Anthropic is investigating reports that an unauthorized group gained access to its restricted Mythos AI cybersecurity tool just days after its limited release in April 2026.\u00a0<\/p>\n
\u201cWe\u2019re investigating a report claiming unauthorized access to Claude Mythos Preview through one of our third-party vendor environments,\u201d an Anthropic spokesperson said.<\/p>\n
The tool was shared with a small group of enterprise partners, including Apple and Goldman Sachs, and was not intended for public use. Reports noted a handful of users accessed Mythos through a contractor-linked system and have been using it since its launch, raising concerns about its capabilities to identify vulnerabilities and simulate cyberattacks.<\/p>\n
According to several reports, Anthropic is investigating claims that a private online group accessed Mythos through a third-party vendor system and has found no evidence that the activity extended beyond that environment or affected its internal systems.<\/p>\n
The Guardian noted<\/a> that a handful of users gained access on the same day Mythos was introduced to select partners.\u00a0<\/p>\n TechCrunch also stated<\/a> that the group used a range of methods to gain access, including relying on the \u201caccess\u201d of a person interviewed by Bloomberg who works for a third-party contractor supporting Anthropic<\/a>.<\/p>\n Members of the group are part of a private Discord community that seeks out unreleased AI models. Bloomberg reported that they have been using Mythos since gaining access and provided screenshots and a live demonstration to verify their claims.<\/p>\n Mythos is part of Anthropic\u2019s Project Glasswing initiative, which restricts access to a limited group of enterprise partners. The company has emphasized the model\u2019s dual-use nature. While it can help organizations identify vulnerabilities, it could also allow attackers to exploit them.\u00a0<\/p>\n Regulators have raised concerns about the model\u2019s potential misuse, even as the UK\u2019s AI Security Institute has vetted Mythos and described it as a step forward in cyber capability<\/a>, according to The Guardian.<\/p>\n In testing, Mythos completed a 32-step simulated cyberattack in several attempts, a task that would typically take human professionals days.\u00a0<\/p>\n UK AI minister Kanishka Narayan said businesses \u201cshould be worried\u201d about the model\u2019s ability<\/a> to uncover vulnerabilities that attackers could exploit.<\/p>\n The reported access highlights ongoing challenges in managing third-party risk, especially as AI systems become more powerful and widely deployed. Even when core systems remain secret, vendor environments can introduce exposure points.\u00a0<\/p>\n Financial Review highlighted that Anthropic said it had no evidence that the incident extended beyond the vendor system. \u201cAI labs commonly use third-party contractors for tasks such as model testing, although it was not clear which vendor was involved in the incident,\u201d the publication added.\u00a0<\/p>\n Global regulators are also monitoring the situation. The Reserve Bank of Australia said it is engaging with regulators and government agencies to assess the implications for financial system resiliency<\/a>.\u00a0<\/p>\n Anthropic\u2019s investigation is ongoing, and the full scope of the access<\/a> remains unclear. The outcome may influence how AI companies handle controlled releases of high-risk models.<\/p>\n Also read: <\/strong>NSA reportedly uses Anthropic\u2019s Mythos AI<\/strong><\/a> despite a \u201csupply chain risk\u201d designation.<\/strong><\/p>\n The post Unauthorized Group Gains Access to Anthropic\u2019s Mythos AI<\/a> appeared first on eWEEK<\/a>.<\/p>","protected":false},"excerpt":{"rendered":" Anthropic is investigating reports that an unauthorized group gained access to its restricted Mythos AI cybersecurity tool just days after its limited release in April 2026.\u00a0 \u201cWe\u2019re investigating a report claiming unauthorized access to Claude Mythos Preview through one of our third-party vendor environments,\u201d an Anthropic spokesperson said. The tool was shared with a small […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[],"class_list":["post-7895","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/7895"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=7895"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/7895\/revisions"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=7895"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=7895"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=7895"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}A high-risk AI tool under scrutiny<\/h2>\n
Vendor risk draws global attention<\/h2>\n