Anthropic investigating unauthorised access of powerful Mythos AI model

Anthropic is investigating whether a group of users gained unauthorised access to its Claude Mythos model, which was only released to a handful of trusted companies because of its advanced cyber security capabilities.

The AI lab on Tuesday said it was looking into reports that a group of people had accessed the model through a system set for third-party companies doing work for Anthropic.

The company said: "We're investigating a report claiming unauthorised access to Claude Mythos Preview through one of our third-party vendor environments."

The incident raises concerns about whether the $380bn AI lab can keep the technology it develops out of the hands of bad actors.

Anthropic limited the release of Claude Mythos Preview to a small group of trusted tech companies, citing the risk of people misusing the model to conduct cyber attacks at a scale and speed beyond human capabilities.

The risk of unauthorised access will add to anxiety about Mythos, which has sent shockwaves through the markets and prompted high-level discussions among financial institutions and global regulators.

One of the people who gained unauthorised access was able to use their permissions as a contractor for Anthropic to tap into Mythos, according to Bloomberg, which first reported the incident.

Anthropic said it had no evidence of activity extending beyond the "vendor environment", which third parties use to access systems for model development.

AI labs commonly use third-party contractors for tasks such as model testing, although it was not clear which vendor was involved in the incident.

Anthropic launched Mythos earlier this month to companies including Amazon, Microsoft, Apple, Cisco and CrowdStrike.

The San Francisco-based company said these partners would be able to detect and secure cyber vulnerabilities using Mythos's advanced capabilities before the model was released to the public.

Security experts have cautioned that, in the wrong hands, hackers could exploit bugs faster than organisations can fix them.

Anthropic's security processes have been under intense scrutiny after descriptions of the model, including its name, were discovered in a publicly accessible data cache in March. The AI lab blamed human error.

Earlier this month, internal source code for the company's coding assistant Claude Code was also made public in a second incident.