The Cybersecurity and Infrastructure Security Agency is using Anthropic's Mythos AI model to audit government code repositories, already identifying a significant number of vulnerabilities across federal systems.
CISA's Attack Surface Evaluation team has begun using Mythos, an AI model developed by Anthropic, to scan software repositories used by U.S. government agencies. According to sources familiar with the initiative, the audits have uncovered a substantial volume of security vulnerabilities.
The deployment represents an expansion of automated security testing within federal infrastructure. Mythos assists in identifying potential weaknesses in codebases that could be exploited by adversaries, accelerating the vulnerability discovery process beyond traditional manual review.
CISA established its Attack Surface Evaluation team to proactively identify security gaps in critical government systems. The use of advanced AI models like Mythos allows the agency to process larger code repositories more efficiently and flag issues for remediation by development teams.
The initiative underscores growing reliance on machine learning tools for cybersecurity defense across the federal government. As code repositories expand and development cycles accelerate, manual vulnerability detection alone has proven insufficient for maintaining security posture.
Anthropanic's involvement in government security operations reflects broader industry trends of deploying large language models for technical analysis. The company has positioned its AI systems as tools for analyzing complex codebases and identifying security patterns.
Details on the specific vulnerabilities discovered and affected agencies remain limited. CISA typically coordinates remediation efforts with relevant departments when vulnerabilities are identified in critical systems.
The effort aligns with the Biden administration's broader cybersecurity initiatives, which have emphasized both government modernization and threat prevention. Federal agencies have faced increasing pressure to strengthen defenses against sophisticated cyber threats from state and non-state actors.
It remains unclear whether the program will expand to other government agencies or become a standard component of CISA's security operations.
A Cambridge study reveals that terrorist organizations including Boko Haram and ISIS are using ChatGPT, Claude, and Gemini to plan attacks and develop weapons. Safety filters designed to prevent such misuse have repeatedly failed.
The Australian Cyber Security Centre has issued an alert about coordinated exploitation of vulnerable content management systems and plugins worldwide. The campaign targets organizations using outdated or unpatched CMS software.
Artificial intelligence discovered a critical security vulnerability in Linux kernel code that human developers overlooked for over a decade. The bug could allow unauthorized root access to systems.
Researchers have demonstrated a new attack called 'Ghostcommit' that hides prompt injections in PNG files to fool AI code reviewers and agents into exposing repository secrets.