The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is deploying Anthropic's AI model named Mythos to audit government software code, according to three sources familiar with the matter. The initiative, run by CISA's Attack Surface Evaluation team, has already identified a large number of vulnerabilities in government repositories.
The move marks a significant step in applying advanced artificial intelligence to federal cybersecurity efforts. By automating code review at scale, CISA aims to proactively discover and patch security gaps before they can be exploited by malicious actors.
Sources indicate that Mythos has already proven effective in uncovering vulnerabilities, though specific numbers or types of flaws have not been disclosed. The model is being used to scan repositories across multiple government agencies, according to the sources.
If successful, this AI-driven auditing approach could become a model for other federal agencies seeking to bolster their defensive capabilities. However, reliance on a single AI system raises concerns about potential blind spots or adversarial attacks targeting the model itself.
While the use of AI for code audit is promising, critics caution that automated tools can miss subtle logic flaws or produce false positives. CISA has not commented on the accuracy rate or how vulnerabilities are triaged after discovery.