CISA now has full Mythos Preview access, people familiar say

Samuel Boivin/NurPhoto via Getty Images

Featured eBooks
Efficiency, After a Year of DOGE
Read Now

CDM

Read Now

Future-Ready Workforce

Read Now
Insights & Reports
The Federal Practitioner’s Guide to Supply Chain Risk & Due Diligence
Presented By Craft.co
Download Now
US Compliance Mandates & Chainguard Alignment
Presented By Chainguard
Download Now
David DiMolfetta By David DiMolfetta,
Cybersecurity Reporter, Nextgov/FCW

By David DiMolfetta

|

The cyberdefense agency received access around a week ago, but the White House has not yet set clear parameters for how the agency should use the model.

The Cybersecurity and Infrastructure Security Agency now has full access to Anthropic’s flagship Mythos Preview model, according to a U.S. official and a second person familiar with the matter.

The cyberdefense agency received access around a week ago, the official said. Both sources spoke on the condition of anonymity to discuss internal deliberations. 

The White House Office of the National Cyber Director has not yet set clear parameters for how the agency should use the model, the official added.

The lack of parameters echoes earlier Nextgov/FCW reporting showing federal tech leaders have privately complained that ONCD has not adequately briefed them on implementing or using the model for vulnerability scanning.

CISA did not respond to a request for comment. 

Over the last few months, Anthropic surgically rolled out Mythos Preview to select organizations and recently expanded this effort — dubbed Project Glasswing — to partners in industry and other nations. The model has been distributed through a non-public process on grounds that, in the wrong hands, it can significantly boost adversaries’ hacking capabilities.

CISA was not included in an initial Mythos rollout, Axios reported in April. Last week, Nextgov/FCW reported that agency access to the model was imminent.

Mythos Preview is different from Anthropic’s similar-sounding Mythos 5 successor model, which the U.S. effectively banned over the weekend via an export control mechanism alongside the AI company’s Fable 5 model. The move has caused uproar across the cyber and AI community.

Both Mythos 5 and Mythos Preview have only been made available to vetted providers via Project Glasswing.

The Trump administration’s approach to AI has shifted in recent months as officials confront an emerging class of models that can rapidly identify vulnerabilities across computer networks, becoming a major driver of discussions over how AI systems could reshape the future of cybersecurity.

Models like Mythos can help federal agencies identify vulnerabilities faster by analyzing large amounts of software and system data, then surfacing weaknesses and possible attack paths for human defenders to review. Conversely, cyber operators in the intelligence community and Defense Department can also use such models to accelerate their offensive hacking operations.

NEXT STORY: US officials see Iran cyber threat persisting despite preliminary deal