Anthropic is investigating reports of unauthorized access to its exclusive AI tool Mythos, obtained through a third-party vendor, but has not yet found evidence of impact on its internal systems.
According to Bloomberg, an unauthorized group gained access to Mythos – a new cybersecurity tool developed by Anthropic. This access was achieved through a third-party vendor. In response to the reports, Anthropic told TechCrunch that it is investigating these claims but has not yet identified evidence of impact on its internal systems or data. Mythos is an advanced AI product designed to enhance corporate security. It was released only to a limited circle of select partners, including major corporations like Apple, as part of a closed initiative called Project Glasswing. Members of the unauthorized group, participating in a Discord channel specializing in finding unreleased AI models, provided Bloomberg with interface screenshots and even a live demonstration of the software's operation, confirming their claims of access.
Anthropic positions Mythos as an exceptionally powerful tool for strengthening corporate defense, capable of significantly improving threat detection. However, the company simultaneously acknowledges that in the “wrong hands,” this tool could become an extremely effective means for conducting sophisticated hacking attacks. It was precisely with the aim of preventing such malicious use and ensuring maximum security for the enterprises for which the product was intended that the model was released in a limited edition and under strict control. A potential incident of unauthorized access, if confirmed during the investigation, creates a serious ethical and technical dilemma for Anthropic, vividly highlighting the complexities of applying artificial intelligence in the critical field of cybersecurity. The company initially sought to ensure a completely exclusive and strictly controlled release of Mythos to fully allay any market concerns regarding the security of its clients.
The alleged leak of information or the tool itself could seriously undermine confidence in Anthropic's own security measures, as well as in the reliability of its supply chain partners. Notably, the group, by their own admission, gained access to the tool on the very day Anthropic publicly announced its existence. Group members state that their primary interest is in “playing with new models, not causing harm,” thus attempting to distance themselves from malicious activities. They claim to have “made an educated guess about the model's online location,” based on deep knowledge of standard formats Anthropic used for deploying its other AI products.
According to Bloomberg's investigation, unauthorized access was made possible by using the credentials of an individual who had previously given an interview to the publication and is currently an employee of a third-party contractor of Anthropic. This alarming fact convincingly points to a potential vulnerability that may lie not only in the developer company's own infrastructure but also in the broader supply chain or partnership relationships, which requires a comprehensive review of security protocols.
