Anthropic's Mythos AI Model Access Breach Under Investigation

Anthropic is investigating a report of unauthorized access to its Mythos AI model, which the company has deemed too powerful to release publicly due to its potential cybersecurity risks, according to Euronews.

The company stated it is examining claims that a small group gained access to the Claude Mythos Preview through a third-party vendor environment, with Anthropic confirming, "We're investigating a report claiming unauthorized access to Claude Mythos Preview through one of our third-party vendor environments."

According to BBC reporting, the group had legitimate access through a third-party contractor that works with Anthropic, suggesting the access was likely through misuse of permissions rather than a traditional security breach. The group reportedly used the model for defensive cybersecurity purposes without detection.

Anthropic's Mythos model, described as "too dangerous to release" due to its ability to identify and exploit software vulnerabilities, has been tested by major financial institutions including Goldman Sachs, Citigroup, Bank of America, and Morgan Stanley as part of Project Glasswing, a cybersecurity initiative designed to help organizations identify weaknesses before they're exploited.

Scientific American's analysis of Anthropic's 245-page technical documentation revealed Mythos scored 31 percentage points higher than previous models on the USAMO 2026 Mathematical Olympiad and demonstrated the ability to find critical vulnerabilities in widely used operating systems and web browsers, with 99% of identified flaws remaining unpatched.

Despite Anthropic's caution, cybersecurity experts remain divided on the true severity of the threat. Peter Swire, a cybersecurity professor at Georgia Tech, noted that "a large fraction of cybersecurity professors believe this is pretty much what was expected, and pretty much more of the same."

The incident highlights growing concerns about the security of advanced AI models as they become more capable of identifying vulnerabilities. As Richard Horne, head of the UK's National Cyber Security Centre, stated at a cybersecurity conference, "frontier AI is rapidly enabling discovery and exploitation of existing vulnerabilities at scale, illustrating how quickly it will expose where fundamentals of cyber-security are still to be addressed."

Anthropic has not confirmed whether the unauthorized access has led to any security incidents or whether the model's capabilities were misused. The company continues to limit Mythos access to select organizations under Project Glasswing, with Anthropic CEO Dario Amodei emphasizing the model's defensive cybersecurity applications.

Artūras Malašauskas is an AI Systems Integrator with 20+ years of production-grade web engineering experience. He has designed, shipped, and scaled enterprise Python/PHP systems for logistics, SaaS, and public-sector clients. For the past year, he has focused exclusively on AI integrations: deploying open-source LLMs, building generative media pipelines (image, audio, video), and engineering multi-agent workflows for real production environments. His standard: reproducibility, security, cost-efficient inference—no vaporware. He documents and evaluates emerging AI tooling, separating verified capabilities from marketing noise. Technical editor at: muza-ai.eu, ai-verslas.lt, ai-naujinos.lt Connect on LinkedIn