Unauthorized users breach Anthropic's restricted Mythos AI model

2026-04-22 · Source: The Decoder · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy · Depth: Fundamental Awareness, quick

Summary

Unauthorized users accessed Anthropic's restricted Claude Mythos AI model, which the company deems powerful enough to facilitate dangerous cyberattacks. This model is typically available only to select partners like Apple, Amazon, and Cisco via its "Project Glasswing" program. A small group of users from a private Discord channel gained access on April 22, 2026, utilizing credentials from an Anthropic contractor and information from a data leak at AI startup Mercor. While the group reportedly used Mythos for benign tasks such as building simple websites, they also claim access to other unreleased Anthropic AI models. Anthropic is investigating the incident, noting no current indication of compromise beyond the external contractor's environment.

Key takeaway

For CTOs and VPs of Engineering managing access to sensitive AI models, this incident underscores the imperative to fortify supply chain security. You should immediately review and strengthen access controls for contractors and third-party partners, particularly concerning high-value intellectual property like advanced AI models, to prevent unauthorized exposure and potential misuse.

Key insights

Unauthorized access to a restricted AI model highlights persistent security vulnerabilities in credential management and partner ecosystems.

Principles

• Third-party access points are critical security risks.
• Data leaks can compound credential compromise.

In practice

• Implement robust credential rotation policies.
• Audit third-party access to sensitive systems.

Topics

• Anthropic
• Claude Mythos
• AI Model Security
• Data Breach
• Project Glasswing

Best for: CTO, VP of Engineering/Data, Executive, AI Security Engineer, MLOps Engineer, Director of AI/ML

Related on AIssential

• Mythos AI: Anthropic Investigates Unauthorised Access Claims — Anthropic's powerful Mythos AI, capable of chaining software vulnerabilities, faces unauthorized access claims, raising national security concerns.
• Anthropic's secret 'Mythos' model — Anthropic's 'Claude Mythos' AI, with advanced cyber capabilities, was accidentally leaked, signaling a new frontier model tier.
• Anthropic invites 150 more organizations into Project Glasswing — Claude Mythos is an AI model capable of advanced software vulnerability detection and exploitation, raising significant security concerns and regulatory attention.
• Anthropic Accidentally Told the World Its AI Can Break the Internet — A misconfigured CMS exposed Anthropic's advanced AI model, Claude Mythos, impacting cybersecurity markets and raising safety concerns.
• What Happens When AI Gets Too Good at One Thing — Advanced AI models like Mythos pose dual-use risks, capable of both exploiting and securing critical software infrastructure.
• The NSA Is Using Anthropic’s Mythos While Being a Security Risk — The U.S. government's actions regarding Anthropic's AI models reveal a contradiction between public risk assessment and operational use.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by The Decoder.