Unauthorized Users Access Anthropic's Risky Mythos AI

Source: bloomberg.com

TL;DR

The story at a glance

A small group of unauthorized users gained access to Anthropic's new Mythos AI model through a private online forum, according to a person familiar with the matter who shared documentation, screenshots, and a live demonstration with Bloomberg News. This occurred on the day Anthropic announced plans to release Mythos for testing to a limited number of companies. The model is powerful enough to enable dangerous cyberattacks, per Anthropic, and the users have used it regularly, though not for cybersecurity.

Key points

Details and context

The access highlights early security challenges for Anthropic's Mythos, a frontier AI model not released publicly due to its advanced cybersecurity capabilities, such as finding zero-day vulnerabilities and creating exploits. Anthropic launched Project Glasswing to provide controlled access to vetted partners like Apple, Amazon, Microsoft, Google, Nvidia, and JPMorgan for defensive testing against AI-powered threats.[[2]](https://www.bbc.com/news/articles/crk1py1jgzko)[[3]](https://www.scientificamerican.com/article/what-is-mythos-and-why-are-experts-worried-about-anthropics-ai-model)

Mythos represents a step change in AI abilities, outperforming prior models in benchmarks and saturating cybersecurity evaluations, leading Anthropic to restrict it rather than make it generally available.[[4]](https://www-cdn.anthropic.com/8b8380204f74670be75e81c820ca8dda846ab289.pdf)

Key quotes

None; reporting relies on anonymous sourcing without direct quotes.

Why it matters

Advanced AI models like Mythos raise stakes for global cybersecurity, as misuse could amplify attacks on critical software and infrastructure. Companies and investors in tech and cybersecurity face heightened risks from unauthorized access to such tools, potentially accelerating an AI-driven cyber arms race. Watch Anthropic's response, any official statements on the breach, and updates to Project Glasswing access controls.

What changed

Omit: No prior state to unauthorized access described.

FAQ

Q: How did unauthorized users access Anthropic's Mythos model?

A: A handful of users gained access via a private online forum on the day of Anthropic's limited release announcement. The person familiar provided screenshots and a live demonstration to corroborate. They have used it regularly since, not for cybersecurity.

Q: What makes Anthropic's Mythos model risky?

A: Anthropic states it is powerful enough to enable dangerous cyberattacks. The company limited release to select testers due to its advanced vulnerability discovery and exploitation abilities.

Q: When did the unauthorized access to Mythos occur?

A: It happened the same day Anthropic announced plans to release the model to a limited number of companies for testing. That announcement ties to April 7, 2026 coverage.

Q: Who sourced the report on Mythos unauthorized access?

A: A person familiar with the matter, who requested anonymity for fear of reprisal and shared documentation viewed by Bloomberg News.