CISA Lacks Access to Anthropic's Mythos AI Model Despite Government Adoption

The Cybersecurity and Infrastructure Security Agency (CISA) does not have access to Anthropic’s powerful new Mythos Preview model, even though multiple government agencies are already using it, according to two sources who spoke with Axios.

Why this matters: CISA is the nation’s top cyber defense agency, responsible for securing critical infrastructure such as banks, power plants, and government systems. Its exclusion from testing Mythos—a model designed to rapidly discover and exploit security vulnerabilities—raises concerns about the agency’s ability to defend against AI-powered cyberattacks.

Key details:

• Anthropic did not publicly release Mythos due to its advanced capabilities in identifying and exploiting vulnerabilities.
• Instead, the company provided access to more than 40 companies and organizations for testing and system hardening.
• CISA is not among the recipients, the sources confirmed.

State of play:

• Anthropic officials briefed CISA and the Commerce Department earlier this month on Mythos’ capabilities.
• The Commerce Department’s Center for AI Standards and Innovation has reportedly been testing Mythos.
• The National Security Agency (NSA) is also using Mythos, despite the Department of Defense classifying Anthropic as a “supply chain risk.”

It remains unclear whether internal agency turmoil under the second Trump administration contributed to CISA’s delayed access to Mythos. Spokespeople for both CISA and Anthropic declined to comment.

Broader Policy Shifts Under the Trump Administration

The Trump administration has spent the past year reducing CISA’s capacity while shifting cybersecurity policy influence to the White House’s National Cyber Director (NCD) and delegating some programs to state and local governments.

CISA’s acting director, Nick Andersen, testified last week that the agency’s resources are “more limited than I would like.”

President Trump has proposed cutting up to $707 million from CISA’s budget in the upcoming fiscal year. The agency has already lost over a third of its workforce and faced significant funding reductions.

Negotiations for Broader Access to Mythos

The National Cyber Director Sean Cairncross is among Trump administration officials negotiating broader civilian agency access to Mythos. The U.S. Treasury Department has also been involved in these discussions.

Organizations with access to Mythos are primarily using it to identify exploitable security vulnerabilities within their own networks, the sources said.

What’s Next for Critical Infrastructure Security

Security teams at critical infrastructure organizations often rely on CISA for threat intelligence sharing and guidance on prioritizing security strategies. Without access to Mythos, CISA may struggle to keep pace with evolving AI-driven cyber threats.