The US agency whose entire job is defending American critical infrastructure from cyberattacks does not have access to the AI model that finds cyberattacks.

Axios reported on April 21 that the Cybersecurity and Infrastructure Security Agency, the Department of Homeland Security unit responsible for protecting US power grids, banking systems, pipelines, water utilities, and election infrastructure, has not been given access to Anthropic's Mythos Preview model. Two sources told Axios that Anthropic briefed CISA and the Commerce Department on Mythos but did not give CISA operational access.

Meanwhile, according to prior Axios reporting, the National Security Agency is already using it. So is the Navy. So are JPMorgan, Goldman Sachs, Apple, and Google, plus roughly 40 other organizations Anthropic has quietly cleared.

This is a structural failure, not an oversight

Mythos Preview has already found thousands of major vulnerabilities across every major operating system and web browser, according to Anthropic's own system card. That is the capability CISA exists to defend the country against being used maliciously.

If an adversary ever gets even a whisper of Mythos-class capability, CISA is the agency tasked with warning US utility operators, banks, and state election officials. It is the one publishing the alerts, coordinating incident response, and deciding which disclosures are urgent enough to break quietly vs publicly.

That job just got much harder. CISA has to defend against a threat class it cannot test against. Its analysts cannot see what Mythos finds before the criminals do, so they cannot warn the sector about specific classes of vulnerabilities ahead of time. They are flying blind against a weapon the NSA is already holding.

Why NSA got in and CISA did not

There is no polite way to say this. The NSA has offensive cyber customers. CISA has defensive ones. Anthropic has publicly branded Mythos as a defensive tool, but access tells a different story. The model went to the agency that breaks things, not the agency that fixes them.

Some of that is politics. The Trump administration banned Anthropic from Defense Department contracts in February, but federal law still allows intelligence agencies to operate outside normal procurement. NSA got in through a carveout. CISA sits inside DHS, which has a more conventional procurement chain, and it has not navigated one yet.

Some of it is Anthropic being cautious. The company has restricted Mythos to organizations it believes can handle the operational security of a model that finds zero-days for breakfast. Whether CISA meets that bar is a judgment Anthropic is apparently making unilaterally, which is a remarkable position for a private AI lab to be in.

Private access lists are now a national security problem

This is the precedent most people are missing. An AI company, not the US government, decides which federal agencies get access to a cybersecurity capability the government's own defense agency needs. Global bank regulators are already freaking out about this, as we covered on Monday. Central banks in Singapore, the UK, and the euro area are openly worrying that the access list for Mythos is too narrow and too private.

Now CISA lands on the wrong side of that list. Every US critical infrastructure operator currently getting CISA alerts is effectively receiving defensive guidance from an agency working with weaker tooling than the banks it is advising.

What has to happen next

Three options, none of them good for Anthropic. First, Congress could step in and mandate that any US-based AI lab with a cybersecurity-capable frontier model must provide access to CISA. That is constitutionally sticky and invites lawsuits, but it is the cleanest fix.

Second, DHS could quietly invoke the same carveouts the NSA used. That works, but it permanently bakes in a two-tier federal AI access system, one for intelligence, one for homeland security, with the defensive side a rung down.

Third, Anthropic could just open the door. It has not yet, and the longer this story lives, the worse the optics get. Every hour CISA stays locked out while NSA and JPMorgan are inside, another member of Congress finds out, another cable news host pulls the thread, another European regulator files another note. This one does not end quietly.

Mythos was supposed to be Anthropic's proof that a frontier AI lab could handle dangerous capabilities responsibly. The list of who has it is starting to look more like a reputational liability than a safety win.