Anthropic is under fresh scrutiny after an unauthorized online group accessed its cybersecurity-focused AI model, Mythos, through a third-party vendor environment shortly after its launch. Bloomberg first raised this issue and confirmed that a private online forum gained entry to the system, despite restricted rollout controls.
According to the reports, members of a private online group accessed Mythos soon after its launch announcement. The model, developed by Anthropic, was initially released under controlled conditions as part of its Project Glasswing rollout. The group reportedly entered the system through a third-party contractor environment linked to leveraging privileges tied to an individual associated with a partner firm.
The group is said to be part of a Discord channel focused on testing unreleased AI systems. Bloomberg reported that members had been using Mythos since its announcement day, sharing screenshots and even conducting live demonstrations to validate access. They allegedly identified the model’s online location by analysing previous deployment patterns used by Anthropic, raising questions about how predictable enterprise AI exposure paths have become.
Mythos was originally distributed to a limited set of vendors, including major partners such as Apple, as part of a tightly managed release strategy aimed at preventing misuse. The goal was to ensure cybersecurity capabilities remained restricted while testing enterprise integration. However, the latest incident suggests that third-party environments may represent a weak link in otherwise controlled deployments.
While Anthropic maintains that its internal systems remain uncompromised, the breach attempt underscores a broader issue. AI security is no longer confined to core infrastructure. Vendor ecosystems, contractor access, and parallel testing environments are becoming high-risk entry points.
The Mythos incident is less about a single breach and more about exposure in distributed AI systems. As enterprises rely on layered vendor networks, security control is only as strong as its weakest external link, and attackers are clearly paying attention to that gap.
Also Read: Cyber Security Council Urges Vigilance Against Human Error Amid 800,000 Daily Attacks