Anthropic confirmed it is investigating a report that a compact group of unauthorized users gained access to its unreleased AI model Claude Mythos Preview through a third-party environment on April 7, the same day the company announced plans for a limited test phase.
The model, presented as Anthropic’s most capable system for programming tasks and autonomous action, is intended exclusively for selected organizations in defensive cybersecurity under Project Glasswing. According to Bloomberg, citing documents and an insider, the users accessed the preview in a private online forum and have used it regularly since, though not for cybersecurity purposes.
Anthropic stated the preview version is distributed only to vetted entities for defensive security operate. Experts and regulators warn the model could be misused to identify and exploit vulnerabilities in widely used operating systems and web browsers, noting it has already detected thousands of previously undetected security flaws in common software.
The incident occurs amid a strained relationship between Anthropic and the U.S. Government. The Pentagon previously labeled the company a supply chain risk after it refused to allow its AI models to be used in autonomous weapons systems or mass surveillance in the U.S., prompting Trump administration officials to ban federal agencies from doing business with the firm.
Anthropic challenged the decision in court but later demonstrated the strategic value of its technology to U.S. Interests, emphasizing that while Claude Mythos could be a dangerous cyberweapon in the wrong hands, it could also help government agencies harden their own systems and uncover foreign espionage vulnerabilities.
The company said it is investigating how the breach occurred through a third-party environment and has not disclosed the identity or motives of the group involved. No public release of the model is planned and access remains restricted to approved cybersecurity partners under Project Glasswing.
While Anthropic maintains its models must not be weaponized, the episode underscores the tension between safeguarding advanced AI capabilities and demonstrating their utility to national security stakeholders who remain wary of the risks posed by powerful autonomous systems.
How did the unauthorized users gain access to Claude Mythos Preview?
According to Bloomberg, citing documents and an insider, the users obtained access through a private online forum via a third-party environment on April 7, the day Anthropic announced its limited test phase.
What makes Claude Mythos Preview significant in terms of capability and risk?
Anthropic describes it as its most powerful model for programming and autonomous action, capable of identifying thousands of previously undetected security flaws in widely used software, which experts warn could be exploited for offensive cyber operations if misused.
