Anthropic Mythos access controversy: what happened

Unauthorized access to Anthropic’s Mythos model

Anthropic has been dealing with security concerns around Claude Mythos, a cybersecurity-focused model it rolled out as part of Project Glasswing. Multiple reports indicate that unauthorized users gained access to the restricted Mythos model, including scenarios involving third-party access paths.

What the reports say occurred

Across the coverage, the common thread is that Mythos was accessed without authorization:

• A small group of users reportedly accessed Mythos through a private Discord channel and by guessing the model URL after Mythos was announced.
• Another account describes access via a third-party contractor’s environment.
• Anthropic has said it is investigating the incident(s).

Why it matters

Mythos is positioned as a tool for identifying and exploiting vulnerabilities, which makes control of access especially sensitive. In that context, unauthorized access raises two practical stakes:

• Safety and misuse: if the model’s outputs can help find security flaws or enable exploitation, access pathways need tight guardrails.
• Trust with defenders and government users: some government agencies are involved in evaluating the model, and restricted access is part of how high-impact security tools are managed.

The incident also highlights the fragility of real-world security around AI systems—model endpoints, integrations, and contractor environments can create unexpected routes for exposure.

Finally, the episode has triggered additional attention from regulators and security stakeholders, reinforcing that advanced AI security tooling requires not just strong model capabilities, but rigorous access governance and monitoring once deployed.