In a significant security incident, a private online forum has gained unauthorised access to a preview version of Anthropic's Mythos artificial intelligence model. The AI company has previously stated that this technology is too powerful and poses unprecedented cybersecurity risks to be released publicly.
According to a report by Bloomberg, the breach did not directly target Anthropic's own systems. Instead, the unauthorised group accessed the Claude Mythos Preview through a third-party vendor environment. An Anthropic spokesperson confirmed the company is investigating the report, noting there is currently no evidence that its core systems were compromised or that the activity extended beyond the vendor's environment.
Access Through a Discord Channel
The individuals involved are reportedly part of a Discord channel dedicated to seeking information about unreleased AI models. Citing a person employed by a third-party contractor working for Anthropic, Bloomberg reported that the group employed several strategies to gain access to the model and had been using it regularly once inside.
Mythos is designed for enterprise security applications and is being tested under Anthropic's Project Glasswing initiative. This program limits early access to a select group of major technology and cybersecurity firms. Confirmed participants include Amazon, Apple, and JP Morgan Chase.
The model has also attracted significant interest from the financial sector. Reports indicate that Goldman Sachs, Citigroup, Bank of America, and Morgan Stanley are testing the Anthropic model. The interest from Wall Street was underscored in April when US Treasury Secretary Scott Bessent convened a meeting of senior bankers in Washington to discuss Mythos, encouraging executives to use it for detecting vulnerabilities in their systems.
European Implications and the AI Security Race
While Anthropic is a US-based firm, the breach of a supposedly high-security AI model has immediate relevance for Europe. The continent's own institutions, from the European Central Bank in Frankfurt to major commercial banks in London, Zurich, and Paris, are deeply invested in cybersecurity and the ethical deployment of AI. A breach of this nature highlights the complex supply-chain risks inherent in new technologies, even when developed by leading firms.
This incident will likely fuel ongoing debates in Brussels and Strasbourg about the broader security implications of technological dependencies and the enforcement mechanisms of the EU's landmark AI Act. The fact that access was gained via a third-party vendor underscores a critical vulnerability that European regulators are keen to address.
The episode also raises questions about the transparency and control surrounding advanced AI systems deemed too dangerous for general use. As European companies and governments increasingly partner with US tech giants for critical infrastructure, the security protocols of these partnerships come under sharper scrutiny.
Anthropic's statement emphasises the contained nature of the breach, but the event serves as a stark reminder of the challenges in safeguarding frontier technologies. It echoes concerns frequently voiced by cybersecurity agencies from Tallinn to The Hague about the weaponisation of AI and the security of digital ecosystems.
As the investigation continues, the focus will be on how the breach occurred through the vendor and what, if any, data or capabilities were exposed. The incident is a case study in the high-stakes security landscape defining the next generation of artificial intelligence, with clear ramifications for how European entities engage with and protect themselves from these powerful tools.
