Anthropic is examining claims that a limited number of individuals may have gained unauthorized access to its highly advanced Claude Mythos AI model, a cybersecurity-focused system the company considers too sensitive for public release.
"We're investigating a report claiming unauthorized access to Claude Mythos Preview through one of our third-party vendor environments," the company said in a statement.
The investigation follows a Bloomberg report alleging that users on a private online forum were able to interact with the model without receiving official authorization.
The Claude Mythos model has attracted significant attention due to its reported ability to identify and exploit security vulnerabilities at scale. While concerns continue to grow around the risks associated with powerful AI systems, some officials believe such tools could ultimately improve cybersecurity if managed responsibly.
Anthropic clarified that there is currently no evidence suggesting its own systems were compromised or that malicious actors have taken control of the model. However, the incident has renewed concerns about whether major AI firms can effectively safeguard advanced frontier AI technologies from unauthorized access.
Cybersecurity experts suggest the issue may not have resulted from a traditional hacking attack. According to Raluca Saceanu, chief executive of cybersecurity firm Smarttech247, the incident was "most likely through misuse of access rather than a classic hack."
Anthropic has reportedly provided select technology and financial organizations with access to the Mythos model to help strengthen their cybersecurity defenses. However, such partnerships rely heavily on third-party organizations maintaining strict internal access controls.
According to Bloomberg, the individual linked to the access claim may have already possessed permission to view Anthropic’s AI systems through work connected to a third-party contractor. The report further stated that the group continued using the model after obtaining access, although they allegedly avoided using it for offensive hacking activities to remain undetected.
"When powerful AI tools are accessed or used outside their intended controls, the risk is not just a security incident but the spread of capabilities that could be used for fraud, cyber abuse, or other malicious activity," Saceanu said.
Meanwhile, UK cybersecurity officials continue to stress both the risks and opportunities presented by advanced AI systems. Speaking at the CyberUK conference, National Cyber Security Centre (NCSC) chief Richard Horne highlighted how frontier AI technologies are rapidly changing the cybersecurity landscape.
"As we have seen in the media in recent days, frontier AI is rapidly enabling discovery and exploitation of existing vulnerabilities at scale, illustrating how quickly it will expose where fundamentals of cyber-security are still to be addressed," he said.
Horne encouraged organizations not to panic over emerging AI-driven threats but instead focus on strengthening basic cybersecurity practices such as software updates and modernizing outdated IT systems.
During the same event, UK Security Minister Dan Jarvis urged closer collaboration between governments and AI developers to ensure advanced AI technologies are used to protect critical infrastructure and national networks.
Most frontier AI systems are currently being developed by companies based in the United States and China, leaving countries like the UK dependent on foreign firms for access to cutting-edge cybersecurity tools such as Mythos.
The growing role of AI in cybersecurity comes amid rising concerns over cyber warfare and digital attacks linked to nation-state actors, particularly Russia and China. The NCSC has increasingly described cyberspace as the “home front” of modern defense, emphasizing the expanding role of cyber operations in global conflicts.
