How a cavalcade of blunders gave unauthorized users access to Claude Mythos — restricted model accessed by third parties, thanks to knowledge from data breach

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works .

Claude AI developer Anthropic had unauthorized individuals gain access to its cybersecurity-focused AI model, Mythos, in a breach that may have exposed a number of Anthropic's proprietary AI models, as Bloomberg reports. For a company that markets itself as the responsible, safety and security -first AI developer, this lapse raises questions about how well it can protect the data of its customers, and just how good Mythos really is at preventing breaches.

Unfortunately, as capable as any AI model is at finding code bugs that raise security concerns, it can't do much to prevent bugs in third-party provider tools that haven't been vetted by Mythos, nor account for social engineering, which has arguably always been the weakest link in digital security.

Anthropic disrupted major institutions with the internal unveiling of Mythos, which it claimed had found thousands of critical exploits in every major browser and operating system. Although there was a lot of marketing hype buried within the 200+ page mission statement Anthropic released, venerating its own model, some have found success using it to sniff out new bugs. For instance, Mozilla announced that it had used Mythos to find and patch over 270 vulnerabilities in its Firefox browser.

You may like Anthropic's Claude Mythos might be the best overall AI model for cybersecurity but cheaper models can attain similar results, research shows Anthropic's latest AI model identifies 'thousands of zero-day vulnerabilities' in 'every major operating system and every major web browser' Anthropic's Claude Mythos isn't a sentient super-hacker, it's a sales pitch — claims of 'thousands' of severe zero-days rely on just 198 manual reviews Although it has been proven that some older models can find many of the same bugs, they can't do so as quickly, or possibly as well. This new model is genuinely faster at coding and finding vulnerabilities than Claude Opus 4.6, and possibly other models from other developers, too. But it's also good at exploiting those vulnerabilities, which is allegedly why Anthropic limited access to a select number of companies and non-profits.

Because of that, banks and software developers aren't the only parties keen to get an early look at Mythos. A worker at a third-party contractor for Anthropic used their unique access to the company's services to breach Mythos' protected environment and gain access to the model, allegedly using standard internet sleuthing tools used by cybersecurity researchers.

This worker was then able to open up the model to their colleagues, with a small group of unauthorized users now said to have accessed Mythos. Although the group has reportedly not run any cybersecurity-related prompts through Mythos just yet, and has instead only asked it to perform simple tasks like creating websites. This is designed to stop Anthropic catching on to who is using Mythos, thereby making it possible to shut down the group's access.

The group that now has access to Mythos was able to gain such privileged permissions by guessing the model's online location based on knowledge of Anthropic's file systems and the naming formats it used for previous models. They garnered this information from a recent hack of an AI feedback recruitment company, Mercor, which is now facing several class action lawsuits for revealing personal information about users. It's also losing major business since the breach, most notably, Meta has paused its contracts with the company.

The irony is that Mercor was hacked via a third-party open source tool called LiteLLM . Where that hack was perpetuated by a group known as TeamPCP, however, the group that targeted Mercor was known as Lapsus$. While it used the LiteLLM compromise to infiltrate Mercor, it had targeted the AI recruitment company deliberately.

Allegedly, around 4TB of data was stolen in the breach. That included sensitive information of its recruitment candidates, including their profiles and personal information. However, Mercor also handles data from model companies, which is why some are reconsidering their contracts with Mercor. Model data is some of the most sensitive information in the world, worth billions. Anthropic's Mythos? Perhaps even more so.

Anthropic nukes a company's access to Claude, stopping 60 employees dead in their tracks

Anthropic's Model Context Protocol includes a critical remote code execution vulnerability

AI tool OpenClaw wipes the inbox of Meta's AI Alignment director despite repeated commands to stop

Anthropic was breached because of a breach at Mercor. This was breached because of a breach at LiteLLM. The layers keep stacking, too, as LiteLLM was allegedly breached because of fake security credentials from a third-party provider of its own, Delve, as TechCrunch reports .

As much as Anthropic's marketing for Mythos might be heavy on the spin and deliberately fearmongering for attention, an AI model that can help make software more secure is a good thing. It's great that Mozilla has fixed hundreds of vulnerabilities, and even though it is possible this could have occurred with other models, if other organizations and developers use Mythos to do the same, that's great too.

But the unauthorized Mythos access and the chain of breaches of third-party tools that enabled it highlight one thing: You are only as secure as the weakest link in your chain. Often with cybersecurity, that's the human element. Social engineering is a crucial attack vector in 2026. Especially as tools like Mythos close more code-based vulnerabilities.

But as agentic AI grows in popularity and capability, more tools are integrated, and people hand over more personal data to AI assistants to automate workflows, the security issues are only compounding. Trusting third parties without oversight can be the downfall of companies worth billions.

Many of the latest AI endeavors are assuming trust throughout the stack of dependencies, anyway. As the Mythos breach shows, that could be a house of cards waiting to tumble.

Jon Martindale is a contributing writer for Tom's Hardware. For the past 20 years, he's been writing about PC components, emerging technologies, and the latest software advances. His deep and broad journalistic experience gives him unique insights into the most exciting technology trends of today and tomorrow. ","collapsible":{"enabled":true,"maxHeight":250,"readMoreText":"Read more","readLessText":"Read less"}}), "https://slice.vanilla.futurecdn.net/13-4-22/js/authorBio.js"); } else { console.error('%c FTE ','background: #9306F9; color: #ffffff','no lazy slice hydration function available'); } Jon Martindale Freelance Writer Jon Martindale is a contributing writer for Tom's Hardware. For the past 20 years, he's been writing about PC components, emerging technologies, and the latest software advances. His deep and broad journalistic experience gives him unique insights into the most exciting technology trends of today and tomorrow.

How a cavalcade of blunders gave unauthorized users access to Claude Mythos — restricted model accessed by third parties, thanks to knowledge from data breach

Key considerations

Reference reading

More on this site

Leave a Comment Cancel reply

Key considerations

Reference reading

More on this site

Related posts:

Leave a Comment Cancel reply