A powerful artificial intelligence tool designed to strengthen cybersecurity is now at the centre of an unsettling twist. Anthropic's recently unveiled Claude Mythos model, built to detect and even simulate cyber vulnerabilities, has reportedly been accessed by an unauthorised group, raising fresh questions about how securely such high-stakes systems are being handled.

The irony is hard to miss. Claude Mythos was created with the explicit goal of helping organisations anticipate and defend against cyberattacks. Yet, within days of its limited release, individuals outside its intended circle appear to have found a way in, highlighting the very risks the tool is meant to address.

What happened

According to Bloomberg report, the group gained entry to Mythos through a third-party vendor environment rather than directly breaching Anthropic's internal systems.

The company has acknowledged the situation, stating it is investigating claims of unauthorised access but has, so far, found no evidence that its own infrastructure has been compromised, reports TechCrunch.

The individuals involved are said to be part of a private online community that tracks and experiments with unreleased AI models. Members reportedly used a combination of technical guesswork and insider-level access linked to a contractor associated with Anthropic to locate and interact with the system.

One striking detail is the speed. The group is believed to have accessed Mythos on the very day it was publicly announced. Their approach reportedly involved predicting where the model might be hosted, based on patterns from previous Anthropic releases.

Evidence shared, as described by the TechCrunch, included screenshots and even a live demonstration of the tool in use, suggesting that access was not only possible but sustained over a period of time. Despite this, sources linked to the group have claimed their intentions were exploratory rather than malicious, describing their activities as "playing around" with new technology rather than attempting to exploit it.

Why this matters for AI security

The episode underscores a deeper challenge facing the AI industry: controlling access to increasingly powerful systems. Mythos was never meant for broad public use. Instead, it was rolled out selectively through an initiative called Project Glasswing, which involves trusted partners such as Apple, Google and other major organisations.

This restricted approach was designed precisely to avoid scenarios like this. Anthropic has previously warned that tools like Mythos, while useful for identifying vulnerabilities, could be repurposed as offensive instruments in the wrong hands.

That risk now feels less theoretical. Even if the current group has not acted maliciously, the incident demonstrates how quickly safeguards can be tested once a system exists outside tightly controlled environments.

It also highlights a broader tension in AI development. Companies are under pressure to innovate rapidly and showcase cutting-edge capabilities, particularly in competitive areas like cybersecurity. At the same time, each new release expands the potential attack surface, especially when third-party vendors and external collaborators are involved.

Anthropic's response so far has been measured, focusing on investigation rather than alarm. But the situation serves as a reminder that in the race to build smarter, more capable AI, security is not just a feature, it is a constant, evolving challenge.

As AI tools grow more sophisticated, the question is no longer just what they can do, but who gets to use them, and how tightly that access can be controlled.

Anthropic's Mythos AI reportedly accessed by outsiders days after launch -- here's what happened