Anthropic model leak

A small group of unauthorized users accessed Anthropic’s Mythos model, according to Bloomberg, breaching controls around a system the company said could enable dangerous cyberattacks. (bloomberg.com) Bloomberg reported on April 21 that the access involved a “private online forum” and came through a third-party vendor rather than Anthropic’s own public products. TechCrunch, citing the Bloomberg report, said the users were not publicly identified. (bloomberg.com) (techcrunch.com) Mythos is not a consumer chatbot release. Anthropic introduced Claude Mythos Preview on April 7 as a limited-distribution model for cybersecurity work under Project Glasswing, with access initially extended to launch partners and more than 40 additional organizations that build or maintain critical software infrastructure. (anthropic.com 1) (anthropic.com 2) Anthropic said the model is unusually strong at finding and fixing software flaws, which is why it kept Mythos on a tighter leash than a normal product launch. Its risk report says the model is Anthropic’s “most capable frontier model to date,” and the company has been testing it internally for research, security, and deployment safeguards. (anthropic.com 1) (anthropic.com 2) That made access control part of the product itself. Anthropic said on April 17 that it would keep Mythos Preview’s release limited while it tested cyber-safety safeguards on a less capable model, Claude Opus 4.7, before any broader rollout of Mythos-class systems. (anthropic.com) The leak lands after weeks of warnings from Anthropic and outside officials about what Mythos could do in the wrong hands. Bloomberg reported on April 10 that Anthropic had told officials the model was so effective at finding vulnerabilities that it could become a tool for stealing data or disrupting critical infrastructure if broadly released. (bloomberg.com) The debate was already spilling into Washington and regulated industries. Bloomberg reported that the U.S. Treasury Department was seeking access to Mythos for defensive testing, and the American Securities Association warned that the model could pose risks to the Securities and Exchange Commission’s market-tracking systems. (bloomberg.com 1) (bloomberg.com 2) Anthropic has not publicly posted a detailed incident report on its main site as of April 22. The company’s public materials still frame Mythos as a defensive security project aimed at helping secure critical codebases while the industry develops stronger safeguards for advanced cyber-capable models. (anthropic.com) (anthropic.com) The immediate question is no longer only how powerful Mythos is, but whether any company can keep a model like it inside a narrow circle once vendors, partners, and outside infrastructure are involved. Anthropic built Mythos around restricted access; this week’s report tested that premise. (bloomberg.com) (anthropic.com)