Anthropic investigates report of rogue access to hack-enabling Mythos AI

2026-04-22 · Source: AI (artificial intelligence) | The Guardian · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy · Depth: Novice, quick

Summary

Anthropic is investigating reports of unauthorized access to its Mythos AI model, a system unreleased to the public due to its advanced capability in detecting cybersecurity vulnerabilities and enabling cyber-attacks. Bloomberg reported on Wednesday, April 22, 2026, that a small group of users in a private online forum gained access to Mythos. This access was allegedly obtained through a third-party contractor environment, with one user being an employee of such a contractor. The UK's AI Security Institute (AISI) has vetted Mythos, warning it represents a significant escalation in cyber-threat potential, capable of executing multi-step attacks and autonomously discovering IT system weaknesses that would typically take human professionals days to identify. Mythos successfully completed a 32-step cyber-attack simulation in three out of ten attempts.

Key takeaway

For CTOs and VPs of Engineering evaluating AI model deployment, this incident underscores the critical importance of supply chain security. You must rigorously vet third-party vendor access to sensitive AI systems and implement robust access controls. Failure to do so could expose your organization to significant cybersecurity risks, especially with models capable of autonomous vulnerability discovery.

Key insights

Unauthorized access to advanced AI models like Mythos poses significant cybersecurity risks.

Principles

• Third-party vendor security is critical.
• Advanced AI models can automate complex cyber-attacks.

In practice

• Implement stringent third-party access controls.
• Conduct regular security audits for AI models.

Topics

• Anthropic
• Mythos AI
• Cybersecurity Vulnerabilities
• Unauthorized Access
• AI Security Institute

Best for: CTO, VP of Engineering/Data, Executive, AI Security Engineer, Policy Maker, Director of AI/ML

Related on AIssential

• Unauthorized group has gained access to Anthropic’s exclusive cyber tool Mythos, report claims — Unauthorized access to a sensitive AI tool highlights third-party vendor security risks and the challenge of controlling powerful models.
• AI #162: Visions of Mythos — AI development faces escalating cybersecurity risks and complex economic and ethical debates, alongside rapid model advancements.
• BREAKING: Anthropic’s “Dangerous” AI Model Mythos LEAKED — Controlling access to powerful AI models is as critical as the models' inherent safety.
• The Hacker Sent by Anthropic to Calm the Government’s Nerves About AI Safety — AI models like Anthropic's Mythos can readily exploit critical software vulnerabilities, raising significant cybersecurity concerns.
• Mythos is about to CRASH the markets — Anthropic's Mythos model demonstrates unprecedented autonomous vulnerability chaining, raising significant cybersecurity concerns for financial institutions.
• Anthropic limits access to Mythos, its new cybersecurity AI model — Anthropic's Mythos AI identifies cyber vulnerabilities at scale but poses significant security risks itself.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by AI (artificial intelligence) | The Guardian.