The breach raises fresh questions about third-party vendor security at a moment when Anthropic is deploying one of its most sensitive and closely watched AI models.
A small group of unauthorized users gained access to Anthropic‘s unreleased Mythos AI model on the same day the company announced plans to release it to a limited number of organizations for controlled testing, Bloomberg News reported Tuesday, citing internal documentation and a person familiar with the matter.
The users, operating through a private online forum, have been using Mythos regularly since gaining access, though not for cybersecurity purposes, according to the report.
Anthropic confirmed it was looking into the matter. “We’re investigating a report claiming unauthorized access to Claude Mythos Preview through one of our third-party vendor environments,” a company spokesperson said.
Also Read: What Two CEO Exits Tell Us About Leading Through AI
Mythos was announced on April 7 as part of Anthropic’s Project Glasswing, a controlled initiative under which select organizations are permitted to use the unreleased model for defensive cybersecurity purposes. The model has drawn attention from regulators over its reported ability to identify digital security vulnerabilities — and the potential for that capability to be misused.
The breach, if confirmed, would represent a significant lapse in access controls at a particularly sensitive moment. Anthropic has positioned Project Glasswing as a carefully managed program, and the unauthorized access appears to have occurred through a third-party vendor rather than Anthropic’s own systems directly.
