DistantNews
Support us
Exclusive-US cyber agency is using Anthropic's Mythos to audit government code, sources say
๐Ÿ‡ธ๐Ÿ‡ฌ Singapore /Technology

Exclusive-US cyber agency is using Anthropic's Mythos to audit government code, sources say

From CNA · () English

Summarized and contextualized by DistantNews.

At a glance

News Named sources Context piece
  • The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is reportedly using Anthropic's AI model, Mythos, to audit government software for vulnerabilities.
  • This adoption signifies government enthusiasm for AI tools, even as Anthropic navigates regulatory scrutiny and past conflicts with the U.S. government over AI safeguards.
  • The audits have already uncovered numerous vulnerabilities, though the exact scope and severity remain undisclosed.

The U.S. cyber defense agency CISA is leveraging Anthropic's advanced AI model, Mythos, to scrutinize government software for security flaws, according to three individuals familiar with the matter. This move highlights a growing governmental embrace of artificial intelligence tools, even as Anthropic, the AI startup behind Mythos, navigates complex relationships with U.S. authorities, including a past standoff with the White House over AI safeguards.

The U.S. cyber defense agency CISA is using Anthropic's AI model Mythos to audit government software.

โ€” Sources familiar with the matterConfirming CISA's use of Anthropic's AI for code auditing.

CISA's Attack Surface Evaluation team is employing Mythos to scan government code repositories. The objective is to identify bugs that could be exploited by foreign adversaries and cybercriminals. While Anthropic has not commented on this specific initiative, a CISA representative previously indicated they would look into sharing information, though further inquiries went unanswered. One source indicated that these audits have already yielded a significant number of vulnerability discoveries, though details regarding the quantity, nature, or severity of these bugs have not been elaborated upon, and Reuters could not independently verify the extent of the code scanned.

Anthropic's engagement with the U.S. government has been notably turbulent. Relations soured in February when the company resisted removing safeguards that prevent its AI from being used for autonomous weapons or domestic surveillance. This led to the Pentagon designating Anthropic with a formal supply-chain risk label, typically reserved for foreign entities suspected of espionage. However, a judge blocked this designation in March. The situation has eased somewhat following the private release of Mythos, an AI model recognized for its proficiency in identifying and exploiting cybersecurity vulnerabilities.

The audits had already uncovered a large number of vulnerabilities.

โ€” SourceIndicating the effectiveness of the AI model in identifying security flaws.

Even with the prior designation, the National Security Agency (NSA) has been utilizing Mythos since April, as reported by Axios. More recently, the New York Times noted that NSA analysts tested Mythos in classified environments and were impressed by its capabilities. Complicating matters further, the White House recently demanded that Anthropic ban foreigners from operating a public version of Mythos called Fable, which included cybersecurity safeguards. This demand triggered a global shutdown of the model that was only lifted last week. Neither the NSA nor the White House immediately responded to requests for comment on these developments.

The National Security Agency, the U.S. government's powerful eavesdropping agency, has been using Mythos as far back as April despite the blacklist.

โ€” Axios reportDetailing the NSA's prior use of the AI model.
DistantNews Editorial

Originally published by CNA. Summarized and contextualized by our editorial team with added local perspective. Read our editorial standards.