- A small group of unauthorized users gained access to Anthropic’s Mythos AI model on the same day Anthropic announced its restricted rollout — using a mix of a contractor’s access credentials and internet sleuthing tools to locate the model’s online endpoint.
- Anthropic has described Mythos as capable of identifying and exploiting vulnerabilities “in every major operating system and every major web browser” — a capability so dangerous the company limited access to select software firms through a program called Project Glasswing.
- Anthropic confirmed it is “investigating a report claiming unauthorized access to Claude Mythos Preview through one of our third-party vendor environments” but says it has no evidence the access extended beyond that vendor environment or impacted Anthropic’s own systems.
- The group — who communicated through a private Discord channel focused on hunting for unreleased AI models — say they used Mythos for benign tasks like building simple websites to avoid detection, not for cybersecurity exploits; they also claim access to a range of other unreleased Anthropic models.
What Happened?
Bloomberg News has learned that a small group of unauthorized users accessed Anthropic’s Mythos AI model — the company’s most powerful and most restricted release — on the very day Anthropic first announced its controlled rollout. The group, communicating through a private Discord channel, pieced together Mythos’s online location by making an educated guess about Anthropic’s URL format for model endpoints — a format partially revealed in a recent data breach at Mercor, an AI training startup. Crucially, one member of the group had legitimate credentials as a contractor for a company that performs AI evaluation work for Anthropic, providing the access token needed to actually connect. Anthropic has since confirmed it is investigating the incident, characterizing it as involving a third-party vendor environment rather than its core systems. The group says it has also accessed other unreleased Anthropic models and has not used Mythos for any cybersecurity-related tasks.
Why It Matters?
Mythos is not an ordinary AI model. Anthropic itself has described it as capable of autonomously identifying and exploiting security vulnerabilities across every major operating system and browser — a level of cyberattack capability that put it at the center of a national security debate when it was first disclosed. That’s precisely why Anthropic restricted access to a controlled group of approved software firms through Project Glasswing, allowing them to test their own defenses against what Mythos can do. The unauthorized access — achieved through a combination of supply chain vulnerability (a third-party contractor’s credentials) and open-source intelligence (URL pattern inference) — demonstrates a fundamental problem with controlling frontier AI models: the access perimeter is only as strong as its weakest vendor. If a group of hobbyist model hunters can breach the boundary without malicious intent, the same techniques are available to actors who do have malicious intent.
What’s Next?
Anthropic’s investigation will likely focus on tightening its third-party contractor access controls and auditing which of its model endpoints are discoverable through standard internet scanning tools. The incident adds pressure on the company’s Project Glasswing rollout — which includes Apple, Amazon, and Cisco among its early testers — to ensure that the model’s most dangerous capabilities remain contained within approved environments. More broadly, the breach raises a question that regulators and AI safety researchers have long flagged: as AI models become powerful enough to enable large-scale cyberattacks, can any company reliably prevent them from proliferating beyond their intended access boundaries? Anthropic’s answer, at least for now, appears to be “not entirely.”
Source: Bloomberg
