Anthropic, the AI company behind the Claude chatbot, is investigating reports that a small group of unauthorized users gained access to its powerful Mythos AI model through a third-party vendor environment. The company has stated it has found no evidence of any breach extending to its own systems or beyond the vendor's setup, according to a spokesperson cited by multiple outlets including Bloomberg and AFP.[web:2][web:3]
The incident came to light after Bloomberg reported on April 22 that users in a private online forum accessed Claude Mythos Preview—a restricted tool designed for defensive cybersecurity—on the same day Anthropic announced limited testing under Project Glasswing. These users employed tactics such as leveraging credentials from a worker at one of Anthropic's third-party contractors and online sleuthing to gain entry, as detailed in the Bloomberg account relayed by Slashdot and other sources. Anthropic confirmed the probe, emphasizing the access appears contained.[web:1][web:2][web:3]
Mythos stands out for its advanced ability to detect long-undiscovered software vulnerabilities, outperforming human experts and other AI tools in tests. Anthropic deliberately withheld a public release due to fears it could empower hackers for malicious exploits, instead sharing it first with about 40 major firms like Nvidia, Amazon, Apple, Cisco, and JPMorgan Chase. This controlled rollout aims to let these organizations patch security holes before broader risks emerge.[web:3][web:4]
The breach raises immediate concerns in the cybersecurity world, as Mythos's capabilities could theoretically be turned against critical infrastructure if misused. While the unauthorized group has not reportedly used it for hacking, federal officials, security experts, and groups like the International Monetary Fund have warned about the dangers of such tools falling into adversarial hands, potentially targeting banks, hospitals, or government systems. Anthropic's strategy with Project Glasswing sought to mitigate this by prioritizing defenses for key players.[web:2][web:4]
For those affected, the incident underscores vulnerabilities in vendor ecosystems, even for tightly controlled AI projects. Third-party contractors play a key role in AI development, but this case highlights how insider access combined with external probing can bypass safeguards. No widespread harm has been confirmed, yet it prompts questions about supply chain security in the rapidly evolving AI landscape.[web:1][web:4]
Looking ahead, Anthropic's investigation will determine if further restrictions or disclosures are needed, potentially influencing how regulators view high-risk AI deployments. The company may tighten vendor protocols, while participants in Project Glasswing continue using Mythos to bolster their defenses. Broader industry efforts to balance innovation with safety could accelerate in response, as the full probe details emerge.[web:3]