicly confirmed any federal use during the ban period, internal sources indicate the NSA also continued to use Mythos through June.
- The rollout of Mythos‑based product “Fable” in early June was quickly curtailed by the Trump administration, which demanded foreign‑access restrictions and instituted a temporary global shutdown.
- Fable is a limited release with extra guardrails designed to prevent abusive exploitation, while competitors such as OpenAI’s GPT‑5.6 Sol employ similar safeguards for defensive cybersecurity work only.
- An executive order issued last month calls for a voluntary 30‑day review framework for powerful AI models before release, but its implementation remains pending.
- Security experts warn that AI‑driven vulnerability discovery is accelerating on both defense and offense sides, urging organizations to shorten remediation cycles and assume adversaries are wielding comparable AI capabilities.
CISA’s reported use of Mythos for vulnerability scanning
Inside sources told Reuters that the Cybersecurity and Infrastructure Security Agency (CISA) is actively employing Anthropic’s Mythos model to probe federal software for security weaknesses. The agency’s Attack Surface Evaluation team, which conducts digital security assessments, penetration testing, and other active hacking exercises for other government bodies, is said to be running Mythos scans across government code repositories. Although the sources did not specify which agencies have been audited or the exact scope of work, they noted that a “large number” of vulnerabilities have already been uncovered, with particular emphasis on code maintained directly by the government.
NSA’s alleged continued use of Mythos despite the ban
The same inside sources indicated that the National Security Agency (NSA) has also been using Mythos for vulnerability scanning, even after the national‑security ban took effect in April. Reports of NSA usage surfaced as early as April and persisted through June of this year. These claims remain unconfirmed publicly, but they fit a broader pattern of federal agencies discreetly leveraging the AI model’s capabilities despite official restrictions.
Origins of the Anthropic ban and the supply‑chain risk designation
The controversy began in February when Anthropic announced it would not permit its products to be used for domestic surveillance or as a guide for autonomous weapons. The statement provoked a strong reaction from President Trump, leading the Pentagon to label Anthropic a “supply‑chain risk” in March. This designation prohibits federal agencies and tens of thousands of defense‑related contractors from using Anthropic’s AI tools, although affected parties were granted a six‑month window to phase out existing usage.
Early access and the impressive performance of Mythos
Despite the ban, a limited set of organizations received early access to a “Preview” version of Mythos in April. Those testers reportedly found the model exceptionally adept at locating security vulnerabilities, including deeply buried issues that had persisted for a decade without detection. The model’s speed and depth impressed the testers, prompting continued use by agencies such as the NSA and, according to sources, CISA’s evaluation team.
Anthropic’s silence and the lack of official confirmation
Anthropic has not issued any public comment regarding federal use of its products during the ban period. Reuters reporters attempted to obtain a statement from a CISA representative in June concerning the Mythos‑scan allegations, but the representative did not follow up. The absence of on‑the‑record confirmation leaves the reports reliant on anonymous insider accounts, though the consistency across multiple agencies lends credibility to the claims.
The launch of Fable and its restrictive guardrails
Anthropic’s initial public rollout of Mythos, branded “Fable,” debuted in early June. The Trump administration swiftly moved to block foreign access, triggering a global shutdown that lasted until month’s end. Fable is described as a “limited” release, equipped with extra guardrails intended to prevent malicious exploitation of its vulnerability‑finding abilities. These safeguards aim to restrict the model to legitimate defensive cybersecurity tasks only.
Parallel developments with competing AI models
Around the same time, OpenAI released GPT‑5.6 Sol, a model touted to have comparable capabilities for security analysis. OpenAI has likewise imposed stringent guardrails that limit the model’s reasoning functions and confine its use to authorized defensive cybersecurity assistance. The parallel moves underscore a industry‑wide trend of releasing powerful AI models while attempting to curb misuse through technical constraints.
Executive order on AI model review timelines
Last month, the Trump administration issued an executive order directing the creation of a framework whereby comparably powerful AI models could be withheld from public release for up to 30 days pending government review. The framework is still under development, and the order specifies that participation will be voluntary for developers. The measure reflects growing concern over the rapid deployment of advanced AI systems without adequate oversight.
Expert perspective on the accelerating vulnerability discovery race
Ensar Seker, CISO at SOCRadar, warned that organizations must now assume similarly capable AI tools are being used by adversaries to probe their networks. He noted that AI guardrails have repeatedly been jailbroken since the launch of ChatGPT in 2022, meaning offensive actors can potentially repurpose defensive AI for harmful purposes. Seker urged governments and enterprises to shorten remediation timelines, arguing that faster vulnerability discovery only improves security if fixes can be deployed equally quickly.
Implications for transparency and future AI governance
Bronwen Aker, an AI Research & Strategy Analyst at Black Hills Information Security, highlighted the current lack of clarity about what exactly Mythos is scanning—whether it is government‑written code or third‑party software running on federal systems. This ambiguity complicates efforts to assess risk and undermines public trust. Aker argued that the federal government’s inconsistent stance—labeling Anthropic a supply‑chain risk one week and then allowing CISA to wield Mythos the next—sends a confusing signal about the role of AI in national security and underscores the need for clearer policies, transparent reporting, and robust oversight as AI‑driven cybersecurity tools become more prevalent.

