White House Launches 'Gold Eagle' to Speed Up Vulnerability Fixes Across Critical Infrastructure

A new government programme pairs open-source software maintainers with power grids, hospitals, and other critical operators to find and patch security flaws faster, with AI doing much of the sorting work.

ThreatVectr Newsdesk· 3 min read
Extreme close-up of a glowing digital server rack in a dark data center, rows of blinking amber and green status lights stretching into deep focus, cool blue am
Share

Key points

  • The White House announced Gold Eagle on Tuesday as a formal coordination programme for finding and fixing security flaws in critical infrastructure such as energy grids and hospitals.
  • Gold Eagle draws its authority from Executive Order 14409, which President Trump signed on 2 June 2025.
  • The programme involves CISA (the federal agency responsible for infrastructure security), the Treasury Department, and the Department of Defense working alongside private companies.
  • The White House confirmed Gold Eagle is already receiving and sorting vulnerability reports across industries, but has not named any participating companies.
  • CISA is separately reported to be using Anthropic's AI model, called Mythos, to scan government software for security weaknesses.

The federal government has a new programme for hunting down dangerous software flaws before criminals exploit them. It is called Gold Eagle.

At its core, Gold Eagle is a coordination layer. Developers who maintain open-source software (code that anyone can read and modify freely, and which quietly powers a huge portion of critical systems) are being connected directly with operators of critical infrastructure: think hospitals, water utilities, and electricity providers. Instead of multiple government agencies and companies each scanning independently for the same problems, Gold Eagle routes those findings into one shared pipeline and sends prioritised fix instructions to defenders.

Who is actually behind this programme?

Three federal bodies run it together: CISA, the Treasury Department, and the Department of Defense. Private-sector partners are involved too, though the White House has not said which ones.

The legal foundation is Executive Order 14409, titled "Promoting Advanced Artificial Intelligence Innovation and Security," which President Trump signed on 2 June 2025. That order called for an AI-powered clearinghouse to identify and fix software vulnerabilities (flaws in code that attackers can use to break in or cause damage). Gold Eagle is now the government's answer to that mandate.

Artificial intelligence does the heavy lifting inside the programme. The AI reads incoming vulnerability reports, checks them against known scan data, and ranks which flaws need fixing first. The White House has not disclosed which AI models Gold Eagle itself uses for that ranking, or how exactly it weights severity.

Separately, as first reported by SecurityWeek, CISA is using Anthropic's AI model, called Mythos, to audit government software. Anthropic had faced federal restrictions over cybersecurity concerns until those were recently lifted.

Defense Secretary Pete Hegseth framed the effort in blunt terms: "We are bringing a wartime footing to the cyber domain to relentlessly patch vulnerabilities."

For ordinary people, Gold Eagle is several steps removed from daily life. But the infrastructure it targets is not: a flaw left unpatched in a hospital network or a water treatment system can cause real disruption. Faster patching, if the programme delivers it, reduces that window of risk.

The missing detail right now is accountability. No list of participating companies, no public ranking methodology, and no timeline for how quickly fixes are expected to reach operators. Those gaps are worth watching.

© 2026 Threat Vectr