The agency responsible for protecting US government networks from cyberattacks doesn't have access to the AI tool Anthropic built specifically to find those vulnerabilities.
According to reporting by Axios, the Cybersecurity and Infrastructure Security Agency (CISA) - the federal body that coordinates the country's cyber defenses and responds to major attacks on government infrastructure - was not included in the rollout of Mythos Preview, Anthropic's specialized model designed to identify software vulnerabilities. Several other federal agencies did receive access.
Anthropic has positioned Mythos as a serious tool for offensive security work - the kind of automated vulnerability scanning that normally requires large teams of skilled human researchers. The model is built to find weaknesses in code and systems before adversaries do, which makes CISA an obvious candidate for early access given its mandate. The agency is the operational hub for federal civilian cybersecurity, coordinating responses when systems are compromised and setting security standards across government networks.
No explanation for the omission has been made public. It's unclear whether this reflects a deliberate decision by Anthropic, a procurement or access control delay on the government side, or something else. CISA's absence is notable precisely because the agency's job is to be the first line of defense for US civilian government networks - the exact infrastructure Mythos is supposed to help protect.
Claude is already in use across various government and enterprise contexts, and Anthropic has been actively pursuing federal contracts. The Mythos rollout is part of that push into high-stakes institutional use cases. How the CISA gap gets resolved - or whether it does - will be a small but telling signal about how Anthropic manages federal relationships as it moves deeper into government work.