Anthropic Investigates Report of Rogue Access to Hack-Enabling Mythos AI
The Guardian
ENRICHED
Details
- Date Published
- 22 Apr 2026
- Priority Score
- 5
- Australian
- No
- Created
- 22 Apr 2026, 10:00 am
Description
‘Handful’ of people allegedly gain unauthorised access to model adept at detecting cybersecurity vulnerabilities
Summary
This breach of Anthropic's 'Mythos' model highlights the extreme difficulty of securing frontier AI systems that possess autonomous cyber-offensive capabilities. The UK AI Security Institute (AISI) has identified Mythos as a significant advancement in frontier AI, capable of executing multi-step cyber-attacks and identifying system vulnerabilities that typically require days of human expertise. Such unauthorized access to high-capability models underscores the catastrophic risks posed by model weight theft or leakages, particularly when the systems demonstrate frontier-level proficiency in automating large-scale digital sabotage. This event serves as a critical case study for global AI safety policy and the urgent need for more robust third-party vendor security protocols in the frontier AI ecosystem.
Body
Bloomberg said some users in a private online forum gained access to the Mythos preview. Photograph: Dado Ruvić/ReutersView image in fullscreenBloomberg said some users in a private online forum gained access to the Mythos preview. Photograph: Dado Ruvić/ReutersAnthropic investigates report of rogue access to hack-enabling Mythos AI‘Handful’ of people allegedly gain unauthorised access to model adept at detecting cybersecurity vulnerabilities
Business live – latest updates
The AI developer Anthropic has confirmed it is investigating a report that unauthorised users have gained access to its Mythos model, which it has warned poses risks to cybersecurity.The US startup made the statement after Bloomberg reported on Wednesday that a small group of people had accessed the model, which has not been released to the public because of its ability to enable cyber-attacks.“We’re investigating a report claiming unauthorised access to Claude Mythos Preview through one of our third-party vendor environments,” said Anthropic.Bloomberg said a “handful” of users in a private online forum gained access to Mythos on the same day Anthropic said it was being released to a small number of companies including Apple and Goldman Sachs for testing purposes.It reported that the unnamed users got to Mythos through access that one of them had as a worker at a third-party contractor for Anthropic and by deploying methods used by cybersecurity researchers.The group has not run cybersecurity prompts on the model and is more interested in “playing around” with the technology than causing trouble, according to Bloomberg, which corroborated the claims via screenshots and a live demonstration of the model.Nonetheless, news of the potential breach will alarm authorities who have raised concerns about Mythos’s potential to wreak havoc and will raise questions about how potentially damaging technology can be kept out of the wrong hands.Kanishka Narayan, the UK’s AI minister, has said UK businesses “should be worried” about the model’s ability to spot flaws in IT systems – which hackers could then act upon.The model has been vetted by the world’s leading safety authority for the technology, the UK’s AI Security Institute (AISI), which warned last week that Mythos was a “step up” from previous models in terms of the cyber-threat it posed.AISI said Mythos could carry out attacks that required multiple actions and discover weaknesses in IT systems without human intervention. It said these tasks would normally take human professionals days to carry out.Mythos was the first AI model to successfully complete a 32-step simulation of a cyber-attack created by AISI, solving the challenge in three out of its 10 attempts.Explore more on these topicsAI (artificial intelligence)HackingCybercrimeComputingnewsShareReuse this content