Unauthorised group reportedly accessed Anthropic’s restricted cyber tool Mythos

A group of unauthorised users has reportedly gained access to Mythos, the cybersecurity-focused AI tool recently introduced by Anthropic.

Mythos has been positioned as a highly advanced enterprise security system. Still, the company has also warned that its capabilities could be misused as a powerful hacking tool if it falls into the wrong hands. Now, according to a Bloomberg report, a private online forum with unidentified members managed to access the tool through a third-party vendor channel.

An Anthropic spokesperson confirmed the company is investigating the incident, stating: "We're investigating a report claiming unauthorised access to Claude Mythos Preview through one of our third-party vendor environments." The company also said it has not found any evidence that the reported activity has affected its internal systems.

According to the report, the group allegedly attempted multiple methods to gain access, including leveraging permissions associated with an individual whom Bloomberg interviewed. That person is reportedly employed by a third-party contractor working with Anthropic.

The individuals involved are said to be part of a Discord-based community that tracks and discusses unreleased AI models. The group reportedly began using Mythos shortly after gaining access and even provided Bloomberg with screenshots and a live demonstration of the tool.

Bloomberg further reported that the group obtained access on the same day Mythos was publicly announced. It allegedly deduced the model's location by analysing Anthropic's naming conventions and infrastructure patterns used in previous deployments.

The source cited in the report described the group as being primarily interested in experimenting with new AI models rather than causing malicious harm.

Mythos was initially made available only to a limited set of partners under a controlled program known as Project Glasswing, which reportedly includes select vendors such as Apple and other enterprise customers. The restricted rollout was intended to prevent misuse by malicious actors and limit exposure of the system's capabilities.

Anthropic had positioned the limited-access approach as a safeguard to ensure that Mythos could be used to strengthen enterprise cybersecurity rather than be repurposed for offensive cyber operations.

If confirmed, the unauthorised access could raise concerns for Anthropic, particularly given that the restricted-release strategy was designed specifically to mitigate risks of security AI tools being exploited outside controlled environments.