TL;DR:
- Anthropic has confirmed it is investigating a Bloomberg report that a small group of users accessed Claude Mythos through a third-party vendor environment — the first containment incident for the non-public model.
- The breach lands after the UK AI minister Kanishka Narayan publicly told UK businesses they “should be worried” about Mythos and after the AISI reported the model as a “step up” in autonomous cyber capability.
- Even if the reported access was used only for “playing around”, the incident undermines the core premise on which UK banks, utilities and the NCSC agreed restricted-access terms — expect procurement audits to tighten fast.
Anthropic has confirmed it is investigating a report that unauthorised users gained access to Claude Mythos, its most capable cyber-offence model, through a third-party vendor environment. The acknowledgement followed a Bloomberg report on Wednesday that a handful of users in a private online forum accessed Mythos the same day Anthropic had begun releasing it to a narrow set of companies — including Apple and Goldman Sachs — for testing.
What appears to have happened
Per Bloomberg’s account, one user worked at a third-party Anthropic contractor and leveraged methods commonly used in cybersecurity research to reach the Mythos preview. The group has reportedly not run cyber-offence prompts on the model and is described as more interested in “playing around” than causing harm. Bloomberg corroborated the claims with screenshots and a live demonstration. In a statement, Anthropic said it was investigating claims of unauthorised access to Claude Mythos Preview “through one of our third-party vendor environments”.
Why the UK cares
The UK has a specific stake in Mythos containment. AI minister Kanishka Narayan has publicly warned that UK businesses “should be worried” about the model’s ability to find IT-system flaws. The UK’s AI Security Institute vetted Mythos last week and reported it as a “step up” from previous frontier models on cyber capability — noting that Mythos became the first model to complete a 32-step simulated cyber-attack scenario created by AISI, solving it in three of ten attempts. Under those parameters, the entire defensive posture being built around Mythos — AISI evaluation, NCSC Project Glasswing access for UK banks, Bank of England CMORG meetings urging the financial sector to strengthen defences — depends on Anthropic’s ability to keep unvetted parties out.
The structural problem
Third-party vendors and contractors are the hardest attack surface in any enterprise-model release. The industry pattern — including similar-scale incidents at other frontier labs during the last 18 months — suggests vendor-environment access controls are significantly weaker than direct-cloud controls. For UK critical-national-infrastructure operators and regulated firms that have been discussing restricted access to frontier cyber models, the incident reframes the procurement conversation: controls need to extend to the full vendor chain, not just the lab’s own environment.
Looking forward
The immediate test is whether Anthropic’s investigation produces a credible timeline, affected-vendor disclosure and remediation commitment. Expect the NCSC and AISI to coordinate a quiet review of Project Glasswing access controls; expect insurers now writing AI-specific exposure clauses to tighten them within days. A second, unrelated incident — even a small one — would push restricted-access schemes toward a pause rather than an iteration.