Anthropic’s Mythos rollout has missed America’s cybersecurity agency

Several US federal agencies are taking up Anthropic’s new cybersecurity model to find vulnerabilities, but one is reportedly not getting in on the action: the nation’s central cybersecurity coordinator.

On Tuesday, Axios reported that the Cybersecurity and Infrastructure Security Agency (CISA) didn’t have access to Mythos Preview, which Anthropic has touted as a powerful tool for finding and patching security vulnerabilities. Meanwhile, other agencies like Commerce Department and National Security Agency (NSA) are reportedly using the model, and President Donald Trump’s administration has been negotiating broader access, Axios wrote last week. In a blog post, Anthropic said it’s “been in ongoing discussions with US government officials about Claude Mythos Preview and its offensive and defensive cyber capabilities,” and an unnamed Anthropic official told Axios that CISA was among the agencies briefed. Anthropic declined to comment and CISA did not immediately respond to a request for comment.

Combined with other actions to limit CISA’s workforce and funding, the report signals that CISA’s operations still haven’t been prioritized by the administration, possibly putting digital security at risk. The agency, which is part of the Department of Homeland Security, is meant to serve as the central coordinating body for cybersecurity information, helping state and local officials that run elections and public utilities stay apprised of vulnerabilities and respond to attacks when they occur. But the Trump administration and congressional Republicans have launched political attacks on it, particularly after it declared the 2020 election that President Donald Trump lost to Joe Biden the “most secure in American history.” Trump later fired the official who led that agency in his first administration.

Since returning to office last year, the Trump administration has made a series of decisions that further limit the agency’s remit. Like other federal agencies, CISA lost talent during the Department of Government Efficiency’s cost-cutting efforts, and some staff was also reassigned to work on immigration priorities under DHS. Its acting director told Congress that its resources to detect hacks were limited amid the current DHS shutdown, yet the Trump administration is seeking to trim hundreds of millions more from the agency’s budget.

CISA’s reported lack of access to Anthropic’s Mythos Preview raises further questions about why an agency tasked with protecting critical infrastructure from cyberattacks isn’t able to test a tool that’s found security issues “in every major operating system and web browser,” according to Anthropic. Anthropic is giving restricted access to the tool to give key institutions a “head start” on cyber defenses, Anthropic’s frontier red team cyber lead Newton Cheng told The Verge. But it seems that at least for now, CISA won’t be getting that opportunity.