SAN FRANCISCO (FN), Anthropic said Tuesday it is investigating claims that unauthorized users gained access to its Mythos AI cybersecurity tool through a third-party vendor environment.
The company confirmed it received reports that individuals may have accessed the restricted model via a private online group, raising concerns about exposure of advanced vulnerability-hunting capabilities. Mythos, unveiled earlier this month under Project Glasswing, was released only to about 40 vetted organizations, including major technology and infrastructure firms.
According to sources familiar with the matter, the alleged breach involved guessing the model’s URL and exploiting contractor-level access. While Anthropic said there is no evidence its core systems were compromised, the incident underscores risks tied to vendor portals and the dual-use nature of frontier AI systems.
Mythos is designed to autonomously detect and chain software vulnerabilities across operating systems and browsers. Security experts warn that if misused, such tools could accelerate AI-driven cyberattacks.
Anthropic emphasized that its investigation is ongoing and that safeguards remain in place. “We’re investigating a report claiming unauthorized access to Claude Mythos Preview through one of our third-party vendor environments,” the company said in a statement.
The probe comes amid heightened scrutiny of AI firms, with U.S. defense officials previously flagging Anthropic as a supply chain risk due to the offensive potential of its models.
