Editorial illustration for Anthropic restricts access to Mythos AI after data leak of model details
Anthropic Mythos AI Leak Triggers Access Restrictions
Anthropic restricts access to Mythos AI after data leak of model details
The same company building an AI to hunt down cyber vulnerabilities just got hacked, twice. Anthropic’s Mythos model can identify security flaws at a scale no human can match, but also knows how to weaponize them. That dual-use capability is precisely why the firm is locking down access after a pair of embarrassing data leaks exposed its own internal workings.
Last month, descriptions of Mythos and other documents sat in a publicly accessible cache; a week later, source code for its Claude Code assistant went viral. In both cases, Anthropic blamed “human error.” The timing couldn’t be more awkward. Mythos, already in use with partners, is the first model the company has restricted specifically for its cybersecurity prowess.
The reasoning is clear: it can reshape the field, but only if it doesn’t end up in the wrong hands first.
The announcement follows a data leak by the San Francisco start-up last month, when descriptions of the Mythos model and other documents were discovered in a publicly accessible data cache. Last week, Anthropic suffered a second incident, leading to the internal source code for its personal assistant, Claude Code, being made public. The cases caused concerns over Anthropic's data vulnerabilities and security practices.
In both instances, the company said "human error" was responsible for the data being made public. Mythos has been in use with partners for several weeks. Although it is a "general purpose" model with wider capabilities, it is the first time the company has limited release of a model due to its capabilities in cyber security.
Anthropic said the software can identify cyber vulnerabilities at a scale beyond human capacity, but it could also develop ways to exploit these vulnerabilities, which bad actors could use. The company said the model could "reshape" cyber security practices and does not plan a broad release. "We believe technologies like this are powerful enough to do a lot of really beneficial good but also potentially bad if they land in the wrong hands," said Dianne Na Penn, head of product management, research at Anthropic, adding selected companies would "get a head start on being able to secure vulnerabilities and detect code at a scale they couldn't have done before."
Anthropic’s move to cage Mythos is both prudent and ironic. The very model designed to detect cyber vulnerabilities at inhuman scale was itself exposed by something far too human: carelessness. Two leaks in a month do not inspire confidence in a company promising to reshape security.
Yet the decision to limit access, to let a few trusted partners run ahead while the rest wait, suggests Anthropic understands the gravity of what it has built. Mythos can find flaws faster than any human team. It can also weaponize them.
That is the double-edged truth Dianne Na Penn alluded to: a tool powerful enough to rewrite the rules of cyber defense, but dangerous enough to break them if mishandled. The company now faces a test of its own. Can it secure the very technology it claims will secure others?
Or will the next “human error” open the door wider than the last? The answer will determine whether Mythos becomes a shield or a blueprint for those who would exploit its power.
Common Questions Answered
What specific security concerns emerged from Anthropic's Mythos AI data leak?
The data leak exposed sensitive information about the Mythos model, including its architecture, training data, and performance metrics in a public repository. This breach raised immediate concerns about Anthropic's data security practices and potential vulnerabilities in their AI development process.
Which companies currently have access to Anthropic's Claude Mythos Preview?
Anthropic has limited access to Claude Mythos Preview to a select group of vetted customers, including Amazon, Apple, Microsoft, Broadcom, Cisco, and CrowdStrike. The company is also in discussions with the U.S. government about potential deployments of the AI technology.
How did Anthropic explain the recent security incidents involving their AI models?
Anthropic attributed both security incidents to 'human error', which included a data leak last month exposing model descriptions and a subsequent leak of Claude Code's internal source code. These incidents have prompted the company to significantly restrict access to their Mythos AI and review their security protocols.
Further Reading
- Exclusive: Anthropic 'Mythos' AI model representing 'step change' in capabilities revealed in data leak — Fortune
- Anthropic Restricts Mythos AI Access Amid Cyberattack Fears — Lets Data Science
- Leak reveals Anthropic's 'Mythos,' a powerful AI model aimed at cybersecurity use cases — CSO Online
- Anthropic's Mythos leak is a wake-up call: Phishing 3.0 is already here — Ironscales