The US Cybersecurity and Infrastructure Security Agency (CISA) is using Anthropic’s powerful Mythos AI model to scan and audit federal government software for security vulnerabilities, according to a report from Reuters.

Citing three sources familiar with the matter, Reuters reported that CISA is utilizing Mythos to scan code repositories across federal agencies. The operation aims to proactively discover and patch security bugs that could otherwise be exploited by foreign intelligence agencies and cybercriminals.

The audits are reportedly being spearheaded by CISA’s Attack Surface Evaluation team, a specialized unit tasked with conducting digital defense assessments and simulated hacking exercises across the federal landscape. Two sources stated that the AI-driven initiative has already uncovered a “large number” of software vulnerabilities. However, specific details regarding the severity of the flaws, the impacted agencies, or the volume of software reviewed have not been disclosed.

Neither Anthropic nor CISA provided formal on-the-record comments to Reuters regarding the operation.

Tensions between Anthropic and federal officials spiked dramatically earlier this year after the company refused administration demands to remove built-in safeguards restricting its models from being used for autonomous weaponry or domestic surveillance. In response, the Pentagon designated Anthropic as a supply-chain risk, a classification typically reserved for foreign firms suspected of espionage.