Overview
CISA’s Attack Surface Evaluation team is reportedly deploying Anthropic’s ‘Mythos’ large language model to scan U.S. government software for security flaws, according to reporting by SecurityWeek. The unit — a specialised group responsible for digital defence assessments and simulated hacking exercises — appears to be using the model in an active operational capacity, not merely in a research or pilot context.
This represents one of the most significant known integrations of a commercial LLM into a U.S. federal offensive security workflow. The move signals growing institutional confidence in AI-assisted vulnerability discovery, but also introduces a distinct set of security and reliability concerns that warrant scrutiny.
Technical Analysis
LLM-based code auditing tools typically operate by ingesting source code or compiled artefacts and applying pattern recognition, semantic analysis, and contextual reasoning to surface potential vulnerabilities — ranging from memory safety issues to logic flaws and insecure configurations. When applied at government scale, the pipeline likely involves:
- Code ingestion and tokenisation of potentially sensitive government software repositories
- LLM inference against those code representations, possibly via a private deployment or secured API
- Output triage by CISA analysts who validate and prioritise findings
The specific capabilities of ‘Mythos’ are not publicly documented, suggesting it may be a specialised or non-public variant of Anthropic’s model family tuned for security analysis tasks.
Key risks in this architecture include:
- Overreliance (LLM09): Analysts may over-trust model outputs, missing vulnerabilities the model cannot detect or acting on false positives/negatives without sufficient validation
- Sensitive data exposure (LLM06): Government source code fed into inference pipelines — even private ones — represents a high-value data exposure risk if the pipeline is compromised
- Supply chain risk (LLM05): Dependence on a commercial third-party model introduces a supply chain dependency that adversaries could theoretically target
Framework Mapping
| Framework | Technique | Rationale |
|---|---|---|
| MITRE ATLAS | AML.T0047 – ML-Enabled Product or Service | Mythos is being used as an ML-enabled security tool in a critical government context |
| MITRE ATLAS | AML.T0040 – ML Model Inference API Access | The pipeline requires inference access to the model, a potential attack vector |
| MITRE ATLAS | AML.T0057 – LLM Data Leakage | Sensitive government code ingested into LLM pipelines risks unintended disclosure |
| OWASP LLM | LLM09 – Overreliance | Institutional trust in AI-generated findings without robust human validation |
| OWASP LLM | LLM06 – Sensitive Information Disclosure | Government codebase exposure through model inference infrastructure |
| OWASP LLM | LLM05 – Supply Chain Vulnerabilities | Commercial model dependency in critical national security workflows |
Impact Assessment
The primary risk is not that Mythos will actively introduce vulnerabilities, but that its use creates new attack surfaces and systemic dependencies. A compromised or manipulated model could produce subtly incorrect assessments — either missing real flaws or generating plausible-looking false findings that consume analyst bandwidth. At the scale of federal government software, either failure mode carries significant downstream risk.
Secondarily, the ingestion of sensitive government source code into any AI pipeline — even a secured one — elevates the value of that pipeline as an espionage target.
Mitigation & Recommendations
- Establish clear data governance for what categories of government code may be processed by commercial AI models
- Require human expert validation of all LLM-generated vulnerability findings before any remediation action is prioritised
- Harden the inference pipeline itself: treat the LLM infrastructure as a high-value target requiring the same protections as the systems it audits
- Publish evaluation criteria for how Mythos findings are scored and acted upon to enable accountability and oversight
- Red-team the AI pipeline to assess whether adversarial inputs could manipulate model outputs