The Cybersecurity and Infrastructure Security Agency (CISA) has secured full access to Anthropic’s advanced Mythos Preview model, a development poised to significantly bolster the agency's capabilities in identifying system vulnerabilities. This acquisition provides CISA with a powerful AI tool designed to rapidly analyze vast datasets and pinpoint critical weaknesses in digital infrastructure, enhancing national cyber resilience. The integration marks a pivotal moment for federal cyber defense operations, equipping front-line defenders with state-of-the-art predictive analytics.
This strategic move by a key national cyber defense entity underscores the escalating reliance on sophisticated artificial intelligence within the national security apparatus. It highlights the growing tension between the rapid adoption of cutting-edge, dual-use technologies and the crucial need for comprehensive policy frameworks to govern their deployment in sensitive operational environments.
The Cybersecurity and Infrastructure Security Agency now has full access to Anthropic’s flagship Mythos Preview model, according to a U.S. official and a second person familiar with the matter.
The cyberdefense agency received access around a week ago, the official said. Both sources spoke on the condition of anonymity to discuss internal deliberations.
The White House Office of the National Cyber Director has not yet set clear parameters for how the agency should use the model, the official added.
The lack of parameters echoes earlier Nextgov/FCW reporting showing federal tech leaders have privately complained that ONCD has not adequately briefed them on implementing or using the model for vulnerability scanning.
CISA did not respond to a request for comment.
Over the last few months, Anthropic surgically rolled out Mythos Preview to select organizations and recently expanded this effort — dubbed Project Glasswing — to partners in industry and other nations. The model has been distributed through a non-public process on grounds that, in the wrong hands, it can significantly boost adversaries’ hacking capabilities.
CISA was not included in an initial Mythos rollout, Axios reported in April. Last week, Nextgov/FCW reported that agency access to the model was imminent.
Mythos Preview is different from Anthropic’s similar-sounding Mythos 5 successor model, which the U.S. effectively banned over the weekend via an export control mechanism alongside the AI company’s Fable 5 model. The move has caused uproar across the cyber and AI community.
Both Mythos 5 and Mythos Preview have only been made available to vetted providers via Project Glasswing.
The Trump administration’s approach to AI has shifted in recent months as officials confront an emerging class of models that can rapidly identify vulnerabilities across computer networks, becoming a major driver of discussions over how AI systems could reshape the future of cybersecurity.
Models like Mythos can help federal agencies identify vulnerabilities faster by analyzing large amounts of software and system data, then surfacing weaknesses and possible attack paths for human defenders to review. Conversely, cyber operators in the intelligence community and Defense Department can also use such models to accelerate their offensive hacking operations.
Editorial Analysis
CISA's integration of the Mythos Preview model profoundly reshapes the landscape of federal cybersecurity, particularly in defensive operations. This advanced AI system offers an unprecedented ability to analyze extensive software and network data, surfacing latent vulnerabilities and potential attack vectors at a scale and speed unattainable by human analysts alone. For the U.S. government, this means a significant acceleration in patching cycles and proactive threat mitigation, enhancing the resilience of critical infrastructure. However, the dual-use nature of such powerful AI is a stark reality; while it bolsters defense, it simultaneously possesses the capacity to accelerate offensive cyber operations for both state and non-state actors, including our adversaries.
The current situation also casts a spotlight on the broader strategic challenge of integrating rapidly evolving AI technologies into national security frameworks. The lack of defined usage parameters for a tool of this magnitude reflects an ongoing struggle to match technological innovation with commensurate governance and ethical guidelines. This mirrors past instances where groundbreaking technologies outpaced regulatory oversight, presenting both immense opportunities and unforeseen risks. The cybersecurity community must now contend with both the immediate tactical advantages offered by Mythos Preview and the longer-term imperative of establishing robust policies to manage its strategic implications across the entire threat spectrum.
