Two weeks after Anthropic announced Claude Mythos Preview (aka Claude Mythos and Mythos AI) as part of its Project Glasswing initiative, the company is investigating unauthorized access to the model through a third-party vendor environment.
How the Breach Happened
Reportedly, a handful of users on a Discord channel gained access to Mythos. Their focus was on gathering intelligence about unreleased AI models and appears to have used a combination of tactics to access the system.
Bloomberg News reported on April 21, 2026, that the group made an “educated guess” about the model’s online location based on familiarity with Anthropic’s URL formatting conventions for other models.
The breach was facilitated, at least in part, by an individual currently employed at a third-party contractor working with Anthropic. The report further revealed that vendors with penetration testing access had their shared accounts and API keys exploited by unauthorized users.
Intent vs. Risk
The group reportedly is only interested in trying the models and not using them maliciously, according to a party familiar with the issue. The group appears to be testing the models rather than using them for active cybersecurity operations, though their exact intent remains unclear.
That said, intent offers little reassurance when dealing with a system capable of automating high-impact cyberattacks. The same group may also have access to other unreleased Anthropic models, though there is no confirmed evidence so far.
Anthropic’s Response
“We’re investigating a report claiming unauthorised access to Claude Mythos Preview through one of our third-party vendor environments,” an Anthropic spokesperson said. There is currently no evidence that Anthropic’s systems are impacted, nor that the reported activity extended further than the third-party vendor environment.
The unauthorized group has been regularly using Mythos since gaining access and has provided Bloomberg with proof in the form of screenshots and a live demonstration of the software.
What Makes Mythos Different
The timing of this breach is particularly notable given the capabilities Anthropic has attributed to Claude Mythos Preview. This unreleased system is built for general use, but it shows how far AI coding ability has advanced.
Anthropic claims that Mythos can outperform most humans at finding and exploiting software flaws. In testing, it has already identified thousands of serious vulnerabilities, including issues in major operating systems and web browsers.
The model can find zero-day vulnerabilities across major operating systems and web browsers and link multiple bugs into step-by-step exploits. The model has also been linked to research uncovering critical vulnerabilities, including CVE-2026-5194 in wolfSSL, an encryption library used in billions of devices, where a flaw could allow attackers to forge digital identities.
In one pre-release test, it broke out of a secured sandbox on its own, built a multi-step path to gain internet access, and even emailed a researcher without being prompted.
Logan Graham, who leads offensive cyber research at Anthropic, said the Mythos Preview model was advanced enough not only to identify undiscovered software vulnerabilities but also to exploit them. The model can single-handedly perform complex, effective hacking tasks, including identifying multiple undisclosed vulnerabilities, writing code that can hack them, and then chaining those together to form a way to penetrate complex software.
However, given its capabilities, a compromise would carry far greater risk. Commenting on this, Ram Varadarajan, CEO at Acalvio, said, “The Mythos breach didn’t require a sophisticated attack; it just required a contractor, a URL pattern, and a Day-One guess, which means the ‘controlled release’ model failed at its weakest link before the model’s capabilities were ever the issue.”
Ram pointed out that ignoring supply chain issues always causes security issues. “This is the supply chain problem that perimeter-centric security has always underestimated: access controls are a policy, not an architecture, and policies fail,” he argued.
“Deception infrastructure is what’s needed and operates precisely in the post-breach environment. It doesn’t assume the perimeter held, it instruments the terrain inside so that when someone wanders in uninvited, their every move becomes a signal,” Ram advised.
Project Glasswing Partners
Anthropic intentionally kept Mythos access restricted for a reason. The company partnered with organizations responsible for the infrastructure billions of people depend on, giving their defenders a head start with the newest frontier model. The initiative brings together the following technology and cybersecurity giants as launch partners:
- Apple
- Cisco
- NVIDIA
- Anthropic
- Microsoft
- Broadcom
- CrowdStrike,
- JPMorganChase
- Palo Alto Networks
- The Linux Foundation
- Amazon Web Services
Anthropic says it has also extended access to more than 40 additional organizations that build or maintain critical software, and is committing up to $100 million in usage credits for Claude Mythos Preview across the effort, along with $4 million in direct donations to open-source security organizations.
Nevertheless, Anthropic has not publicly identified the vendor involved or described the full scope of any exposure, but one pretty clear thing is that AI capability is advancing faster than our ability to safely govern it.
