CISA lacks access to Anthropic's Mythos Preview cybersecurity model while NSA and Commerce use it

The Cybersecurity and Infrastructure Security Agency (CISA) has not received access to Anthropic's Mythos Preview model, according to an Axios report, while the National Security Agency and Commerce Department are using the AI tool to find security vulnerabilities.

According to Anthropic, Mythos Preview has identified security issues "in every major operating system and web browser." The company is providing restricted access to give key institutions a "head start" on cyber defenses, according to Newton Cheng, Anthropic's frontier red team cyber lead.

CISA serves as the central coordinating body for cybersecurity information in the United States, helping state and local officials running elections and public utilities respond to vulnerabilities and attacks. The agency is part of the Department of Homeland Security.

Anthhropic stated in a blog post that it has "been in ongoing discussions with US government officials about Claude Mythos Preview and its offensive and defensive cyber capabilities." An unnamed Anthropic official told Axios that CISA was among the agencies briefed on the model. The Trump administration has been negotiating broader access to the tool across federal agencies.

Anthhropic declined to comment on CISA's access status. CISA did not immediately respond to a request for comment.

CISA under pressure

The reported exclusion comes as CISA faces resource constraints and political pressure. The agency lost staff during the Department of Government Efficiency's cost-cutting efforts, with additional personnel reassigned to immigration priorities under DHS.

CISA's acting director told Congress that the agency's resources to detect hacks were limited during the current DHS shutdown. The Trump administration is seeking to cut hundreds of millions of dollars from CISA's budget.

The agency has been a target of political attacks from the Trump administration and congressional Republicans, particularly after CISA declared the 2020 election "the most secure in American history." Trump fired the official who led the agency in his first administration.

What this means

The exclusion of the nation's primary cybersecurity coordination agency from a tool designed to find critical vulnerabilities represents a significant gap in defensive capabilities. While other federal agencies test Mythos Preview's ability to identify security flaws in major operating systems and browsers, CISA—the agency responsible for coordinating threat information to state and local governments running critical infrastructure—remains on the sidelines. This creates a potential information asymmetry where the central coordinating body lacks access to the same defensive tools available to other federal entities, potentially hampering its ability to fulfill its core mission.