A group of unauthorized users reportedly has gained access to Anthropic\u2019s controversial Claude Mythos Preview AI frontier model despite the AI vendor\u2019s efforts to keep it out of public hands by limiting the organizations that can use it.<\/p>\n
Bloomberg reported<\/a> that the unnamed group had tried multiple ways to gain access to the AI model since it was first announced earlier this month, and finally was able to get through via a third-party vendor. The users, who accessed Mythos on the day it was announced, are part of a Discord online forum group known to search for information about unreleased AI models.<\/p>\n According to the report, the group, using knowledge it had about a format Anthropic had used for other models, \u201cmade an education guess about [Mythos\u2019] online location.\u201d A person inside the group that Bloomberg communicated with told the news outlet that they were \u201cinterested in playing around with new models, not wreaking havoc with them.\u201d<\/p>\n In a statement<\/a> to TechCrunch, an Anthropic spokesperson said the company was investigating the claim of unauthorized access to Mythos through a third-party vendor, and that the company has not found indications that the group\u2019s activities have effected its systems.<\/p>\n Mythos\u2019 Ongoing Ripple Effect<\/p>\n Anthropic\u2019s announcement<\/a> of Mythos April 7 sent shockwaves through the cybersecurity industry. The vendor described a frontier model that is significantly better than any other developed at detecting and identifying software vulnerabilities, noting that in tests, Mythos was able to find a security flaw that had been present yet undetected for 27 years.<\/p>\n However, the model also is very good at creating exploits<\/a> for the vulnerabilities, which convinced Anthropic executives to limit the release of Mythos to a select group of organizations that will use them to create stronger defenses as part of the AI vendor\u2019s new Project Glasswing<\/a>.<\/p>\n OpenAI a week later followed a similar path with the unveiling of GPT-5.4-Cyber<\/a>, a frontier model focused on cybersecurity that the vendor also designated for particular users, though granting access to more organizations and individuals than Anthropic.<\/p>\n The introduction of Mythos ignited debates about everything from cybersecurity as such autonomous AI models come into play to what organizations need to do to secure their IT environments to whether Mythos\u2019 capabilities are unique.<\/p>\n Speed is the Difference<\/p>\n However, enterprises and their security teams need to pay attention, according to Brian Fox, co-founder and CTO of Sonatype, which provides a software supply chain management platform.<\/p>\n \u201cIf the early reporting is right, Mythos could be a watershed moment,\u201d Fox said. \u201cWhat is not new is the reality it is forcing people to confront. Beneath the AI framing sits the same software supply chain reality we have been discussing for years: dependencies, build pipelines, third-party software, and infrastructure remain the attack surface.\u201d<\/p>\n Fox added that \u201cwhat changed is speed. AI can now find and operationalize weaknesses across that stack faster than most organizations can inventory, prioritize, and patch them. What we are seeing in response to the Mythos news is many organizations coming to terms with a reality that has existed for a long time: they are not actually in control of their software supply chains.\u201d<\/p>\n Addressing the Threats<\/p>\n Tech vendors are beginning to roll out offerings aimed at helping organizations deal with the cyber risks posed by such frontier models. IBM Consulting last week introduced IBM Autonomous Security<\/a>, a collection of specialized agents created to make enterprises\u2019 often sprawling security stacks work a more unified and coordinated fashion and creating what the vendor called \u201ca systemic defense\u201d that is needed to address the autonomous and fast-moving threats from such models.<\/p>\n At the same time, IBM is offering a new service for assessing a company\u2019s security weaknesses and responding to them.<\/p>\n Likewise, Palo Alto Networks launched Unit 42 Frontier AI Defense<\/a>, an offering that uses AI models to help organizations \u201cidentify and validate the exposures most likely to be chained into real attacks before attackers weaponize them,\u201d with Sam Rubin, senior vice president of consulting and threat intelligence at Unit 42, writing that \u201cfrontier AI is changing what is possible for attackers. In the hands of defenders, it can become a decisive advantage.\u201d<\/p>\n What Publicly Available Models Can Do<\/p>\n Mythos and GPT-5.4-Cyber have garnered much of the attention about the cybersecurity risks such frontier models represent. However, some security vendors wrote that they tested publicly available AI models and found that many of them came close to or matched Mythos\u2019 ability to find and identify zero-day vulnerabilities.<\/p>\n Executives with startup Aisle, which offers an AI-native app security platform, wrote<\/a> that over the past year, they had built an AI system for discovering, validating, and patching zero-days in open source software.\u00a0In tests, they \u201ctook the specific vulnerabilities Anthropic showcases in their announcement, isolated the relevant code, and ran them through small, cheap, open-weights models. Those models recovered much of the same analysis.\u201d<\/p>\n The models included GPT-OSS-120b, DeepSeek R1, Qwen3, and Gemma 4. The results varied depending on the model and the task, they wrote.<\/p>\n The Real Story<\/p>\n