Pulse

Security / Jul 7, 2026 / 4 min

The Bug Hunter the Pentagon Called a Risk

On July 6, Reuters reported that CISA's Attack Surface Evaluation team is scanning federal code repositories with Anthropic's Mythos — the same offensive-grade model the Pentagon blacklisted in February — even as both agencies stay silent on what the audits found.

Thesis Washington just hired the hacker model it labeled a supply-chain risk to audit its own software — and neither CISA nor Anthropic will say what's broken.

CISA is reportedly running Anthropic's Mythos — a model built to find and exploit software flaws — across federal code repositories, three people told Reuters on July 6, even though the Pentagon blacklisted the company four months ago and neither agency will confirm a single finding on the record.

What Reuters reported:

  • Reuters reported July 6 that the Cybersecurity and Infrastructure Security Agency is using Mythos to audit government software.
  • Three people familiar with the matter said CISA is scanning government code repositories for bugs that could let foreign spies or cybercriminals in.
  • The work runs through CISA's Attack Surface Evaluation team — the unit that conducts digital security assessments and hacking exercises across government.
  • Two sources said the audits have already uncovered "a large number of vulnerabilities" but would not elaborate. Reuters could not establish how much code was reviewed or how severe the bugs are.
  • Anthropic did not respond to Reuters' questions. A CISA representative said last month he would check whether anything could be shared — then went quiet.

Why Mythos is not a normal security tool:

  • Anthropic markets Mythos under its Project Glasswing cybersecurity push as unusually strong at finding software flaws — and at exploiting them.
  • The company has widened access to 150 organizations across more than 15 countries, per The Next Web's summary of the reporting.
  • Anthropic has confidentially filed for a U.S. IPO. A government adoption story lands weeks before a roadshow.

The standoff that preceded the audit:

  • Relations hit a low in February after Anthropic refused to strip safeguards blocking use of its AI for autonomous weapons or domestic surveillance.
  • The Pentagon responded with a formal supply-chain risk designation — a label Reuters noted had previously been reserved for foreign firms suspected of enabling espionage.
  • Anthropic became the first U.S. company publicly designated under that procurement statute, per Reuters' March 26 coverage of the ensuing lawsuit.
  • U.S. District Judge Rita Lin temporarily blocked the designation on March 26, writing the administration's actions did not appear directed at stated national security interests but rather at punishing Anthropic.

NSA tested it anyway:

  • Axios reported in April that the NSA had been using Mythos despite the blacklist.
  • The New York Times reported late last month that NSA analysts tested Mythos in classified settings and came away impressed.
  • When Anthropic rolled out a public version called Fable with cybersecurity safeguards, the White House demanded it ban foreigners from running it — triggering a global shutdown of both models that Commerce lifted on June 30.

The policy whiplash:

  • Dean Ball, a former Trump AI adviser who helped craft the administration's AI Action Plan, wrote in late June: "In a matter of weeks, U.S. federal AI policy has gone from implausibly libertarian to increasingly draconian and opaque."
  • The same fortnight brought export controls on Fable and Mythos, a delayed GPT-5.6 rollout limited to vetted partners, and — now — reported defensive use of the model Washington spent months fighting over.
  • OpenAI is pitching its own cyber-defense model as an alternative, per TNW — but CISA's reported choice is Anthropic's offensive-grade stack.

What we cannot verify:

  • Every operational claim rests on anonymous sources. CISA and Anthropic have not confirmed the program on the record.
  • No public accounting exists of which systems were scanned, how findings are triaged, or what happens after Mythos surfaces a flaw.
  • Reuters explicitly could not establish the scale or severity of vulnerabilities discovered.

What to watch:

  • Whether CISA or Anthropic breaks silence — especially as Anthropic's IPO timeline tightens.
  • Whether the White House's voluntary frontier-model standards codify federal pre-release access that makes Mythos audits routine.
  • How Congress reacts if a model the Pentagon once labeled a supply-chain risk becomes the default federal code scanner without a public procurement record.

Convina's view: Washington is not choosing between safety and speed. It is choosing both — in secret. The Pentagon called Anthropic a supply-chain risk. CISA, if Reuters' sources are right, is feeding it the government's own source code. That is not hypocrisy so much as admission: the offensive capability is the product, and the defensive use case is too valuable to ban. The problem is governance. Anonymous audits with no disclosed scope, no public triage process, and no on-record confirmation are how you get pragmatism that looks like overreach — or a breach that looks like a feature. If Mythos is this good at finding holes in federal software, the public deserves to know how many it found and who is fixing them. Silence is not a security strategy. It is a press strategy.

Research Signals

https://www.channelnewsasia.com/business/exclusive-us-cyber-agency-using-anthropics-mythos-audit-government-code-sources-say-6236311 https://thenextweb.com/news/cisa-anthropic-mythos-government-code-audit https://www.reuters.com/world/us-judge-blocks-pentagons-anthropic-blacklisting-now-2026-03-26/