White House discussions are weighing giving CISA Mythos access

Thomas Fuller/SOPA Images/LightRocket via Getty Images

Featured eBooks
Efficiency, After a Year of DOGE
Read Now

CDM

Read Now

Future-Ready Workforce

Read Now
Insights & Reports
The Federal Practitioner’s Guide to Supply Chain Risk & Due Diligence
Presented By Craft.co
Download Now
US Compliance Mandates & Chainguard Alignment
Presented By Chainguard
Download Now
Alexandra Kelley By Alexandra Kelley,
Staff Correspondent, Nextgov/FCW

By Alexandra Kelley

|

Officials have considered having the Cybersecurity and Infrastructure Security Agency leverage the advanced AI model that was designed to detect previously undiscovered cyber vulnerabilities to scan federal agencies’ networks.

Recent discussions among top federal officials have floated designating the Cybersecurity and Infrastructure Security Agency as the nexus to coordinate vulnerability scans across federal agencies with Antropic’s high-powered AI model Mythos.

Three sources with knowledge of the discussions, one a White House official, told Nextgov/FCW that the idea is for CISA to scan federal agencies’ digital networks for public-facing vulnerabilities and other security flaws using Mythos. 

The discussions have occurred over the past few weeks, with the White House official telling Nextgov/FCW that, while CISA doesn’t yet use Mythos, agency access to the model is “imminent.”

The launch of Mythos has rattled the cybersecurity landscape in both public and private sectors. Along with unveiling Mythos in early April, Anthropic announced Project Glasswing, an initiative that granted a cohort of private sector tech companies access to a beta version of the AI model to test in a more secure environment. Project Glasswing has since expanded, with Anthropic announcing the addition of new partners last week

As the private sector sees more access to Mythos, federal agencies’ tech leaders have received little guidance on the model. Agency chief information officers have grown frustrated by the lack of communication on Mythos from the Office of the National Cyber Director, and are reaching out to industry partners for more insight into Mythos’s capabilities, several sources recently told Nextgov/FCW

The AI executive order signed by President Donald Trump last week addresses agency access to advanced frontier models and calls for the creation of a binding operational directive that would issue new policies for securing government digital networks. CISA released the directive on Wednesday and the cyber agency will also participate in creating a clearinghouse specifically for AI cybersecurity vulnerabilities.

CISA Acting Director Nick Anderson said during the Business Software Alliance’s Transform event on Wednesday that while AI is set to be an effective tool in safeguarding digital assets, leveraging AI will involve “a training curve.”

“Nothing's a magic wand when it comes to vulnerability remediation, when it comes to addressing your technical debt and your infrastructure responsibilities,” Anderson told reporters Wednesday. “There's just some good … things that organizations still need to focus on where AI is going to be able to help them, but it's not going to solve all their problems.”

NEXT STORY: Lack of White House guidance has complicated agency Mythos adoption, people familiar say