Anthropic, the artificial intelligence company behind the Claude family of models, is investigating reports that a small group of unauthorised users gained access to its closely guarded Mythos AI model.
According to Bloomberg, the group, whose members belong to a private Discord channel dedicated to tracking unreleased AI models, reportedly obtained access through a third-party vendor environment.
One method involved credentials held by an individual employed at an unnamed third-party contractor working for Anthropic, while another relied on commonly used internet research tools.
The group is also said to have guessed the model's online location based on familiarity with the URL formatting conventions Anthropic has used for other models.
Access was reportedly gained on the same day Anthropic announced plans to release a preview of Mythos to a limited number of companies for testing, and the group has been using the model regularly since, though not for cybersecurity purposes.
The source, who asked not to be named for fear of reprisal, described the group's intent as curiosity-driven and provided Bloomberg with screenshots and a live demonstration of the software.
Anthropic said it has found no evidence so far that the unauthorised activity has affected its core systems.
Claude Mythos Preview is the company's most advanced model to date, a general-purpose system whose coding and reasoning capabilities give it formidable cybersecurity applications.
Anthropic has said the model identified thousands of zero-day vulnerabilities, including critical flaws in every major operating system and web browser, some of which had gone undetected for years.
The company chose not to release Mythos publicly, instead restricting access to more than 40 technology and infrastructure organisations under an initiative called Project Glasswing.
Partners include Amazon Web Services, Apple, Cisco, CrowdStrike, Google, JPMorgan Chase, Microsoft and Nvidia, all tasked with using the model for defensive security work.
Anthropic committed up to $100 million in usage credits to support the programme, alongside $4 million in donations to open-source security organisations.
Financial regulators in Australia and South Korea have since raised concerns about the model's potential to destabilise banking systems, joining earlier warnings from several EU nations.
Related reading
- Anthropic spots 'emotion vectors' inside Claude
- Attack on OpenAI boss Sam Altman reflects a growing backlash against the artificial intelligence industry
- OpenAI publishes open-source teen safety tools for developers building AI apps
US Treasury Secretary Scott Bessent convened a meeting of senior American bank chief executives in Washington this month to discuss the model, encouraging institutions to use Mythos to detect vulnerabilities in their own systems.
The breach raises questions about the adequacy of third-party vendor security controls around a tool Anthropic itself has described as too powerful for general release.
The recap
- Unauthorised users accessed Mythos in a private online forum.
- Access occurred the same day Anthropic announced testing.
- Account corroborated with screenshots and a live demonstration.
