TL;DR:
- A small group of unauthorized users has been accessing Anthropic’s restricted Claude Mythos model since the day the company first announced its limited-release plan, according to Bloomberg sources with screenshots and a live demonstration.
- The group obtained access via credentials held by one member who works at a third-party contractor for Anthropic, combined with internet-sleuthing techniques — not by breaking the model’s safety layers.
- Anthropic says it has no evidence the access is impacting production systems and is investigating; the unauthorised users are reportedly not using Mythos for cyberattacks.
This is a supply-chain breach of a frontier-AI access programme rather than a model-safety failure, and the distinction matters. Mythos has been marketed as dangerous enough to require Project Glasswing — a locked-down rollout to selected software vendors for defensive testing — yet the first documented unauthorized use bypassed those controls entirely by going through a third-party contractor’s perimeter rather than Anthropic’s own.
The contractor surface is now the frontier-AI threat model
Anthropic’s Glasswing programme was designed to allow major software providers — reportedly including Apple and Amazon — to test Mythos against their own systems ahead of general availability. The access path documented by Bloomberg shows that the real attack surface is not the platform but its supporting ecosystem: consultancies, contractors, partners with credentials that are administratively plausible but not tightly monitored. That matches the pattern seen in other high-value software incidents in recent years — the SolarWinds, 3CX and more recent MOVEit compromises all exploited privileged-access sprawl in supplier relationships rather than direct attacks on the ultimate target.
UK implications for enterprise AI procurement
For UK organisations that will eventually deploy Mythos-generation models through their own vendors, the Bloomberg story reframes what due diligence should look like. Reviewing a model provider’s safety case is necessary but not sufficient; procurement teams should also assess the provider’s contractor and partner ecosystem, specifically how privileged access is provisioned and audited. The FCA’s Live Testing cohort announced this week is notably structured to observe these operational realities, not just model outputs — the regulator’s forthcoming Good and Poor Practice report is expected to address third-party access controls explicitly.
Looking forward
Anthropic’s investigation will likely result in Glasswing access revocations and a tightened contractor onboarding process, but the broader pattern is harder to fix. Frontier AI capability is increasingly concentrated in a small number of labs, each of which relies on a growing ecosystem of contractors for everything from data labelling to security auditing. Expect coordinated NCSC and European regulator attention on that ecosystem through 2026 — CyberUK speeches earlier today already referenced the need for sector-wide supply-chain standards. UK CISOs with AI vendor roadmaps should build contractor-access audit requirements into procurement contracts now rather than in response.