A small group of unauthorized users has gained access to Anthropic's new Mythos AI model, a powerful cybersecurity tool the company warns could enable dangerous cyberattacks if misused, according to reports from Bloomberg News and TechCrunch.
The breach occurred through a third-party vendor environment, with the group—operating in a private online forum and Discord channel—exploiting access from an employee at one of Anthropic's contractors. As reported by Bloomberg, the users made an "educated guess" about the model's online location based on Anthropic's naming conventions for other models, securing entry on the same day the company publicly announced its preview release. They have since used Mythos regularly, providing journalists with screenshots and a live demonstration as proof, though the source emphasized the group is "interested in playing around with new models, not wreaking havoc."
Anthropic confirmed it is investigating the claims but stated there is no evidence its core systems have been impacted. "We’re investigating a report claiming unauthorized access to Claude Mythos Preview through one of our third-party vendor environments," a company spokesperson told TechCrunch. The firm designed Mythos exclusively for enterprise security teams to address fears that its advanced capabilities—such as aiding in sophisticated hacking simulations—could fall into the wrong hands.
This incident underscores growing vulnerabilities in the rollout of cutting-edge AI tools, particularly those with dual-use potential for defense or offense in cybersecurity. Anthropic released Mythos in a limited preview to mitigate such risks, but the quick unauthorized access raises questions about vendor security practices and the challenges of safeguarding unreleased models amid enthusiast communities eager for early peeks.
Those affected include Anthropic's enterprise clients, who rely on the tool for bolstering defenses, as well as the broader tech ecosystem where AI-driven cyber threats are escalating. The person familiar with the matter, still employed by the third-party contractor, highlighted attempted strategies like leveraging insider "access," though identities of the forum members remain undisclosed.
Looking ahead, Anthropic's ongoing probe will likely determine if patches or access revocations are needed, potentially delaying wider rollout. Bloomberg Intelligence analyst Matt Bloxham noted the episode spotlights the high stakes of powerful AI in cybersecurity, where even exploratory misuse could preview real-world dangers. Tech leaders may now face heightened scrutiny over supply chain protections for AI previews.