US cyber agency using Mythos to audit government code

By
Follow google news

Scanning repositories.

The US cyber defence agency CISA is using ⁠Anthropic's AI ⁠model Mythos to audit government software, another sign of government enthusiasm for adopting the AI startup's tools even as the company navigates an ongoing standoff with the White House.

US cyber agency using Mythos to audit government code

The ‌Cybersecurity and Infrastructure Security Agency is using Mythos to ‌scan ‌government code repositories for bugs that could leave the ‌door open for foreign spies and cybercriminals, the sources said.  

Anthropic ⁠did not respond to questions about the initiative.

A CISA representative said last month that he would check to see if there was anything to share about the matter but did not respond to further emails.

The scanning is ​being done by CISA's Attack Surface Evaluation team, according to one of the sources.

The team is a group within CISA that ⁠conducts digital security assessments and hacking exercises across government.

Two of the sources said the audits had already uncovered a large number of vulnerabilities but did not elaborate.

Reuters could not establish exactly how much government code the team had gone through or the nature or severity of the bugs it discovered.

Anthropic, which has confidentially filed for a US initial public offering, has had a tumultuous relationship with the US government.

Relations reached a nadir in February ​after the San Francisco-based company refused to remove ⁠safeguards that prevented its AI from being used for autonomous ⁠weapons or domestic surveillance.

That prompted the Pentagon to slap it with a formal supply-chain risk designation, a ​label heretofore applied to foreign companies suspected of facilitating espionage.

The extraordinary blacklisting was blocked ‌by a judge ⁠in March, and the conflict has eased following the private release of Anthropic's Mythos, an AI model described as extremely capable at finding and exploiting cyber security vulnerabilities.

The National Security Agency, the US government's ‌powerful eavesdropping agency, has been using Mythos as far back as April despite the blacklist, Axios has reported.

Late last month, the New York Times said that NSA analysts had been testing Mythos in classified settings and coming away ​impressed with its capabilities.

But when Anthropic rolled out a public version of Mythos called Fable, which included what it described as cyber security safeguards, the White House suddenly demanded that it ban foreigners from ‌running it.

This ⁠triggered a global shutdown of the ​model that was lifted only last week.  

The NSA and the White House did not immediately respond to requests for ​comment.

Add iTnews as your trusted source

Got a news tip for our journalists? Share it with us anonymously here.
Tags:

Most Read Articles

Microsoft device telemetry key to unmasking alleged Scattered Spider hacker

Microsoft device telemetry key to unmasking alleged Scattered Spider hacker

Bendigo Bank aims to have Australia's "first agentic SOC"

Bendigo Bank aims to have Australia's "first agentic SOC"

Services Australia describes fraud, debt-related machine learning use cases

Services Australia describes fraud, debt-related machine learning use cases

ASD to retire Essential Eight cyber security framework within next two years

ASD to retire Essential Eight cyber security framework within next two years

Log In

  |  Forgot your password?