The Cybersecurity and Infrastructure Security Agency (CISA), the nation's primary cyber defense organization, has been excluded from accessing Anthropic's Mythos Preview model, a cutting-edge AI tool designed to identify and exploit security vulnerabilities. This omission comes as over 40 companies and government agencies, including the National Security Agency (NSA), are already utilizing the model to bolster their cybersecurity defenses.
Why CISA’s Exclusion Matters
As the agency responsible for safeguarding critical infrastructure—from banks to power plants—CISA's inability to leverage Anthropic's technology raises concerns about its capacity to address escalating AI-driven cyber threats. Earlier this month, Anthropic briefed CISA and the Commerce Department on Mythos' capabilities, but CISA remains sidelined in testing the tool.
'Our resources are more limited than I would like,' said Nick Andersen, CISA’s acting director, during a congressional hearing last week.
The Trump administration has significantly reduced CISA’s funding, proposing a $707 million cut for the upcoming fiscal year. This follows a loss of more than a third of the agency’s workforce and millions in funding. Meanwhile, National Cyber Director Sean Cairncross and Treasury officials are negotiating broader civilian agency access to Mythos, leaving CISA’s role in question.
Broader Implications
Organizations with access to Mythos are primarily using it to identify vulnerabilities in their own networks. However, CISA’s absence from this initiative could hinder its ability to share critical threat intelligence across sectors and prioritize national cybersecurity strategies effectively.
The ongoing turmoil within CISA, coupled with its diminished resources, underscores the challenges facing America’s cybersecurity infrastructure at a time when AI-powered attacks are becoming increasingly sophisticated.