A group of unauthorized users has gained access to Anthropic’s latest enterprise security tool Mythos, according to reports.
If Claude Mythos Preview is as powerful as some say it is, and malevolent actors get their hands on it, this could be disastrous for Salesforce customers, who have faced data theft campaigns in recent months.
Mythos Access: What We Know So Far
Anthropic recently announced Project Glasswing, consisting of a group of major tech companies and cybersecurity vendors who are privately evaluating Mythos to prepare accordingly for whatever consequences releasing it to the public might have.
A person familiar with the matter said that a small group of unauthorized users gained access to the AI model, according to Bloomberg. The outlet has reportedly seen documentation supporting this claim.
It is claimed by the person, who asked not to be named, that a handful of users in a ‘private online forum’ got access to Mythos on the same day Anthropic announced its plan to release it to a limited number of companies to be tested.
They added that the group has been regularly using Mythos, but not for cybersecurity purposes. The person reportedly provided screenshots and a live demonstration of the model to corroborate their story.
Anthropic said in a statement: “We’re investigating a report claiming unauthorized access to Claude Mythos Preview through one of our third-party vendor environments.”
The company added that it currently has no evidence that the access reported by Bloomberg went beyond a third-party vendor’s environment, or that any of Anthropic’s systems were impacted.
The group of users is understood to have made an educated guess about Mythos’s online location using knowledge about the format Anthropic has used for other models.
But Bloomberg’s source claims that the group is not interested in causing havoc with the new models, and simply wants to play with it. They have not run any cybersecurity-related prompts, instead opting to build simple websites, so Anthropic does not detect them, the person claimed.
Chief executive of cyber-security company SmartTech, Raluca Saceanu, wrote on LinkedIn that the unauthorized access to Anthropic’s Mythos model appears not to have been malicious, but “accidental insider threat”.
But, she added: “That’s not really the point here. This was always a matter of time. Limiting access to a small number of organisations may have created a sense of control, but in reality it also created a false sense of security.
“Once a capability like this exists outside the lab, even in a restricted preview, the risk profile changes immediately. The reality is that these systems are moving quickly into operational environments and organisations need to ensure their controls and governance evolve at the same pace.”
Security Implications for Salesforce?
Whether the group does or does not intend to cause harm with the model, the incident still raises questions about what the emergence of Mythos means for the world.
The model, which was announced on April 7, has sparked controversy in recent weeks due to its apparently unprecedented ability to find cybersecurity vulnerabilities. This could theoretically be used by businesses to shore up their defences against hackers, or be used by hackers to find and exploit such vulnerabilities.
Government officials from several nations, including the United States, have met with banking officials to pinpoint what threats Claude Mythos Preview poses to the industry.
In a status site post titled ‘How Salesforce is preparing for the frontier AI threat landscape’, Salesforce recently wrote: “Anthropic’s announcement of Claude Mythos underscores a reality Salesforce has been preparing for: increasingly capable frontier AI models will continue to accelerate the evolution of the cybersecurity landscape.”
Salesforce added that its security teams are continuously evaluating how frontier models may change attacker and defender capabilities.
Security-focused developer-turned-architect Beech Horn told SF Ben that the Mythos access story is a supply chain story. He said: “A Discord forum got into the most restricted model Anthropic has ever shipped, not by breaking Anthropic, but through a third-party vendor environment.
“For Salesforce architects, that is the lesson. Your agentic attack surface now extends through every connected app/external client app, every OAuth grant, every AI tool your employees authorize. ForcedLeak proved the pattern inside Agentforce. Vercel’s breach proved it for React hosting. This is the same category of exposure reaching frontier AI itself.”
Salesforce teams should not read this as someone else’s problem, Beech said. If a Mythos-class capability reaches anyone outside Glasswing, and the Bloomberg report suggests it already has, the first thing it will find in many Salesforce+MuleSoft estates is the key sitting next to the ciphertext it unlocks.
“The ecosystem has spent years normalizing patterns that assumed attackers moved at human speed,” Beech said. “They do not anymore.”
SF Ben has contacted Salesforce and Anthropic for comment.
Final Thoughts
Like Beech says, the agentic attack surface for Salesforce professionals has spread. While it appears for the moment that the unauthorized group is not intending to use the model for ill, it’s still concerning that it has taken this little time for people to get their hands on Mythos.
Salesforce customers have endured a number of data theft incidents in recent months, and should (still) be keeping security at the very forefront of their minds
