Anthropic Excludes CISA From Mythos Preview Rollout

Anthropic has released its specialized cybersecurity model, restricting access to federal agencies operating on high-assurance computing environments. The Mythos Preview rollout currently excludes the Cybersecurity and Infrastructure Security Agency (CISA), despite the agency’s role as the central coordinator for civilian cyber defense. Access is limited to the National Security Agency (NSA), the Department of Defense (DoD), and the Department of Energy (DOE).

Benchmark Performance and Security

Announced on April 20, 2026, Mythos Preview is a domain-specific variant of the Claude 4 family built for automated vulnerability research, patch generation, and exploit mitigation. The model goes beyond standard cyber controls by operating under dynamic red-teaming filters designed to prevent the generation of actionable exploit code for unauthorized users.

Anthropic’s technical report details significant gains in vulnerability detection over the baseline model. As AI capabilities expand into complex multi-step cyberattacks, specialized defensive models show measurable improvements. On the Cyber-Eval 2 benchmark, Mythos Preview achieved a 74% success rate in identifying zero-day vulnerabilities in C++ and Rust. The standard Claude 4 model scored 41% on the same evaluation.

Infrastructure Constraints

The rollout strategy hinges on specific hardware and security environments. Anthropic deployed Mythos Preview exclusively through Amazon Bedrock’s High-Security Partition (HSP). This partition is currently the only cloud environment authorized to host the model for federal use.

This infrastructure requirement creates a strict barrier for civilian agencies. CISA operates primarily on unclassified networks to facilitate public and private information sharing. Anthropic requires a Classified Research Agreement for current licenses, aligning with military and intelligence protocols but blocking standard federal civilian access. Anthropic intends to expand access to more environments later in 2026.

Civilian Defense Alternatives

Without access to Mythos Preview, CISA continues to rely on open-source frameworks and active partnerships with Google and Microsoft. Executive Director Brandon Wales confirmed the agency does not have an active license or API access to the Anthropic model.

This deployment strategy highlights a structural divide in federal AI adoption. High-assurance models are moving to classified partitions for agencies like the NSA and DoD Cyber Command pilots, while civilian infrastructure defense is forced to wait for commercial availability.

If you develop security tooling for federal civilian agencies or private infrastructure, plan your architecture around models available in standard GovCloud or commercial partitions. Relying on frontier models constrained by classified infrastructure requirements will block deployment to unclassified environments.