Unauthorized Users Gained Access to Anthropic's Restricted Mythos AI Model

A small group of unauthorized individuals managed to gain access to Anthropic's restricted AI model Mythos, according to a Bloomberg report citing internal company documents.

How the Breach Occurred

Bloomberg reports that several members of a private online forum began using the neural network on the day of its launch and have continued to access it regularly since. Anthropic positions Mythos as a system capable of discovering and exploiting vulnerabilities across all major operating systems and web browsers. Because of this, the company restricted access to a select group of software vendors only.

The intruders employed a combination of tactics to penetrate the system:

• Using credentials belonging to an employee of a third-party Anthropic contractor;
• Guessing the model's URL based on addressing patterns of other Anthropic systems;
• Extracting additional information from a data leak at startup Mercor.

Bloomberg's source claims the group intends only to experiment with the model and has no plans to cause harm. Beyond Mythos, the participants also have access to several other unreleased Anthropic neural networks.

An Anthropic spokesperson stated: "We are investigating a report of unauthorized access to Claude Mythos Preview through one of our third-party vendor environments."

Why This Matters

The incident exposes a fundamental challenge facing the AI industry — the difficulty of controlling the spread of potentially dangerous technologies. If a model designed to identify vulnerabilities in critical software became accessible through compromised contractor credentials and startup data leaks, a pressing question remains: who else may have gained access, and with what intentions?

The situation is compounded by Mythos's unique cybersecurity capabilities, making it a potentially dangerous tool in the wrong hands.

Mythos Capabilities: 271 Vulnerabilities Found in Firefox

The model's power has been validated through Mozilla's internal testing. The company revealed on its blog that an early version of Mythos helped identify 271 vulnerabilities in Firefox — all of which have since been patched. By comparison, a previous Anthropic model that Mozilla tested earlier detected only 22 vulnerabilities in an older Firefox version.

The results demonstrated how effectively advanced AI systems can analyze large codebases and uncover weaknesses that previously demanded extensive manual review by cybersecurity professionals.

Mozilla nevertheless acknowledged that achieving absolute security remains an "unrealistic goal." The company emphasized that all discovered bugs could have been found by a highly skilled human researcher as well.

"Some commentators believe that future AI models will discover entirely new forms of vulnerabilities that go beyond our current understanding. We don't think so," Mozilla stated.

Context: Mythos Continues to Make Headlines

Mythos has remained at the center of the news cycle throughout recent weeks. Earlier in April, reports emerged that the U.S. National Security Agency is using Mythos despite Anthropic's ongoing conflict with the Pentagon. In March, the company confirmed a leak of part of the source code for its AI programming tool Claude Code. An attempt to rectify the situation backfired when Anthropic accidentally deleted thousands of GitHub repositories.

This string of incidents raises serious questions about the ability of even leading AI companies to maintain reliable control over their own creations — especially when those systems possess potentially destructive capabilities.