Anthropic investigates unauthorized access to Claude Mythos cybersecurity tool

At a glance:

• Unauthorized users accessed Claude Mythos through a third‑party contractor portal and guessed its location via internet sleuthing tools.
• The breach involved a private Discord group and may extend to other unreleased Anthropic models.
• Anthropic’s limited‑preview partners include Amazon, Microsoft, Apple, Cisco and Mozilla, which used the model to patch 271 Firefox bugs.

What happened

Anthropic confirmed that a report of “unauthorized access” to its Claude Mythos model is under investigation. The company said the incident appears to have originated from one of its third‑party vendor environments, where a group of individuals managed to reach the model through a developer portal. According to sources, the actors were motivated by curiosity rather than malicious intent; they wanted to “try the models” rather than weaponise them.

The Claude Mythos Preview was launched earlier this month as part of Project Glasswing, a high‑profile rollout aimed at a select set of trusted test companies. Anthropic deliberately limited the preview to a handful of partners—Amazon, Microsoft, Apple, Cisco and Mozilla—so it could evaluate the model’s ability to discover security flaws in operating systems and browsers before a broader release.

How the breach occurred

The unauthorized group reportedly used a combination of internet sleuthing tools and educated guesses to locate the model’s endpoint within Anthropic’s developer infrastructure. They accessed the system via a third‑party contractor portal, a gateway typically reserved for external vendors that integrate with Anthropic’s services. Once inside, the group communicated through a private Discord chat, sharing their findings and speculating about possible access to other unreleased Anthropic models.

Security analysts note that such “developer‑portal” attacks exploit the trust relationships between a company and its vendors. By compromising a contractor’s credentials—or simply stumbling upon a misconfigured endpoint—attackers can bypass many of the protections that guard internal AI models. This incident underscores the growing attack surface around AI‑driven security tools, which are themselves designed to find vulnerabilities.

Who was involved

Anthropic’s preview partners have publicly spoken about the model’s capabilities. Mozilla, for example, disclosed that Claude Mythos helped it identify and patch 271 vulnerabilities in the Firefox browser, demonstrating the model’s practical value for large‑scale code review. In addition, a “growing number of banks and government agencies” have expressed interest in accessing the tool to harden their own systems, though none have been confirmed as victims of the breach.

The unauthorized actors remain unidentified beyond their presence on a Discord server. Their stated intent—to experiment with the model—does not diminish the risk, as any exposure of a powerful security‑analysis AI could eventually be repurposed for offensive operations.

Implications for AI security

The episode fuels ongoing debate about the dual‑use nature of AI security models. While experts like Alex Zenla, CTO of cloud‑security firm Edera, acknowledge the promise of AI‑assisted vulnerability discovery, they also warn that the same technology could enable “real‑world cyber attacks” if it falls into the wrong hands. The incident arrives at a time when the U.S. Department of Defense has labeled Anthropic a “supply‑chain risk,” a designation the company is actively seeking to have removed through discussions with the current administration.

If the breach extends to other unreleased Anthropic models, the potential impact could be broader than a single tool. Companies that rely on AI‑driven security assessments may need to reassess their vendor risk management practices, especially concerning third‑party access points and developer portals.

Anthropic’s response and regulatory backdrop

Anthropic issued a brief statement confirming that it is “investigating a report claiming unauthorized access to Claude Mythos through one of our third‑party vendor environments.” The company has not disclosed the technical details of its investigation, but it emphasized that the group appears to have been only testing the model rather than exploiting it for attacks.

Regulatory pressure is mounting. The DoD’s supply‑chain risk label reflects broader concerns about AI providers that could be leveraged in national‑security contexts. Anthropic’s ongoing talks with the U.S. administration aim to demonstrate robust security controls and to mitigate the risk perception that could affect future contracts and partnerships.

The incident serves as a cautionary tale for the AI industry: as models become more capable of uncovering software flaws, the mechanisms that protect the models themselves must evolve at an equal pace.