Mysterious AI model Mythos reportedly leaked! Illegal organizations have deployed copies, and Anthropic's security defenses have been breached?

AI giant Anthropic’s confidential security model, Mythos, has reportedly leaked—this model boasts extreme capabilities, including automated detection of zero-day vulnerabilities and encryption-penetration systems.

Has the core line of defense been breached? Anthropic’s mysterious model Mythos reportedly leaked

According to the latest in-depth investigation published yesterday (4/21) by TechCrunch and Bloomberg, the highly confidential network security model “Mythos,” developed by AI giant Anthropic, has been illegally obtained and used by an unauthorized organization. This tool, code-named Mythos, is designed specifically for extremely complex network defense and attack simulations, with capabilities including automated identification of zero-day vulnerabilities and penetration of highly encrypted infrastructure.

For a long time, Anthropic has maintained a highly closed access policy for this model, limiting it to certain defense contractors and core government units. However, this leak incident shows that there is a major flaw in its internal cloud security protocols. Intelligence indicates that the unauthorized organization has successfully deployed a copy of Mythos on a third-party private cloud server, which means that the security perimeter Anthropic prides itself on has already failed. The scale of this data leak is extremely broad; the technical documentation and original model weight(s) involved are estimated to be worth more than 500 million, and the suspected leak path appears to be related to an API vulnerability in the supply chain.

This technology is currently out of control. Any group with basic development capability may use the model to launch unprecedented automated attacks against global financial systems or blockchain protocols, a development that has left the cybersecurity communities in Silicon Valley and Washington extremely anxious.

U.S. National Security Agency pulled into controversy: using an AI tool already on the blacklist

In addition, after Mythos was added to an internal security blacklist, the U.S. National Security Agency (NSA) still maintained authorization to use the tool. This has sparked intense debate about government agency transparency and compliance. Although the White House has emphasized the purity of AI model supply chains in multiple executive orders and has explicitly prohibited the use of tools with security concerns or unclear sources, the NSA appears to be relying on Mythos’s powerful decryption capabilities.

Insiders in the intelligence community reveal that even though the NSA’s technical department knew the model may already have been penetrated by a third party, it still integrated it into multiple highly sensitive surveillance and cyber-countermeasure operations. This choice of “prioritizing technical advantage over compliance” has put the federal government in a self-contradictory position.

Currently, market analysis believes that the NSA’s reckless behavior increases the risk of reverse engineering state-level confidential information and exporting it. Once a backdoor is implanted during Mythos’s computing process, all intelligence handled by the tool may be synchronized to external organizations immediately. This potential data-leak risk is currently under review by multiple oversight committees, but to date the NSA has refused to make any public comments regarding the deployment status of this specific tool, merely reiterating that its operations fully comply with national security interests.

Supply-chain risk turns “red hot” as the White House and the Pentagon investigate the technical leak path

At present, the White House and the Pentagon have launched an emergency cross-agency investigation into the Mythos model leak incident, focusing on the increasingly fragile AI software supply chain. This incident exposed a core vulnerability in the modern AI development process: even if the original developer, such as Anthropic, has a very high level of security awareness, once the model is delivered to layers of service providers and subcontractors, its ability to control the model drops significantly.

The Pentagon is currently conducting a full review of its more than 2,000 related technical contracts, trying to identify the specific node(s) where the Mythos model entered an unauthorized organization. Preliminary evidence suggests the problem may lie with a test node located outside North America; during performance stress testing, that node failed to enable hardware-level access restrictions as required, resulting in the model weights being exported all at once.

In response to this situation, the White House national security adviser has issued a warning to all private enterprises with AI R&D capabilities, requiring strengthened physical isolation protections for large-scale language models (LLMs).

A Pentagon official said plainly that the risk of AI model proliferation is similarly threatening to nuclear proliferation—especially for tools like Mythos that have autonomous cyber-attack logic. Once such tools flow into the gray market, they will trigger a global cybersecurity catastrophe.

The government is considering implementing a stricter “model fingerprint” system, requiring that all AI tools above a certain compute threshold embed non-removable tracking labels so that the source can be quickly traced in the event of a leak.

A trust crisis and industry impact under high-intensity control measures

This technology leak storm targeting Anthropic is rapidly evolving into a trust crisis across the entire AI industry. As a leading company that has long promoted “AI safety” and “technology integration,” Anthropic has failed to protect its core network tool this time, leading to strong public doubts about the security of closed models.

Professionals in the cryptocurrency industry point out that this incident serves as a far-reaching warning for the development of decentralized finance (DeFi). As more and more automated auditing models are introduced into smart contract development, if even Mythos—which has top-tier security resources—can be illegally intercepted, then the current code-auditing logic may have already lost transparency in front of hackers. The market has begun to voice calls for decentralizing AI compute power and making models transparent, to prevent a mistake by a single entity from causing a global technological disaster.

Currently, Anthropic’s market value has seen significant fluctuations after related news emerged, reflecting investors’ concerns about its ability to manage high-risk technical capabilities. The incident has prompted international cybersecurity organizations to re-evaluate the defense strategy of “sovereign AI,” and to consider how to find a new balance between high-intensity control and technological innovation. Over the coming period, the admission standards for AI tools and distribution agreements will face the most stringent legislative scrutiny. This myth-shattering incident proves that, under the current technical architecture, absolute security for any digital asset is only a relative assumption—and responding to this uncertainty will become the main theme for the digital asset and cybersecurity industries going forward.

Further Reading
Judge denounces U.S. military as unconstitutional! Demands withdrawal of Anthropic supply-chain risk labels—preliminary report due by 4/6
Anthropic sues the court! Accuses the Trump administration of retaliation for banning Claude; 37 AI researchers show support
Wall Street Journal: After Trump issues an Anthropic ban order, the U.S. and Israel still rely on Claude for airstrikes in Iran
National security vs. ethics: Anthropic refuses to remove Claude’s security safeguards, sparring with the U.S. Department of Defense