CISA is using Mythos. The same model that was restricted from non-US access on June 12. The same model that took Fable 5 offline globally. The same model that Anthropic’s own foreign-born employees were barred from touching, because the government feared it was too dangerous to share.
Now it’s scanning US government code repositories for vulnerabilities. According to Reuters, the Cybersecurity and Infrastructure Security Agency (CISA) has been using Mythos to audit government software, and has already uncovered a large number of vulnerabilities.

The model is being run by CISA’s Attack Surface Evaluation team, which conducts digital security assessments and hacking exercises across government agencies. The team has found bugs that could leave the door open for foreign spies and cybercriminals.
The irony is the government’s own policy. On June 12, the Commerce Department ordered Anthropic to cut off non-US access to Mythos and Fable 5. The models went offline globally. Anthropic’s own foreign-born employees were blocked from accessing them. The government’s reasoning: the models were too dangerous. They could be exploited by foreign adversaries.
Now the same model is being used to defend US government systems. The same capability that made it too dangerous for allies is now being deployed to protect American networks. In a classified setting, vetted by US analysts. The NSA has been using Mythos since April, despite the Pentagon’s “supply chain risk” designation at the time. According to Axios, NSA analysts tested Mythos in classified settings and were impressed with its capabilities. The government doesn’t trust anyone else with Mythos. But it trusts itself with it.

The pattern is consistent. Fable 5 was restricted to non-US users. Mythos 5 is now being released to “trusted” US organizations — but only those the government approves. On June 30, the Commerce Department lifted the export controls on Mythos and Fable 5. But Fable 5 returned with a safety classifier that blocks normal coding tasks. Mythos 5 is being restored for “trusted partners,” while Fable 5 remains hobbled by aggressive safety filters.
The US government is using the model it tried to ban. The moral argument is simple: if Mythos is dangerous enough to keep away from allies, why is it safe enough to point at America’s own networks? The answer: the government trusts itself with the model, but not anyone else. That’s not a security strategy. That’s a monopoly.
P.S. The model that was too dangerous for Anthropic’s own foreign-born employees to access is now running inside the US government’s most sensitive networks. The government didn’t ban Mythos because it was dangerous. It banned Mythos because it wanted to be the only one using it.