Anthropic is scrambling to contain fresh questions over its Mythos AI after online users reportedly accessed the ultra‑powerful model through previously mapped pathways, sharpening Pentagon supply chain concerns and spooking markets already on edge about AI‑driven cyber risk
According to Microsoft’s April 2026 Security Update Guide, the company fixed more than 160 vulnerabilities across Windows, Office and core services, including an actively exploited SharePoint zero‑day and a Defender privilege‑escalation flaw.
The largest DeFi exploit of 2026 has seen $293 million drained from Kelp DAO's LayerZero cross-chain bridge, triggering a $5.4 billion withdrawal panic across the broader ecosystem and exposing critical centralization flaws in modular security.
Anthropic is scrambling to contain fresh questions over its Mythos AI after online users reportedly accessed the ultra‑powerful model through previously mapped pathways, sharpening Pentagon supply chain concerns and spooking markets already on edge about AI‑driven cyber risk
Anthropic faces fresh questions over control of its most powerful AI system after a small group of online enthusiasts appear to have found their way into the company’s Mythos infrastructure using previously identified pathways, exposing a new kind of supply‑chain risk for Washington and Wall Street alike. According to remarks by Bloomberg commentator Michael Shepherd, the incident centres on a “handful of users in a private online forum” who discussed and then pursued routes into Anthropic’s environment that had been publicly hinted at or mapped during earlier probes of the company’s networks.
Rather than seeking to cause immediate disruption, the group reportedly wanted to locate and experiment with untested models ahead of their formal rollout, essentially front‑running official access to Anthropic’s latest technology. That distinction between vandalism and exploration will matter little to policymakers now focused on the fact that outsiders have “gotten behind the wheel” of a system the Pentagon already regards as highly sensitive.
The episode collides with an already fraught relationship between Anthropic and the US government. The Pentagon had previously deemed the company a supply chain risk, although, as Shepherd noted, its initial concern was almost the mirror image of today’s fears. Defence officials worried that Anthropic’s insistence on strict safety guardrails, and the company’s willingness to dictate those guardrails to government customers, might tie Washington’s hands in a crisis. In that framing, the risk lay in over‑constrained access to the model’s capabilities.
Now, a recent breach and this latest access incident underline a different vulnerability: that the same technologies could slip into the hands of actors the government has not vetted at all.
The political stakes are rising. Shepherd pointed to a previous breach disclosed “a few weeks ago” that Pentagon officials have already cited as an example of the kind of incident that can cascade into a broader supply chain threat. Senior figures across the national security apparatus have been pushing Anthropic to open Mythos to government agencies, both to test their own networks for vulnerabilities and to understand what the system can actually do.
Those negotiations accelerated last week in a high level White House meeting bringing together Chief of Staff Susie Wiles, the administration’s cyber director Sean Karen Cross, Treasury Secretary Scott Bessent and Anthropic chief executive Dario Amodei. The core question appears to be whether the government can be given “the keys to the car” on terms it finds acceptable.
At the same time, the latest revelations raise uncomfortable questions about who else may already be driving. While only a small number of large banks and technology companies have been publicly identified as having sanctioned access to Mythos, Shepherd acknowledged that it is “unclear who else” has touched the system. In markets, that uncertainty is likely to feed existing anxiety about unquantified cyber exposure, especially if investors begin to assume that capable adversaries, including China or other hostile states, may already have had a glimpse of the toolset. For large financial institutions and critical infrastructure operators, Mythos shifts from being a potential defensive asset to a dual use capability that might be learning about their weaknesses in private.
The political tone around Anthropic is already shifting. President Donald Trump, who only a month ago was threatening to cut the company off from all federal contracts while labelling it a supply chain risk, has in recent remarks hinted that “maybe there is a way we can work some things out”. That evolution suggests the White House sees Mythos as too strategically important to leave entirely at arm’s length, even as it searches for a governance model robust enough to reassure military planners, regulators and investors.
After Amodei’s recent visit to the White House, Shepherd quipped that the chief executive “may need to go back”. The more pressing question for markets is whether Washington can assert enough control over Anthropic’s crown jewel to prevent the next access story involving Mythos from coming not out of a Discord chatroom, but out of a hostile intelligence service.
Mythos is now being treated as a live banking‑system risk across Asia, not just in the US, with supervisors and major lenders openly raising the alarm.
Across the region, regulators in Australia, Singapore, Hong Kong and South Korea have all moved Mythos onto their supervisory radar, citing its “potentially unprecedented” ability to identify and chain software vulnerabilities in ways that could destabilise financial systems. The Hong Kong Monetary Authority has engaged major banks, is bringing forward a new cyber‑resilience testing framework and is forming a public‑private taskforce specifically to monitor AI‑driven threats such as Mythos.
In Singapore, the Monetary Authority is working with the national cyber agency to harden critical infrastructure, warning banks to “redouble efforts” on patching and controls, while South Korea’s Financial Supervisory Service and Financial Services Commission have held emergency meetings with CISOs from banks and insurers to review Mythos‑related risks. ASIC, for its part, has told Australian licensees it expects them to be “on the front foot” in safeguarding customers as Mythos and similar tools emerge.
On the industry side, Deutsche Bank’s chief executive Christian Sewing says “everyone is trying to gain access” to Anthropic’s model to understand its impact, even as European and Asian watchdogs review the risks. Goldman Sachs has confirmed it already has Mythos, and is working with Anthropic and security vendors to harness its frontier capabilities, underlining how far the technology has penetrated large cross‑border institutions.
For Asian and Australian banks that do not yet have access, the concern is twofold: that adversaries could weaponise Mythos against legacy systems, and that a small club of global players inside programmes like Project Glasswing may gain a defensive edge that is hard to replicate quickly.
That combination of concentrated capability and uneven preparedness is why central banks and supervisors from Sydney to Hong Kong and Singapore are now folding Mythos explicitly into their discussions of operational resilience, cross‑border contagion and the next generation of cyber‑stress testing.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
The largest DeFi exploit of 2026 has seen $293 million drained from Kelp DAO's LayerZero cross-chain bridge, triggering a $5.4 billion withdrawal panic across the broader ecosystem and exposing critical centralization flaws in modular security.
Another week, another frontier model. As Anthropic’s Claude Opus 4.7 chases enterprise depth and OpenAI turns ChatGPT, GPT‑6 and GPT‑Rosalind into the ambient verbs of digital work and lab science, the contest is no longer IQ scores. It is which unseen layer we quietly let sit beneath institutions.
Anthropic’s Mythos clampdown, April’s record Patch Tuesday and Nvidia’s Blackwell‑to‑Rubin GPU roadmap mark a turning point in cyber defence, exposing how deeply allied nations now rely on US‑controlled, agentic AI to detect and counter zero‑day threats.
Anthropic’s rise is no longer about models, but control. As it embeds across enterprise, leaked code reveals deep telemetry, remote overrides and emerging autonomy. Industry leaders warn the same systems reshaping business may amplify cyber risk beyond current defences.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
