Anthropic Probes Alleged Unauthorized Access to AI Security Tool Mythos | eSecurity Planet
Threats
SHARE
Facebook X Pinterest WhatsApp

Anthropic Probes Alleged Unauthorized Access to AI Security Tool Mythos

Unauthorized users reportedly accessed Anthropic’s Mythos AI tool via a third-party environment.

Written By
Ken Underhill
Ken Underhill
Apr 22, 2026
3 minute read
eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Anthropic is investigating reports that an unauthorized group gained access to its newly launched tool, Mythos, highlighting potential gaps in how early-access AI systems are distributed and secured.

“Unauthorized users were able to access Anthropic’s Mythos model, reportedly by just changing a model name,” said Shane Fry, CTO at RunSafe Security in an email to eSecurityPlanet.

He added, “Even if their intent is just to explore, it shows how easily these systems can be exposed.”  

Inside the Mythos Access Incident 

Mythos is part of Anthropic’s Project Glasswing initiative, which provides limited, controlled access to advanced AI security tools for a small group of partners, including major technology vendors. 

These tools are designed to help organizations detect and respond to threats, but Anthropic noted they could be adapted for offensive use if misused. 

According to Bloomberg, the reported unauthorized access occurred through a third-party vendor environment rather than a direct compromise of Anthropic’s infrastructure.

Third-Party Risk and Access Control Gaps 

For enterprises adopting AI security tools, the incident highlights the need to tightly manage third-party access and maintain visibility. 

Early-access programs can introduce additional exposure if controls, monitoring, and isolation are not consistently enforced. 

How Unauthorized Access Was Gained 

The group involved is described as a private online community focused on identifying and testing unreleased AI models. 

Instead of exploiting a traditional software vulnerability, members reportedly leveraged access associated with an individual working for a third-party contractor and combined it with educated assumptions about where the model was hosted. 

By analyzing patterns from previous Anthropic deployments, the group was able to locate and interact with the Mythos system.

Bloomberg reported that the group provided screenshots and live demonstrations as evidence and began using the tool on the same day it was publicly announced. 

While members said their intent was exploratory, the incident shows how quickly access controls can be bypassed when deployment patterns are predictable or vendor environments lack strong security.  

Advertisement

Reducing AI Exposure Risks 

Organizations using AI tools — especially in preview or limited-release programs — should take a proactive approach to reducing exposure and strengthening access controls. 

  • Restrict third-party access using least privilege principles, enforce phishing-resistant MFA, and implement just-in-time access to limit persistent permissions.
  • Isolate AI tools and preview environments from production systems using dedicated infrastructure and controlled network access.
  • Monitor access and usage with detailed logging, SIEM integration, and behavioral analytics to detect unusual activity across users and vendors.
  • Regularly audit and validate permissions for employees, contractors, and partners, and continuously assess third-party risk.
  • Secure APIs and access points with strong authentication, rate limiting, and non-predictable endpoints to reduce unauthorized discovery and abuse.
  • Implement data protection controls such as DLP, output tracking, and safeguards against unauthorized data sharing or exfiltration.
  • Integrate these practices into incident response planning and regularly test scenarios involving unauthorized access to improve readiness.

Together, these measures help organizations limit blast radius and build resilience against unauthorized access and misuse of AI systems. 

Securing the AI Ecosystem 

This incident highlights an ongoing challenge in AI security: safeguarding not only the models themselves, but also the environments in which they are deployed. 

As advanced AI tools are shared through partnerships and early-access programs, third-party systems become an important part of the overall risk profile. 

These environments require the same level of access control, monitoring, and security oversight as core infrastructure. 

This type of risk reinforces the value of zero trust solutions that restrict and continuously verify access across environments.  
Ken Underhill

Ken Underhill is an award-winning cybersecurity professional, bestselling author, and seasoned IT professional. He holds a graduate degree in cybersecurity and information assurance from Western Governors University and brings years of hands-on experience to the field.

eSecurity Planet Logo

eSecurity Planet is a leading resource for IT professionals at large enterprises who are actively researching cybersecurity vendors and latest trends. eSecurity Planet focuses on providing instruction for how to approach common security challenges, as well as informational deep-dives about advanced cybersecurity topics.

facebook
linkedin
x

Company

About us Contact us Advertise with us

Categories

Best Products Resources Networks Cloud Threats Trends Endpoint Applications Compliance

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information