{"id":67066,"date":"2026-04-22T01:51:39","date_gmt":"2026-04-21T23:51:39","guid":{"rendered":"https:\/\/www.apfelpatient.de\/?p=67066"},"modified":"2026-04-22T01:53:17","modified_gmt":"2026-04-21T23:53:17","slug":"anthropic-myth-unauthorized-access-has-been-gained","status":"publish","type":"post","link":"https:\/\/www.apfelpatient.de\/en\/news\/anthropic-mythos-unbefugte-haben-zugriff-erlangt","title":{"rendered":"Unauthorized access to Anthropic's myth \u2013 a security risk for Apple?"},"content":{"rendered":"

According to a report, an unauthorized group has gained access to Anthropic's exclusive Mythos cybersecurity model \u2013 via a third-party provider working for Anthropic. This is significant because the model was deliberately distributed only to select partners like Apple to prevent misuse.<\/strong><\/p>\n\n\n\n

Mythos is Anthropic's most powerful cybersecurity model and was released in April 2026<\/a> to a select group of partners as part of Project Glasswing \u2013 including major players like Apple, Google, Microsoft, and the US National Security Agency (NSA)<\/a>. The idea behind this restriction: The model is so powerful that it could become a dangerous attack tool in the wrong hands. Now, Bloomberg<\/a> reports that this very safeguard may have failed.<\/p>\n\n\n\n

According to reports, an unknown online group gained access to Mythos on the day of its public announcement and has been using it regularly ever since. Access was gained through a third-party provider working on behalf of Anthropic. Anthropic has confirmed the incident but is still investigating, clarifying that its own systems appear not to be directly affected.<\/p>\n\n\n\n

That's how the group came to Mythos<\/h2>\n\n\n\n

According to Bloomberg, the unauthorized group consists of members of a private Discord channel who are specifically working with unpublished AI models. The group describes itself as curious \u2013 their interest lies in experimenting with new models, not causing harm.<\/p>\n\n\n\n

Access was gained via the user credentials of an individual currently employed by one of Anthropic's third-party providers. The group used these credentials to log in to Mythos. Additionally, they apparently determined the model's location within the Anthropic infrastructure through "informed guesswork"\u2014based on the format Anthropic had used for previous models.<\/p>\n\n\n\n

As proof, the group provided Bloomberg with screenshots and a live demonstration of the tool. This suggests that the access actually exists \u2013 not a mere bluff or hoax.<\/p>\n\n\n\n

Anthropic's reaction<\/h2>\n\n\n\n

An Anthropic spokesperson told TechCrunch<\/a>: The company is investigating the report of unauthorized access to Mythos Preview via a third-party environment. So far, they have found no evidence that the allegedly unauthorized activity affected Anthropic's own systems.<\/p>\n\n\n\n

The wording is cautious. This suggests two things: First, Anthropic is taking the incident seriously enough to respond publicly. Second, the company is trying to limit the damage \u2013 the message is: Our systems are secure, it's a third-party issue.<\/p>\n\n\n\n

Why this is relevant for Apple<\/h2>\n\n\n\n

For Apple, the incident is not directly damaging \u2013 the company is an authorized partner and legitimately uses Mythos. Apple's role in Project Glasswing<\/a> is to use the model to improve its own cybersecurity \u2013 for example, to analyze iOS and macOS vulnerabilities before they are discovered by attackers.<\/p>\n\n\n\n

However, problems arise when unauthorized individuals use the model against Apple products. Mythos was specifically designed to efficiently find security vulnerabilities. If these same capabilities fall into the hands of people who are not legitimate security researchers, iOS, macOS, and other systems could be attacked faster than Apple can react.<\/p>\n\n\n\n

However, the group describes itself as curious testers, not attackers. That sounds reassuring, but it's no guarantee. Those who use Mythos today only for experimentation could resell it to criminals tomorrow \u2013 and this very risk of escalation is why Anthropic wanted to control access so strictly.<\/p>\n\n\n\n

The core problem: Third-party providers are always the weakest link<\/h2>\n\n\n\n

This incident highlights a long-standing IT security problem: sharing sensitive systems with numerous external partners inevitably creates additional attack vectors. Even if Apple, Google, and Microsoft perfectly secure their own Mythos access points, the risk remains with each individual third-party provider.<\/p>\n\n\n\n

Anthropic thus faces the typical challenge of AI companies with enterprise-oriented products: How to balance access (so that customers can use the tool) and security (so that it is not misused)? The answer so far has been a limited circle of authorized partners \u2013 which, as expected, does not work perfectly as soon as these partners share their access or fail to adequately protect it.<\/p>\n\n\n\n

What comes next?<\/h2>\n\n\n\n

Anthropic will likely respond to the incident with enhanced security measures \u2013 such as stricter authentication, IP whitelisting, or even tighter access logging. For Apple, this means that access to Mythos could become more cumbersome in the future, but also more secure.<\/p>\n\n\n\n

At the same time, this case is likely to spark a broader discussion about the security of AI models. If even Anthropic, with its strict partner program, cannot prevent unauthorized access, the question arises as to how access to powerful AI tools can be controlled in the future. This is a debate that affects not only Anthropic, but the entire industry \u2013 from OpenAI to Google to Apple itself. (Image: Shutterstock \/ gguy)<\/p>\n\n\n\n