Anthropic is examining a report that a small group of users secretly accessed its powerful Claude Mythos cyber-security model through a third-party vendor environment, despite the tool being considered too dangerous for public release because of its advanced hacking capabilities. According to Bloomberg, these individuals allegedly used existing professional permissions linked to contract work to reach a Mythos preview without the usual safeguards. The group is said to have been experimenting with the model for some time, but reportedly avoids using it for direct hacking activity to reduce the chance of detection. Anthropic insists there is no evidence that its core systems have been compromised or that criminal actors now control the model, yet the incident highlights how even legitimate access channels can be misused.
Experts argue this was “most likely through misuse of access rather than a classic hack”, underlining how corporate partners given early access to Mythos must enforce strict internal controls. Mythos has been selectively shared with technology and financial firms to test and defend against its ability to discover and exploit vulnerabilities, but any weakness in those companies’ security could expose highly sensitive AI capabilities. Cyber-security specialist Raluca Saceanu warns that once powerful AI tools operate outside their intended safeguards, their capabilities could spread and be repurposed for fraud, cyber abuse or other malicious activities.
At the same time, senior UK officials emphasize that such models can strengthen defence if properly governed. National Cyber Security Centre chief Richard Horne urges organisations not to fixate on novel AI attacks but to focus on basic cyber hygiene, noting that frontier AI can rapidly reveal long-standing security flaws at scale. Security Minister Dan Jarvis calls collaboration with AI firms a “generational endeavour” to protect critical infrastructure, especially since all leading frontier models, including Mythos and OpenAI’s GPT 5.4 Cyber, are developed outside the UK. Against a backdrop of rising nation-state and hacktivist threats from countries such as Russia, China and Iran, UK authorities now frame cyberspace as “the home front” of modern defence.
Reference
Tidy, J., & Rahman-Jones, I. (2026, April 22). Anthropic investigating claim of unauthorised access to Mythos AI tool. BBC News. https://www.bbc.com/news/articles/cy41zejp9pko