Editorial illustration for Anthropic restricts access to Mythos AI after data leak of model details
Anthropic Mythos AI Leak Triggers Access Restrictions
Anthropic restricts access to Mythos AI after data leak of model details
Anthropic’s newest offering, Mythos, was billed as a specialized AI for cybersecurity tasks, promising firms a way to automate threat detection and response. Early adopters were given limited trial access, but the rollout hit a snag when sensitive information about the model surfaced online. A cache of internal documents—detailing architecture, training data, and performance metrics—appeared in a public repository, exposing more than the company intended.
The breach raised immediate concerns among enterprise customers who rely on confidentiality to protect their own security postures. In response, Anthropic tightened the gate, curbing external usage and revoking some developer keys. Yet the issue didn’t stop there.
A second exposure surfaced days later, this time involving code that powers Anthropic’s personal assistant product. The twin incidents have put the startup’s data‑handling practices under scrutiny and forced a reassessment of how openly its AI tools can be shared.
The announcement follows a data leak by the San Francisco start‑up last month, when descriptions of the Mythos model and other documents were discovered in a publicly accessible data cache. Last week, Anthropic suffered a second incident, leading to the internal source code for its personal assistan.
The announcement follows a data leak by the San Francisco start-up last month, when descriptions of the Mythos model and other documents were discovered in a publicly accessible data cache. Last week, Anthropic suffered a second incident, leading to the internal source code for its personal assistant, Claude Code, being made public. The cases caused concerns over Anthropic's data vulnerabilities and security practices.
In both instances, the company said "human error" was responsible for the data being made public. Mythos has been in use with partners for several weeks. Although it is a "general purpose" model with wider capabilities, it is the first time the company has limited release of a model due to its capabilities in cyber security.
Anthropic said the software can identify cyber vulnerabilities at a scale beyond human capacity, but it could also develop ways to exploit these vulnerabilities, which bad actors could use. The company said the model could "reshape" cyber security practices and does not plan a broad release. "We believe technologies like this are powerful enough to do a lot of really beneficial good but also potentially bad if they land in the wrong hands," said Dianne Na Penn, head of product management, research at Anthropic, adding selected companies would "get a head start on being able to secure vulnerabilities and detect code at a scale they couldn't have done before."
Anthropic’s decision to tighten access to its Claude Mythos Preview follows two recent security incidents. After a leak last month exposed model descriptions in a public data cache, the company now limits the AI to a handful of vetted customers—Amazon, Apple, Microsoft, Broadcom, Cisco and CrowdStrike. It also says it is in talks with the U.S.
government about potential deployments. Yet the rationale behind the restriction remains unclear; the leaked documents already revealed substantial technical detail, and it is uncertain whether limiting new users will mitigate further exposure. A second breach last week released internal source code for Anthropic’s personal‑assistant product, raising questions about the firm’s broader security posture.
Critics may wonder if the selective rollout will protect the model’s proprietary elements or simply postpone additional leaks. The company has not disclosed how it will verify the vetting process or what safeguards will accompany the government discussions. As Anthropic navigates these challenges, the effectiveness of its response will likely be judged by future incident reports rather than promises made today.
Further Reading
- Anthropic Restricts Mythos AI Access Amid Cyberattack Fears - Lets Data Science
- Leak reveals Anthropic's 'Mythos,' a powerful AI model aimed at cybersecurity use cases - CSO Online
- Exclusive: Anthropic 'Mythos' AI model representing 'step change' in capabilities revealed in data leak - Fortune
- Anthropic's Mythos leak is a wake-up call: Phishing 3.0 is already here - Ironscales
Related Reading
Browse all Anthropic news →
Business & Startups OpenAI, a Series F San Francisco startup founded in 2015 by eight pioneers
Business & Startups Terminal-Bench 2.0 launches with Harbor, testing any container-installable agent
Business & Startups Zuckerberg Unveils Meta Compute to Build Global AI Infrastructure
Related Topic Anthropic's Claude also citing Elon Musk's Grokipedia, reports say
LLMs & Generative AI
Related Topic Claude Code Update Boosts Context Window for Complex Developer Workflows
LLMs & Generative AI
From Archives OpenAI CEO Altman says profit not expected until 2029, per 2024 reports
From Archives ProPublica union staff strike over AI use, layoffs and wage disputes
From Archives Anthropic researcher Nicholas Carlini reports surge of bugs in Project Glasswing
LLMs & Generative AI
From Archives Anthropic's new AI faces rate‑limit woes as compute boost looms, Mythos poised
LLMs & Generative AI
Common Questions Answered
What specific security concerns emerged from Anthropic's Mythos AI data leak?
The data leak exposed sensitive information about the Mythos model, including its architecture, training data, and performance metrics in a public repository. This breach raised immediate concerns about Anthropic's data security practices and potential vulnerabilities in their AI development process.
Which companies currently have access to Anthropic's Claude Mythos Preview?
Anthropic has limited access to Claude Mythos Preview to a select group of vetted customers, including Amazon, Apple, Microsoft, Broadcom, Cisco, and CrowdStrike. The company is also in discussions with the U.S. government about potential deployments of the AI technology.
How did Anthropic explain the recent security incidents involving their AI models?
Anthropic attributed both security incidents to 'human error', which included a data leak last month exposing model descriptions and a subsequent leak of Claude Code's internal source code. These incidents have prompted the company to significantly restrict access to their Mythos AI and review their security protocols.