CISA Gets Access to Mythos Preview

CISA reportedly gains a powerful new cyber AI tool

The Cybersecurity and Infrastructure Security Agency has now received full access to Anthropic’s Mythos Preview model, according to Defense One, citing a U.S. official and another person familiar with the matter. The access was reportedly granted about a week before the article was published on June 17, 2026, marking a notable shift in how one of the U.S. government’s core cyber defense agencies may be able to use advanced AI systems in its daily work.

That development matters because Mythos Preview is not being treated like an ordinary enterprise AI model. Anthropic has rolled it out selectively through a non-public program known as Project Glasswing, with distribution limited to vetted organizations. The reason, according to the source report, is that the model could significantly increase offensive hacking capabilities if it were widely available to the wrong actors.

In other words, the same kind of system that may help defenders find weaknesses more quickly could also help attackers do the same. That dual-use dynamic has made access, oversight, and deployment policy just as important as the model’s technical capability.

Access arrives before clear policy

The most consequential detail in the report may not be that CISA now has the model, but that the agency still reportedly lacks clear guidance from the White House Office of the National Cyber Director on how it should use it. According to the official cited by Defense One, ONCD has not yet set firm parameters for deployment.

That absence of direction appears to echo broader frustration inside the federal technology and cybersecurity apparatus. Defense One said earlier reporting by Nextgov/FCW found that federal technology leaders had privately complained about inadequate briefing from ONCD on how to implement or use the model for vulnerability scanning. If that description is accurate, the current situation is not simply an onboarding delay. It points to a deeper governance problem: agencies may be receiving access to highly sensitive AI capabilities faster than the policy framework needed to manage them.

For CISA, that creates a difficult position. The agency’s mission depends on helping protect federal civilian networks and critical infrastructure. A model optimized for identifying software or network vulnerabilities could be highly valuable in that role. But without explicit operating rules, guardrails, or approved use cases, even a potentially transformative tool can become harder to deploy responsibly.

Pentagon inks pair of rare earth mineral loans for $1.2 billion - Breaking Defense

Pentagon Backs Rare Earth Buildout With $1.2 Billion in Conditional Loans

The Defense Department’s Office of Strategic Capital signed two conditional loans totaling $1.225 billion to expand US rare earth processing and strengthen the mine-to-magnet supply chain.

Read article

Why Mythos Preview is drawing scrutiny

The report distinguishes Mythos Preview from Anthropic’s Mythos 5, a separate successor model with a similar name. That distinction is important because the U.S. government reportedly moved over the previous weekend to block exports of Mythos 5 and another Anthropic model, Fable 5, through an export-control mechanism. Defense One said that move caused uproar across the cyber and AI communities.

Mythos Preview, meanwhile, remains part of the tightly controlled Project Glasswing effort. Defense One reports that both Mythos 5 and Mythos Preview have only been made available to vetted providers through that program. The implication is that U.S. officials and AI developers alike view these systems as unusually sensitive, especially in cybersecurity contexts where automated discovery of exploitable weaknesses can have immediate operational consequences.

That sensitivity helps explain why access itself has become news. In many technology deployments, the key question is whether an agency wants a tool. Here, the more pressing questions are who gets access first, under what conditions, and with what oversight.

The policy backdrop is changing quickly

The Defense One report places CISA’s access inside a broader shift in the Trump administration’s approach to AI. In recent months, officials have reportedly been grappling with a new class of models capable of rapidly identifying vulnerabilities across computer networks. That has turned AI from a general modernization issue into a national cybersecurity policy question.

Models like Mythos are increasingly framed as accelerants. For defenders, they may shorten the time needed to identify weak points, prioritize risk, and direct human analysts toward the most urgent problems. For adversaries, the same capabilities could lower the cost of reconnaissance and speed up exploitation planning. That is why the discussion is no longer just about productivity, automation, or model benchmarking. It is about operational balance between offense and defense.

CISA’s inclusion is especially notable because the agency was reportedly left out of the initial Mythos rollout. Axios had reported in April that CISA was not part of the first distribution wave, and Nextgov/FCW later said access was imminent. The new report suggests that the agency has now crossed that threshold, even if the policy scaffolding has not caught up.

No, A VC-25A Air Force One Jet Isn't Being Retired Just Yet

Air Force says both VC-25A Air Force One jets will keep flying

The U.S. Air Force says both current VC-25A presidential aircraft remain in the active executive airlift fleet even as a converted ex-Qatari 747-8i prepares to join service.

Read article

What this may mean next

Based on the source report alone, it is still unclear how CISA will use Mythos Preview in practice, whether for internal analysis, vulnerability scanning support, pilot projects, or more limited evaluation. CISA also did not respond to a request for comment, according to Defense One, leaving major operational questions unanswered.

Even so, the development is significant because it shows the federal government moving from debate toward controlled deployment. Access for CISA suggests these models are no longer hypothetical tools reserved for private-sector experimentation or tightly bounded national security discussions. They are beginning to enter the working environment of agencies responsible for live cyber defense missions.

The unresolved issue is governance. If agencies gain access before standards are fully articulated, implementation may become uneven, cautious, or fragmented. If guidance arrives too late, the government risks losing time in an area where capability gaps can widen quickly. If guidance is too restrictive, agencies may struggle to realize the benefits of tools they have already been cleared to use.

For now, the clearest takeaway is that the U.S. government appears to regard frontier cyber-capable AI as both strategically useful and inherently risky. CISA’s reported access to Mythos Preview captures that tension in a single moment: the technology is advanced enough to matter, sensitive enough to tightly control, and new enough that the rules for using it are still being written.

This article is based on reporting by Defense One. Read the original article.

Originally published on defenseone.com