Latta, Matsui, and 33 Members Send Letter to National Cyber Director for Plan to Coordinate AI-Discovered Software Vulnerabilities

Yesterday, Congressman Bob Latta (OH-5) and Congresswoman Doris Matsui (CA-7), led a bipartisan letter to National Cyber Director Sean Cairncross. Along with 33 of their colleagues, the letter urged the Office of the National Cyber Director (ONCD) to develop a federal-industry plan in preparation for a large increase in vulnerability disclosures discovered by advanced artificial intelligence (AI) systems. The letter follows Anthropic’s recently announced Claude Mythos Preview. According to Anthropic, Mythos identified thousands of high-severity zero-day vulnerabilities in every major operating system and every major web browser, including vulnerabilities that had survived years of human review and automated testing. As of Anthropic’s April 7 announcement, more than 99 percent of those vulnerabilities remained unpatched. Latta and Matsui warned that these new advanced AI systems could help defenders uncover serious software flaws more quickly than existing disclosure, patching, and deployment systems can keep pace. “America’s adversaries are not waiting for us to figure this out,” said Latta. “If AI can find serious vulnerabilities in widely used software, China and other bad actors will look for ways to use similar tools against us. We need to make sure trusted American defenders have the coordination, access, and support required to stay ahead. This bipartisan letter urges ONCD to convene the agencies, software providers, and security providers who can make that happen.” "Advanced AI is rapidly changing the cybersecurity landscape,” said Matsui. “These tools have enormous potential to help us find and fix dangerous software vulnerabilities before our adversaries use them against us, but we must prepare now. We need a coordinated strategy that brings the federal government, industry and trusted defenders together to manage disclosures, speed up patching and protect the systems Americans rely on every day, from hospitals and banks to utilities, schools and basic communications." Background: The letter asks ONCD to coordinate with the Department of Homeland Security (DHS), through the Cybersecurity and Infrastructure Security Agency (CISA),the Department of Commerce, through the National Institute of Standards and Technology (NIST) and the Center for AI Standards and Innovation (CAISI), and the Office of Management and Budget (OMB), acting through the Office of the Federal Chief Information Officer (OFCIO), supporting federal coordination and implementation, to convene government and industry for a coordinated response. They request that the plan assess existing efforts to identify critical software vulnerabilities; support defenders and critical infrastructure operators in finding, fixing, deploying, and verifying patches; establish a framework to handle sensitive and risky AI-generated findings; and monitor sudden increases in the capabilities of advanced AI models. The letter requests a staff-level briefing from ONCD within 30 days; a written response within 45; and a review of any barriers demanding congressional action, such as antitrust, liability, or other statutory barriers. Read the full letter here .