The Agency Defending America's Networks Can't Access the AI Built to Help It

Anthropic's AI cybersecurity model is reportedly available to the NSA and Commerce Department—but not to CISA, the agency responsible for defending US federal infrastructure. What that gap reveals.

The agency charged with defending America's federal networks from cyberattacks apparently doesn't have access to the AI tool the US government is deploying to find security vulnerabilities.

According to Axios, Anthropic's cybersecurity-focused AI model, Mythos Preview, has been made available to agencies including the Commerce Department and the National Security Agency (NSA). But the Cybersecurity and Infrastructure Security Agency—CISA—has been left out. The Trump administration is reportedly in negotiations with Anthropic to expand access, but as of this writing, the nation's designated cyber defense coordinator is on the outside looking in.

What Mythos Preview Actually Does

Anthropic has positioned Mythos Preview as a specialized tool for identifying and patching software vulnerabilities at scale. In practical terms, it automates much of what security researchers do manually: scanning codebases for weaknesses, modeling attack vectors, and suggesting remediation steps. The pitch is speed and scale—capabilities that matter enormously when defenders are outnumbered.

The scale of the problem is real. Federal agencies faced a 30%-plus surge in cyberattack attempts in 2024, with nation-state actors—particularly groups linked to China and Russia—deploying increasingly sophisticated intrusion methods. The Salt Typhoon telecom breach, which compromised wiretapping infrastructure used by US law enforcement, illustrated just how consequential these gaps can be.

Against that backdrop, an AI model that can rapidly surface vulnerabilities before adversaries exploit them has obvious appeal. The question is who gets it first—and why.

The Coordinator Without the Tools

CISA's exclusion from Mythos Preview access is puzzling on its face. The agency was established specifically to serve as the central coordinator for cybersecurity across federal civilian networks and critical infrastructure—power grids, water systems, financial networks. If any government entity has a structural claim to cutting-edge defensive AI tools, it's CISA.

Advertise with Us

[email protected]

The reasons for the gap haven't been publicly disclosed. Procurement timelines, budget constraints, or contractual sequencing could all be factors. But there's a harder-to-ignore context: the Trump administration has consistently deprioritized CISA since taking office. Its budget has been trimmed, its director replaced, and several of its programs curtailed. Whether the Mythos Preview access gap is bureaucratic friction or something more deliberate is an open question.

What's notable is the contrast with the NSA. The NSA's mandate is primarily offensive and foreign-intelligence-focused—intercepting adversary communications, conducting cyber operations abroad. CISA's mandate is defensive and domestic. If the goal is protecting American infrastructure, the sequencing of access seems backwards.

A Market Logic That Doesn't Always Align With Public Need

For Anthropic, the calculus is straightforward. Government contracts are lucrative, credibility-building, and strategically important in a market where OpenAI, Google DeepMind, and Palantir are all competing for federal dollars. Selective rollouts—starting with agencies that have faster procurement cycles or larger budgets—are standard practice in enterprise software sales.

But applying that market logic to national security infrastructure creates friction. The agencies that can move fastest through procurement aren't necessarily the ones with the greatest defensive need. And when the tool in question can identify exploitable vulnerabilities in live systems, who has access—and who doesn't—carries real-world consequences.

Cybersecurity researchers have raised a related concern: a model capable of finding vulnerabilities at scale is, by definition, also capable of enabling attacks at scale. Mythos Preview's availability to the NSA—an agency with an offensive cyber mission—raises legitimate questions about the dual-use nature of the technology and the oversight frameworks governing its deployment.

What This Looks Like From Outside the US

For allied governments and international observers, this episode is a data point in a larger question: as AI becomes central to cyber defense, will access to frontier models become a new axis of national security advantage?

Countries without domestic AI labs at the frontier—which is most of them—face a structural dependency on a handful of American and Chinese companies. The terms on which those companies provide access, and to which government entities, will shape the global cybersecurity landscape in ways that traditional arms-control frameworks weren't designed to address.

That's not a hypothetical. It's already happening.