The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is using Anthropic’s powerful AI model Mythos to audit government software code, according to three sources familiar with the matter. The deployment has already uncovered a “large number of vulnerabilities,” sources said, marking another sign of government enthusiasm for Anthropic’s tools despite an ongoing standoff with the White House.
CISA’s secret weapon
The scans are being conducted by CISA’s Attack Surface Evaluation team, which is known for conducting digital security assessments and hacking exercises across government.
Two sources said the audits had already uncovered a large number of vulnerabilities. This comes after the Pentagon (and financial institutions) used Claude AI’s models to find bugs in different environments. The results shocked them all, pushing them to modernize their security infrastructure and shift to dynamic monitoring. The AI firm added, at that time, that “thousands of high-severity vulnerabilities, including some in every major operating system and web browser.”
Plus, a U.S. official recently shared that Mythos managed to spot vulnerabilities in highly “sensitive and secure U.S. government computer systems” in just a few hours during a test run. This was all part of Anthropic’s Project Glasswing, where they’re teaming up with other tech leaders to keep critical software safe from the kind of advanced threats AI might pose.
Anthropic’s rocky government ties
The deployment comes despite Anthropic’s tumultuous relationship with the U.S. government. In February, the Pentagon slapped Anthropic with a formal supply-chain risk designation after the company refused to remove safeguards preventing its AI from being used for autonomous weapons or domestic surveillance. The blacklisting was blocked by a judge in March, and tensions eased following the private release of Mythos, described as extremely capable at finding cybersecurity vulnerabilities.
The National Security Agency (NSA) has been using Mythos since April despite the blacklist. Late last month, the White House demanded Anthropic ban foreigners from running the public version, Fable, triggering a global shutdown that was lifted only last week.
The Project Glasswing connection
CISA’s whole security tasks implementation is part of a broader initiative called Project Glasswing, an Anthropic program designed to secure critical software infrastructure. The project brings together tech giants, government agencies, and private sector partners to identify vulnerabilities before attackers (i.e., spies or cybercriminals) can exploit them.
In early June 2026, Project Glasswing expanded to include approximately 150 partner organizations across more than 15 countries. Continuing with the AI drama, CISA gained full access to the Mythos AI model shortly after this expansion, going from being notably excluded from the initial access group in April to a full participant by mid-June. And recently, in July, the Trump administration weighed AI access for allies at G7 countries.
It’s no shocker that Project Glasswing is already proving its worth. Senator Mark Warner even shared at a Senate hearing that the Mythos model “broke into almost all of our classified systems, not in weeks but in hours.”
With the program now expanding globally, allied nations are jumping on board to use these same AI-driven code auditing tools, helping build a stronger, shared defense network against complex cyber threats.
This is a big deal for the Web3 crowd, too: the same tech being used to lock down government code could soon find its way into auditing smart contracts, DeFi protocols, and other essential onchain infrastructure.
Nevertheless, the White House is currently in talks with AI companies to set up some voluntary standards for when they drop new, cutting-edge AI models. These guidelines are basically meant to act as a yardstick for models that have great cyber skills, while also mapping out when companies should release them. This whole initiative just builds on President Trump’s executive order from back in June, which told agencies to get to work on setting up some ground rules for how AI gets tested and rolled out.




