In recent weeks, Anthropic and OpenAI have launched new AI systems skilled at finding software vulnerabilities at unprecedented speed and scale. But staffers at the Cybersecurity and Infrastructure Security Agency (CISA), the leading digital defense agency for the federal government, don’t have access, two CISA employees told Forbes.
That’s hampering their ability to quickly analyze the technical details of ongoing cyberattacks against critical infrastructure, as well as find and address bugs, which is CISA’s core competency, one staffer said. Lack of access has put CISA on the backfoot, as foreign nations and hacking groups are using Anthropic and OpenAI models to speed up their digital espionage. Last year, Anthropic revealed Chinese hackers had used Claude to generate cyberattacks on as many as 30 targets, including government entities.
At least in Anthropic’s case, there’s a clear reason: following a dispute with the Department of War over use of its tools for surveillance, Anthropic has been labelled a supply chain risk and effectively barred from use across federal agencies. But Anthropic’s new Mythos model, which autonomously discovered bugs across all major browsers and operating systems, would be particularly helpful. “We aren’t even allowed to say the name Anthropic right now,” said one current CISA employee. “I wish we had access because it would really help my program.”
CISA declined to comment. Anthropic hadn’t provided comment at the time of publication.
While OpenAI’s comparable tools are available to government agencies, CISA is yet to access them either, the staffers said. Soon after Anthropic unveiled Mythos, OpenAI released GPT 5.5 and opened up its Trusted Cyber Access program, where vetted cybersecurity teams can use its advanced AI models for finding and fixing software flaws. OpenAI said both state and federal government agencies protecting critical infrastructure could get access to its Trusted Access for Cyber program, the same as commercial companies, but declined to say who had joined.
The company is clearly courting government agencies. It told Forbes it hosted a workshop with federal agencies in Washington D.C. earlier this month to showcase its AI’s cyber capabilities and encourage the government to join its initiative. Forbes was unable to learn whether or not CISA was in attendance, but two CISA staffers said neither they nor colleagues had been granted access to any of OpenAI’s artificial intelligence models that have proven adept at hacking.
The Trump Administration severely cut the agency’s workforce last year, increasing workloads — which AI tools could help reduce. The lack of a permanent director at CISA has also hampered efforts to get access to advanced AI, a staffer said. Earlier this week, the Trump administration’s candidate Sean Plankey withdrew his name from consideration due to controversy around a Coast Guard ship-building contract he oversaw that was deemed wasteful by the DHS.
One CISA worker said the lack of leadership was “slowing down our adoption of AI tools significantly because no one wants to be the one who approves anything.”
So far, Anthropic has rolled out Mythos to a cohort of 40 companies, over concerns of misuse should it be broadly deployed. Axios reported the NSA has been able to access it.
OpenAI’s customers and commercial partners are also getting access to upcoming models. Cybersecurity startup XBOW last week said it had tested OpenAI’s GPT 5.5 and found it was as good as Mythos at finding software flaws quickly and at scale. The company plans to release it widely. OpenAI also offers coding tool Codex, which automatically proposes fixes for any security issues it identifies in customer code.
