Anthropic is investigating reports that an unauthorized group may have gained access to its Claude Mythos artificial intelligence (AI) model, which the company warned could become a potential hacking tool.
“We’re investigating a report claiming unauthorized access to Claude Mythos Preview through one of our third-party vendor environments,” an Anthropic spokesperson said in a statement to Bloomberg.
According to Anthropic, Claude Mythos is designed to identify and exploit vulnerabilities across major operating systems and web browsers. The model has been shared with only a small group of major companies, including Amazon, Apple, Google, Microsoft and Nvidia, as part of an effort called Project Glasswing, amid concerns it could be used for hacking.
Experts and officials have warned that tools like Mythos, if accessed by malicious actors, could be used to target critical infrastructure, including banks, hospitals and government systems.
The unauthorized access reportedly began around April 7, the same day Anthropic announced limited testing of Mythos.
According to reports, the anonymous group, communicating through a private Discord channel, did not use advanced hacking techniques but instead guessed the model’s online location using past Anthropic naming conventions, including information exposed in a recent data breach at AI startup Mercor.
After identifying where Claude Mythos was hosted, the group used additional methods to gain access. One member already had privileged access as a worker at a third-party contractor for Anthropic, according to Bloomberg.
One member told Bloomberg the group was not using Claude Mythos for malicious purposes but for tasks such as building simple websites.
Anthropic said it has not found evidence that the issue extends beyond the third-party vendor environment or that its core systems have been compromised.
Anthropic has not indicated whether additional safeguards will be implemented.
