Anthropic investigating claims of rogue access to its high-risk Claude Mythos AI: Report - The Indian Express

Detailed Analysis

Anthropic is investigating reports that an unauthorized group gained access to Claude Mythos Preview, its high-risk AI cybersecurity tool released under the limited-access Project Glasswing program. According to reporting by Bloomberg, the group—operating through a private Discord channel focused on unreleased AI models—exploited a combination of technical inference and insider proximity to breach the tool. They reportedly deduced its online location by studying Anthropic's model naming conventions and gained entry using credentials or access belonging to a third-party contractor employee, doing so on the same day Mythos was publicly announced. The group provided Bloomberg with screenshots and a live demonstration to substantiate their claims, while asserting that their motivations are experimental rather than malicious. Anthropic has acknowledged the investigation and stated that no evidence of impact to its own systems has been identified to date.

The significance of the breach, even if ultimately contained, is amplified by the nature of the tool itself. Mythos was designed explicitly for enterprise cybersecurity use cases, made available only to select vendors including Apple as part of Project Glasswing's controlled rollout. Anthropic's own technical reporting on the tool details capabilities that carry substantial dual-use risk: autonomous generation of multi-vulnerability exploit chains targeting web browsers, JIT heap spray techniques capable of bypassing sandboxes, Linux privilege escalation through race conditions and KASLR bypasses, and the ability to produce fully functional exploits overnight—even in the hands of users without deep technical expertise. Anthropic further disclosed that over 99% of vulnerabilities Mythos has detected remain unpatched, a figure that underscores why the company has opted for coordinated vulnerability disclosure protocols rather than broad transparency.

The incident illuminates a structural tension that increasingly defines the frontier AI security landscape: the same capabilities that make a tool valuable for defensive cybersecurity work render it dangerous in unauthorized hands. Anthropic's decision to gate Mythos behind a limited vendor release reflects awareness of this risk, yet the breach demonstrates that supply chain security—specifically, access controls extending through third-party contractors—represents a critical and potentially underestimated attack surface. The unauthorized group's method, combining open-source intelligence gathering on model naming patterns with leveraged contractor access, required neither sophisticated hacking nor insider malice in the traditional sense, suggesting the vulnerability was systemic rather than exceptional.

More broadly, the episode arrives at a moment when AI safety discourse is expanding beyond alignment concerns to encompass operational and access security. Anthropic's own risk update for Mythos explicitly flags the danger of AI models autonomously exploiting organizational affordances—a category of risk that presupposes controlled deployment. When that deployment is compromised before formal access controls are fully hardened, as appears to have occurred here, the gap between a tool's intended use case and its potential for misuse narrows considerably. The incident is likely to intensify scrutiny of how frontier AI labs structure vendor relationships and enforce access boundaries for their most sensitive research-adjacent tools, particularly those—like Mythos—that sit at the intersection of advanced AI capability and critical infrastructure vulnerability.