The Mythos AI model is designed to find software flaws — raising fears it could also accelerate cyberattacks. The breach comes just as Anthropic begins expanding access to select companies and government users.
Anthropic has opened an investigation after discovering that a small group of Discord users gained unauthorized access to the AI company’s powerful new Mythos model, Bloomberg reported on Tuesday.
The “small group of unauthorized users” was said to have accessed the advanced Mythos AI model the same day Anthropic began rolling out a preview of the model to a limited group of approved companies for testing in late February.
“We’re investigating a report claiming unauthorized access to Claude Mythos Preview through one of our third-party vendor environments,” Anthropic said in a statement.
With the model publicly introduced on April 7th, the incident is raising fresh concerns over how tightly the high-end cybersecurity tool is being controlled.
“I think the interesting thing is that everyone is going to focus on the headlines: ‘AI tool capable of cyberattacks falls into the wrong hands,’” says Gabrielle Hempel, Security Operations Strategist at Exabeam.
“The real problem, however, is that this model was never supposed to be broadly accessible, it was intentionally restricted to a small set of orgs due to dual-use risk, and it still leaked almost immediately due to a contractor environment.”
Anthropic has touted its Claude Mythos Preview model as “so powerful that it could enable dangerous cyberattacks,” according to a person familiar with the matter and documentation reviewed by the media outlet.
The San Francisco-based company said there was no evidence that the unauthorized access impacted any of Anthropic’s systems or went beyond the third-party vendor’s environment, Bloomberg reported.
Still, Anthropic has not publicly confirmed the full scope of the incident, and it remains unclear whether any vulnerabilities were identified or exploited by the unauthorized users.
Linas Beliunas, Head of Content Strategy at Oscilar commented: „The gap between what these labs are building and how they’re securing it is starting to look absurd. A few things stand out:
→ This was reportedly inference access, which is what matters most in practice. You do not need the weights if you can still prompt the model.
→ The weak point appears to have been vendor access and stale credentials, not Mythos itself.
→ Users reportedly used it for benign tasks like website building, which somehow makes the whole episode even more ridiculous 😭
→ The “closed = safer” argument gets much harder to defend when containment breaks this fast.
AI safety is not just evals, constitutions, and system cards. It is also boring operational discipline: credential hygiene, vendor controls, revoked access, and whether your infrastructure is less fragile than your branding. Turns out, the biggest vulnerability in frontier AI is still frontier humans.„
Stefanie Schappert, senior journalist at Cybernews concluded: „If a group of AI nerds could get into Mythos – allegedly without malicious intent – imagine the fallout if the next ones to slide through that door were actual criminals.„
Banking 4.0 – „how was the experience for you”
„To be honest I think that Sinaia, your conference, is much better then Davos.”
Many more interesting quotes in the video below:
