An unauthorized group of users gained access to Anthropic’s Claude Mythos model on the same day it was announced, according to a Bloomberg report released Tuesday. The users are said to be part of an online Discord group that searches for information about unreleased AI models.
The report says that one of the users had privileged access as a worker at a third-party contractor to Anthropic.
I requested comment from Anthropic on the incident, and a spokesperson responded via email that “we’re investigating a report claiming unauthorized access to Claude Mythos Preview through one of our third-party vendor environments.” The company also noted there was no evidence at this time that the reported activity extended beyond the third-party vendor environment or that Anthropic systems are affected.
In any case, this alleged incident highlights the risk of frontier AI models being targeted by unauthorized actors. While Bloomberg notes the users don’t appear to have been malicious, if powerful models like Mythos were to fall into the hands of a cyber gang or nation-state, there could be serious security complications for enterprises.
Frontier AI Companies Need Frontier Security
The news comes just two weeks after Anthropic announced Claude Mythos Preview and Project Glasswing, a program that offered access to organizations involved in building or maintaining critical software. Greenwing made a big deal of controlling access to this powerful new model and the idea that a group of users could sidestep these controls and access the model anyway would raise serious questions about Anthropic’s security controls.
It’s worth noting that news of Mythos first went public in a data leak, when descriptions of the model were stored in a publicly accessible data cache. The company also accidentally released part of the source code for its AI-powered assistant, Claude Code, due to “human error.”
Taken together, these incidents suggest that organizations can’t rely on frontier AI companies to restrict access to their most powerful models. Frontier AI companies are just as susceptible to human error and breaches as any other vendor, and given the offensive vulnerability discovery potential of Mythos, organizations need to become much faster at discovering and patching vulnerabilities.
“The Mythos incident is a warning that the biggest risk with advanced AI systems isn’t just model capability, it’s access control around the humans, vendors and systems that surround it. The minute a restricted AI system can be reached through a third-party pathway, you’re no longer dealing with an AI safety issue alone, you’re dealing with a systemic security failure that spans identity, supply chain and infrastructure,” John Paul Cunningham, CISO at identity security vendor Silverfort, told me via email.
“AI won’t need to ‘break in’ if it can inherit access through poorly governed identities, over-trusted integrations or weak vendor controls. But the real risk isn’t just how access is gained; it’s what the system is allowed to do once it has it. These systems need strong guardrails that explicitly define their lane: what they can access, what actions they can take and where those permissions must stop,” Cunningham said.
Cunningham said that powerful AI systems like Mythos must be secured like critical infrastructure, with continuous identity verification and strong runtime enforcement over what they can access and execute, so that access doesn’t automatically translate into unrestricted action.
Enterprises Need To Up Their Game Following Mythos
The drama surrounding Mythos highlights that enterprises can’t count on frontier AI companies to control risk. The moment models like Mythos or even GPT-5.4 Cyber are announced, defenders need to begin preparing to address the next generation of threats. It’s not just a question of these models being leaked to bad actors, but other providers developing models with similar capabilities that introduce new threats.
“There has been significant attention following reporting that Anthropic is investigating unauthorized access to Mythos, an AI system capable of identifying critical software vulnerabilities. While the investigation focuses on access and controls, the broader security implications are more important—and predictable,” Nicole Carignan, senior vice president, security and AI strategy and Field CISO at AI security firm Darktrace, told me via email.
“This highlights the continued weaponization of commercial tooling. Frontier and near‑frontier models are increasingly dual‑use by default. Capabilities designed to improve software quality and security can be repurposed with minimal friction to accelerate vulnerability discovery for malicious ends. This is not a failure of intent; it is an outcome of scale, accessibility and capability diffusion,” Carignan said.
Carignan says that these models will continue to be a target for threat actors who can exploit them to gain initial access to other organizations. Given that many critical vulnerabilities are not yet publicly known, access to models like Mythos can enable threat actors to exploit “unknown” vulnerabilities and enter a company’s internal environment.
From this perspective, security teams must assume that advanced vulnerability discoveries will continue to proliferate, as the window between discovery and exploitation continues to shrink. While it appeared that Project Glasswing might offer a grace period for the security community to come to terms with the risks of next-generation frontier AI models, this alleged breach suggests more immediate action could be required.
Time To Compromise
The most immediate risk is the contraction of time to exploitation. Models like Mythos give threat actors the capability to discover vulnerabilities faster than defenders can patch them, lowering the overall time-to-compromise.
“This isn’t a theoretical future risk. The wave is already forming offshore, and most organizations are still debating whether to build a seawall. AI hasn’t just made attackers faster, it has fundamentally changed the economics of exploitation,” Adam Arellano, Field CTO of AI DevOps company Harness, valued at $5.5 billion, told me via email.
“What once required a skilled threat actor, weeks of reconnaissance, and significant resources can now be automated, scaled, and deployed by someone with a capable model and a motivated prompt. Zero-day vulnerabilities that previously had a window of days or weeks before widespread exploitation are now being weaponized in hours. The asymmetry between attack and defense has never been more extreme,” Arellano said.
While the exposure presented by tools like Mythos and GPT-5.4-Cyber is limited, the situation is changing fast. Security leaders can’t afford to rely on frontier AI vendors to contain the risks of these powerful models. Now more than ever, organizations need to develop the ability to identify and remediate vulnerabilities at machine speed.
