Skip to main content
TechnologyJul 8, 2026· 2 min read

Anthropic: Its AI Mythos Scans the US Government Code, Despite Controversies

The Cybersecurity and Infrastructure Security Agency has entrusted Mythos, Anthropic's artificial intelligence model, with scanning the code repositories of the US government. This task is handled by the Attack Surface Evaluation, an internal team at CISA that normally conducts digital security assessments and hacking exercises within federal agencies. Sources cited by Reuters mention a significant number of vulnerabilities already uncovered.

None of the sources wanted to go into detail about the nature and severity of the bugs found. Reuters was unable to establish how much of the federal code had already been scoured, nor which specific systems were involved in the audit operation.

Mythos is not the model to which anyone can access with a regular Claude subscription. Anthropic reserves it, through the Project Glasswing program, for a select group of cybersecurity defenders and researchers, with fewer restrictions than the public version. The latter, dubbed Fable, includes protections designed to prevent misuse of the model in offensive contexts.

The same sources report that the National Security Agency has been using Mythos since April, according to Axios. The New York Times wrote that agency analysts had tested it in classified environments, coming away impressed by the model's ability to identify flaws in software.

The June Halt and the Return of Fable

On June 12, 2026, the US government imposed export controls on Fable and Mythos after some Amazon researchers discovered a way to bypass the protections of the public model, demonstrating how to exploit a vulnerability identified. Anthropic clarified that the technique did not exploit exclusive capabilities of Mythos, as even less sophisticated models would have reached the same result.

Unable to verify in real-time the nationality of those using the model, Anthropic had to suspend access globally, including for users in the United States. The controls were lifted on June 30, and from July 1, Fable became available again on Claude Platform, Claude.ai, Claude Code, and Claude Cowork.

This episode aptly illustrates the paradox in which Anthropic operates. The same company that came under scrutiny from the White House for a model deemed too permissive is then called upon to bolster the digital security of the government that sanctioned it. The fact that CISA and NSA rely on Mythos to uncover bugs in their own systems demonstrates how, in practice, US agencies now consider these tools essential, despite doubts about their reliability when applied on a large scale and without public verification of results.