Mysterious AI model Mythos reportedly leaked! Illegal organizations have deployed copies, and Anthropic's security defenses have been breached?

A confidential security model Mythos from AI giant Anthropic reportedly leaked, with the model showing extreme capabilities in automatically detecting zero-day vulnerabilities and penetrating encrypted systems.

Has the core line of defense been breached? Anthropic’s mysterious model Mythos reportedly leaked

According to the latest in-depth investigation released yesterday (4/21) by TechCrunch and Bloomberg, the highly confidential cybersecurity model “Mythos” developed by AI giant Anthropic has been illegally obtained and used by an unauthorized organization. This tool, codenamed Mythos, is designed specifically for extremely complex cyber defense and attack simulation, and it has the ability to automatically identify zero-day vulnerabilities and penetrate highly encrypted infrastructure.

Anthropic has long maintained an extremely closed access policy for this model, limiting usage only to certain defense contractors and core government units; however, this leak event shows that there is a major flaw in its internal cloud security protocols. Intelligence indicates that the unauthorized organization has successfully deployed a copy of Mythos on third-party private cloud servers, meaning that the security perimeter Anthropic prides itself on has already fallen. The scale of this data leak is enormous: the technical documentation and original model weights involved are estimated to be worth more than 500 million, and its suspected exfiltration path appears to be related to an API vulnerability within the supply chain.

This technology is currently out of control. Any group with basic development capability may use the model to launch unprecedented automated attacks on global financial systems or blockchain protocols, a development that has made cybersecurity communities in Silicon Valley and Washington, D.C. extremely anxious.

National security agency pulled into controversy: using AI tools that are on the blacklist

In addition, after Mythos was added to an internal security blacklist, the U.S. National Security Agency (NSA) still kept authorization to use the tool. This action sparked fierce debate over government agency transparency and compliance. Although the White House has emphasized the purity of AI model supply chains in multiple executive orders and clearly banned the use of tools that raise security concerns or have unclear sources, the NSA appears to be relying on Mythos’s powerful decryption capabilities.

Insiders in the intelligence community report that, despite knowing the model may already have been penetrated by third parties, the NSA’s technology division still integrated it into multiple monitoring and cyber countermeasure operations involving highly sensitive information. This kind of “choosing technical advantage over compliance” puts the federal government in a self-contradictory position.

Market analysis currently believes that the NSA’s risky behavior increases the risk of reverse extraction of national-level classified information. Once Mythos has been implanted with a backdoor during operation, all intelligence handled by the tool could be immediately synchronized to external organizations. This potential data-leak risk is currently being reviewed by multiple oversight committees, but the NSA’s official stance so far remains refusal to comment publicly on the deployment status of this specific tool; it only reiterates that its operations fully comply with national security interests.

Supply-chain risk flashes red; the White House and the Pentagon launch full investigation into the technical exfiltration path

At present, the White House and the Pentagon have launched an emergency cross-agency investigation into the Mythos model leak event, focusing on the increasingly fragile AI software supply chain. This incident exposed a core vulnerability in modern AI development processes: even if the original developer—such as Anthropic—has a high level of security awareness, once the model is handed over to layers of subcontracted service providers, its ability to control and manage can drop significantly.

The Pentagon is currently conducting a comprehensive review of its more than 2,000 related technology contracts in an attempt to identify the specific nodes through which the Mythos model entered an unauthorized organization. Preliminary evidence suggests that the problem may lie in a test node located outside North America: during performance stress testing, the node failed to enable hardware-level access restrictions as required, resulting in the model weights being exported all at once.

In response to this situation, the White House national security adviser has issued warnings to all private enterprises with AI R&D capabilities, requiring them to strengthen physical isolation protections for large-scale language models (LLMs).

Pentagon officials bluntly stated that the diffusion risk of AI models is similarly threatening to nuclear proliferation—especially for tools like Mythos that have autonomous cyber-attack logic, whose entry into the gray market will trigger a global cybersecurity disaster.

The government is considering implementing stricter “model fingerprinting” requirements, mandating that all AI tools exceeding a certain computing power threshold embed non-removable tracking tags, so that the source can be quickly traced if a leak occurs.

A trust crisis under high-intensity control mechanisms and its impact on the industry

This Anthropic-focused technical leak storm is rapidly evolving into a trust crisis across the entire AI industry. As a leading company that has long touted “AI security” and “technology integration,” Anthropic was unable to protect its core cyber tool this time, leading to strong public doubts about the safety of closed models.

Professionals in the cryptocurrency industry point out that this incident provides a profound warning for the development of decentralized finance (DeFi). As more and more automated audit models are introduced into smart contract development, if even Mythos—equipped with top-tier security resources—can be illegally intercepted, then the existing code-auditing logic may have already lost transparency in front of hackers. The market has begun to call for decentralizing AI computing power and making models transparent to prevent a single entity’s negligence from causing a global technical disaster.

At present, after related news surfaced, Anthropic’s market value has seen sharp fluctuations, reflecting investors’ concerns about its management of high-risk technical capabilities. This incident has prompted international cybersecurity organizations to reassess the defense strategy for “sovereign AI,” and to think about how to find a new balance between high-intensity oversight and technological innovation. Over the coming period, access standards for AI tools and distribution agreements will face the most stringent legislative scrutiny. This “myth” shattered event proves that, under the current technical architecture, the absolute security of any digital asset is only a relative assumption—and responding to such uncertainty will become the dominant theme for digital asset and cybersecurity industries going forward.

Further Reading
Judge sharply condemns the U.S. military for unconstitutional actions! Orders the withdrawal of Anthropic’s supply-chain risk labels; pre-report due by 4/6
Anthropic sues in court! Accuses the Trump administration of retaliation by banning Claude; 37 AI researchers lend support
The Wall Street Journal: After Trump issues the Anthropic ban order, the U.S. and Israel airstrikes on Iran still rely on Claude
National Security vs. Ethics: Anthropic refuses to remove Claude’s safety guardrails, clashes with the U.S. Department of Defense