A US cyber agency has begun using Anthropic's artificial intelligence model to audit government code, according to three people familiar with the matter. The Cybersecurity and Infrastructure Security Agency is conducting the pilot programme in collaboration with the AI firm, the sources told news outlets this week. The initiative represents one of the most concrete examples of a federal agency directly applying frontier AI to its operational work.

What the Partnership Involves

Anthropic's AI system, internally referred to as Mythos, is designed to examine large volumes of software code for vulnerabilities, compliance gaps, and security weaknesses. The tool can process and flag issues across sprawling federal codebases far faster than traditional manual reviews. CISA officials have framed the project as a test of whether AI can supplement, rather than replace, existing security review processes.

US Cyber Agency Deploys Anthropic AI for Government Code Audits — Politics World
Politics & World · US Cyber Agency Deploys Anthropic AI for Government Code Audits

The sources declined to specify exactly which federal code repositories fall under the current review. However, one person briefed on the matter said the agency has focused on high-priority systems first, including infrastructure-related software used across multiple departments. Anthropic has assigned a dedicated team to work alongside agency engineers, according to one of the people familiar with the arrangement.

Why the US Government Is Turning to AI

The adoption reflects a broader push across federal agencies to modernise outdated technology stacks while contending with persistent cybersecurity shortfalls. Government codebases have grown over decades, often containing legacy systems written before modern security standards existed. Auditing that volume manually demands resources the government often lacks.

Federal spending on AI-related cybersecurity tools has climbed steadily. CISA's budget request for the current fiscal year includes line items for emerging technology pilots. Industry analysts estimate the broader federal AI security market could reach several billion dollars within the next five years as agencies scale successful experiments into permanent programmes.

Market Implications for Anthropic

The contract carries significant weight for Anthropic, which competes with OpenAI, Google, and Microsoft for government AI business. Winning a direct engagement with CISA gives the company a credible reference point in a market where federal agencies have historically been cautious adopters. Investors in AI-focused ventures are watching such deals closely, since government validation often accelerates broader commercial uptake.

Anthropic's valuation has risen substantially following earlier funding rounds, and company executives have publicly discussed targeting regulated industries where reliability and safety matter more than raw capability. The CISA engagement aligns with that strategy. Whether the arrangement leads to a larger, more formal federal contract remains to be seen, but the pilot itself signals that the company's models have cleared at least one internal government hurdle.

Broader Economic and Security Context

The initiative arrives as Congress and the White House grapple with how to balance AI adoption against national security concerns. Lawmakers have introduced multiple bills addressing AI procurement by federal agencies, with particular attention to foreign-owned or affiliated technology providers. Anthropic, founded in the United States, has positioned itself as a domestic alternative to some competitors.

Critics argue that handing sensitive government code to AI systems introduces new categories of risk, including data leakage and model brittleness. Supporters counter that the alternative—leaving vulnerabilities undetected due to staffing constraints—poses a greater threat. The pilot programme is expected to generate internal assessments on both sides of that argument, with results expected to inform future procurement guidelines.

What Comes Next

CISA is expected to complete an initial evaluation phase within the next several months. Agency officials have indicated they will publish a summary of findings, including metrics on error rates, detection accuracy, and operational costs compared to traditional auditing methods. That report could become a blueprint for other federal agencies considering similar deployments.

Anthropic is simultaneously pursuing comparable pilots with state-level agencies and foreign governments, according to one of the sources. The outcome of the CISA project will likely influence those conversations. For investors and technology companies alike, the results will offer the most tangible evidence yet of whether AI can reliably shoulder a meaningful portion of government cybersecurity work—or whether the promise remains overstated.

See Also

Editorial Opinion

Whether the arrangement leads to a larger, more formal federal contract remains to be seen, but the pilot itself signals that the company's models have cleared at least one internal government hurdle.Broader Economic and Security ContextThe initiative arrives as Congress and the White House grapple with how to balance AI adoption against national security concerns. Anthropic, founded in the United States, has positioned itself as a domestic alternative to some competitors.Critics argue that handing sensitive government code to AI systems introduces new categories of risk, including data leakage and model brittleness.

— networkherald.com Editorial Team
Poll
Do you think this development is significant?
Yes62%
No38%
870 votes
Michael Park
Author
Michael Park is a correspondent covering technology policy, global affairs, and healthcare innovation for Network Herald. He tracks how governments regulate artificial intelligence, data privacy, and digital markets, and covers the intersection of biotechnology and public health.

Based in New York, Michael has reported on Capitol Hill tech hearings, international digital governance summits, and breakthroughs in medical technology. He holds a degree in political science from Columbia University and a master's in health policy from Johns Hopkins.