Anthropic is reviewing reports that unauthorized users may have gained access to Mythos, a newly developed artificial intelligence model that the company has kept out of public release because of its potential cybersecurity implications.
According to reports, access to the model was allegedly obtained through an environment linked to a third-party vendor rather than through Anthropic’s own internal systems. The company has said it is investigating the claims and, at this stage, has not found evidence that its core infrastructure was compromised or that the incident extended beyond the external vendor setup.
Mythos is described as a highly sensitive AI system developed for enterprise security use. Anthropic has limited testing of the model to a small circle of technology, finance and cybersecurity organizations, arguing that broader release would carry significant risks because of the model’s advanced capabilities in the cybersecurity domain.
The reported breach has raised fresh questions about how experimental AI systems are protected when outside contractors and partner environments are involved. Reports indicate that a private online group may have used several methods to gain entry and, once successful, continued interacting with the model over a period of time.
Anthropic confirmed that it is examining the situation following the emergence of claims about unauthorized access to a preview version of Mythos. In its public response, the company stressed that there is currently no sign that its own systems were directly affected.
The model is part of a limited-access initiative aimed at a select group of major organizations. Reports have linked the testing phase to companies including Amazon, Apple and JPMorgan Chase, while several large financial institutions are also said to be evaluating the tool for vulnerability detection and cyber risk analysis.
Mythos has drawn attention because of its positioning as a powerful security-focused AI system intended for controlled deployment rather than open release. That makes the reported incident particularly notable, as it highlights the growing challenge of securing advanced AI products even when distribution is tightly restricted.
The case is likely to intensify debate over how frontier AI models are governed, especially those designed for high-stakes environments such as cybersecurity and finance. It also underscores a broader concern facing the industry: limiting access to powerful systems may reduce risk, but it does not eliminate the vulnerabilities that can emerge through external partners and supply-chain exposure.
