I have been saying for a while now that the AI gold rush is moving faster than the guardrails can keep up. Recently, that point made itself.
Anthropic, the company behind Claude and one of the AI providers I have generally considered more thoughtful than the rest of the pack, built something called Mythos. It is a model so capable at finding and exploiting security vulnerabilities that Anthropic decided not to release it to the general public. Instead, they rolled it out under a program called Project Glasswing, a carefully controlled initiative limited to a small circle of major companies, including Amazon, Apple, Cisco, and JPMorgan Chase. The whole idea was to use Mythos to find vulnerabilities before the bad guys did, while keeping it out of the hands that would use it for the opposite purpose.
That plan hit a wall almost immediately.
A small group of unauthorized users gained access to Mythos through a third-party vendor environment. One member of the group was apparently a contractor for Anthropic, which gave them enough access to piece together where the model was hosted. They have been using it ever since. Anthropic confirmed they are investigating and said there is no evidence the breach extended beyond the vendor environment. If you have been around technology long enough, you know that “we are investigating and have no evidence of further impact” is, at a minimum, a very early statement.
What Mythos Actually Does
To understand why this matters, you need to understand what this tool is capable of. Mythos was used to find 271 vulnerabilities in Mozilla Firefox. A human security team found nothing. Claude also independently identified a 27-year-old security flaw in OpenBSD, an operating system specifically known for being difficult to compromise.
When I told a client about this recently, the reaction was something along the lines of “well, at least they found the bugs.” And yes, that is the optimistic read. The sobering read is that the same capability that finds vulnerabilities can be turned around and used to exploit them. The first step in attacking a system and the first step in defending a system are identical: find the weakness. The difference is what you do next.
The Third-Party Problem Nobody Talks About Enough
The part of this story I keep coming back to isn’t really about Anthropic specifically. It is about how organizations secure access when they rely on outside vendors and contractors.
Anthropic built a system with serious restrictions around who could access Mythos. However, the security of that system was only as strong as the security of every vendor and contractor who touched it. One person with legitimate access found a way in for people who should not have had any. That is not a unique failure. It is a pattern I see constantly in the organizations I work with, and it is one of the reasons third-party risk management has become such a critical part of any serious security posture.
Your business may not be managing a dangerous AI model. It’s likely, though, that you do have vendors, contractors, and service providers who have some level of access to your systems. Do you know exactly what that access looks like? Do you review it? Do you revoke it when the relationship ends?
If the answer to any of those is “I think so” or “probably,” that is worth a closer look.
What This Means for Your Business Right Now
The short version: Mythos itself is not your problem today. However, the story behind it illustrates why AI security is no longer a theoretical concern.
A tool this powerful in the hands of people who want to use it offensively is a genuine acceleration of the threat environment. My industry colleagues and I have already seen a significant spike in phishing attacks in recent weeks. Whether Mythos is directly connected or not, something has turned the volume up out there. What took a skilled attacker hours or days can now take an AI model minutes.
I am not telling you this to scare you. I am telling you this because the practical response is the same as it has always been: make sure your basics are locked down, make sure your people know what to watch for, and make sure whoever is managing your technology is paying attention to what is happening in the broader threat environment, not just keeping the lights on.
Quick and Easy
Anthropic’s Mythos model, built specifically to find and patch security vulnerabilities before attackers could exploit them, was accessed by unauthorized users through a third-party vendor almost immediately after its limited release. The incident is a clear example of why third-party access controls matter as much as the security measures you put on your own systems. The AI threat environment is accelerating, and basic security hygiene is what keeps professional services firms protected.
