The cyberdefense agency received access around a week ago, but the White House has not yet set clear parameters for how the agency should use the model.
The Cybersecurity and Infrastructure Security Agency now has full access to Anthropic’s flagship Mythos Preview model, according to a U.S. official and a second person familiar with the matter.
The cyberdefense agency received access around a week ago, the official said. Both sources spoke on the condition of anonymity to discuss internal deliberations.
The White House Office of the National Cyber Director has not yet set clear parameters for how the agency should use the model, the official added.
The lack of parameters echoes earlier Nextgov/FCW reporting showing federal tech leaders have privately complained that ONCD has not adequately briefed them on implementing or using the model for vulnerability scanning.
CISA did not respond to a request for comment.
Over the last few months, Anthropic surgically rolled out Mythos Preview to select organizations and recently expanded this effort — dubbed Project Glasswing — to partners in industry and other nations. The model has been distributed through a non-public process on grounds that, in the wrong hands, it can significantly boost adversaries’ hacking capabilities.
CISA was not included in an initial Mythos rollout, Axios reported in April. Last week, Nextgov/FCW reported that agency access to the model was imminent.
Mythos Preview is different from Anthropic’s similar-sounding Mythos 5 successor model, which the U.S. effectively banned over the weekend via an export control mechanism alongside the AI company’s Fable 5 model. The move has caused uproar across the cyber and AI community.
Both Mythos 5 and Mythos Preview have only been made available to vetted providers via Project Glasswing.
The Trump administration’s approach to AI has shifted in recent months as officials confront an emerging class of models that can rapidly identify vulnerabilities across computer networks, becoming a major driver of discussions over how AI systems could reshape the future of cybersecurity.
Models like Mythos can help federal agencies identify vulnerabilities faster by analyzing large amounts of software and system data, then surfacing weaknesses and possible attack paths for human defenders to review. Conversely, cyber operators in the intelligence community and Defense Department can also use such models to accelerate their offensive hacking operations.
Facts Only
* CISA received full access to Anthropic’s Mythos Preview model approximately one week ago.
* The White House has not yet set clear parameters for how the agency should use the model.
* Mythos Preview was distributed through a non-public process dubbed Project Glasswing to select organizations and partners.
* Mythos Preview is different from the banned Mythos 5 successor, which was restricted via an export control mechanism alongside Fable 5.
* Models like Mythos can help federal agencies identify vulnerabilities by analyzing software and system data.
* Cyber operators can use such models to accelerate offensive hacking operations.
* The distribution process involved concerns that the model could significantly boost adversaries’ hacking capabilities if misused.
* Federal tech leaders previously complained about inadequate briefing regarding the implementation or use of such models for vulnerability scanning.
Executive Summary
Full Take
The shift in access to advanced AI models like Mythos Preview highlights a critical divergence between technological capability and governance frameworks. The core tension lies in the gap between Anthropic’s rollout strategy (Project Glasswing) and the explicit lack of public parameters from the White House for CISA’s use. This absence creates an environment where highly powerful, dual-use tools are deployed operationally without commensurate oversight or established risk protocols.
The pattern observed is that cutting-edge defensive and offensive AI capabilities are being introduced into critical infrastructure (CISA) through non-public channels, pre-empting the establishment of formal policy frameworks. This dynamic suggests that operational expediency—allowing agencies to potentially identify vulnerabilities faster or accelerate hacking operations—is prioritized over the systemic risk inherent in deploying powerful unsupervised models without clear, agreed-upon ethical and security boundaries.
The implication is a potential systemic erosion of cognitive sovereignty within the cybersecurity domain. If federal bodies are utilizing these systems based on internal deliberation rather than explicit parameters, the risk of unintended consequences, misuse by actors operating outside official channels, or deployment flaws becomes significantly amplified. The question is whether moving models like Mythos into operational use without established parameters represents a necessary tactical advantage or an unacceptable leap into governance vacuum, determining who bears the cost when these systems inevitably introduce vulnerabilities.
Sentinel — Human
The text exhibits the flow and referencing style of human-written geopolitical journalism, integrating specific reports to build a contextual understanding of the AI security discussion.