Skip to main content
Meet us at Black Hat USA 2026— Las Vegas, August 1–6Book a Meeting
Mallory
Back to intelligence
ai-platform-securitythird-party-vendor-breachvendor-distribution-compromiseunderground-data-leak

Unauthorized Users Access Anthropic’s Restricted Claude Mythos Cyber Model

Updated 2d agoFirst seen Apr 8, 202617 sources

Anthropic said it is investigating reports that unauthorized users accessed its unreleased Claude Mythos Preview model, a cybersecurity-focused system the company had restricted under Project Glasswing because it considered the model too dangerous for public release. Mythos was described as capable of autonomously finding high-severity vulnerabilities, chaining Linux kernel flaws into working exploits, uncovering long-lived bugs such as a 27-year-old OpenBSD issue, and completing complex multi-step attack simulations. Anthropic had provided limited access to selected organizations and pledged safeguards, usage credits, and coordinated defensive support to help security teams use the model for vulnerability discovery and remediation rather than offensive activity.

Reports said the unauthorized access stemmed from a third-party contractor environment and a broader chain of security failures, including alleged clues exposed through the Mercor breach and a LiteLLM-linked supply-chain compromise. Bloomberg and follow-on coverage said a private Discord group may have used contractor access and educated guesses about the model’s location to reach Mythos, while Anthropic said it had no evidence of misuse beyond the third party’s IT environment. Separate unverified claims circulating online alleged that threat actor ShinyHunters was offering Anthropic-related Mythos data and internal documents for sale, adding to concerns over whether frontier AI systems built for defensive cyber research can be adequately secured against leakage and abuse.

Share:
Unauthorized Users Access Anthropic’s Restricted Claude Mythos Cyber Model
Stay ahead

Get ahead of threats like this

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.

EVENT TIMELINE

How this story unfolded

6 events from the most recent confirmed update back to the earliest known activity.

6 EVENTS
Apr 30, 20262mo ago

White House reportedly opposes broader Mythos rollout

The Wall Street Journal reported that the White House opposed Anthropic's proposal to expand access to Claude Mythos from a limited Project Glasswing partner group to roughly 120 companies. The reported concerns included cybersecurity risks and whether Anthropic had enough computing capacity to broaden access without affecting government availability.

White House against Anthropic expanding Mythos model access: report
Apr 24, 20262mo ago

Unconfirmed ShinyHunters sale claim targets Mythos-related Anthropic data

A Reddit post reported an unverified claim by ShinyHunters that it was selling allegedly stolen Anthropic data related to Claude Mythos, including internal documents and model details. The claim was presented without independent confirmation.

Apr 23, 20262mo ago

Report says Discord group used unreleased Mythos since early April

Bloomberg reported that an unauthorized private Discord group had been using Anthropic's unreleased Mythos model since Anthropic disclosed it earlier in April. The report said the group may also have had access to other unreleased Anthropic models and linked the exposure chain to contractor access and data from the Mercor/LiteLLM-related breaches.

Apr 22, 20262mo ago

Anthropic investigates reports of rogue Mythos access

Anthropic said it was investigating claims that unauthorized users had accessed the unreleased Mythos model through a third-party vendor environment. The company stated it had no evidence that any unauthorized access extended beyond that third party's IT environment.

Apr 7, 20263mo ago

Unauthorized users reportedly gain access to Mythos via third-party environment

A small unauthorized group reportedly obtained access to Claude Mythos the same day Anthropic began limited testing with selected companies. Reports said the access involved a third-party contractor or vendor environment and techniques including guessing the model's location and leveraging exposed information tied to earlier third-party compromises.

Anthropic restricts Claude Mythos Preview to Project Glasswing partners

Anthropic announced that it would not publicly release its Claude Mythos Preview model because of its advanced vulnerability discovery and exploitation capabilities. Instead, it limited access to selected organizations through Project Glasswing and said it would provide safeguards, guidance, and funding to support defensive vulnerability research.

LINKED ENTITIES

Related entities

Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.

58 LINKEDOpen in app
Affected products
9 linked
LitellmClaudeSafariFirefoxChatgptLinux KernelFreebsdLitellmTrivy
Organizations
36 linked
AnthropicMercorMercor Inc.MozillaSpotifyCisco SystemsLenovoThe Wall Street JournalNvidiaAmazon Web ServicesCitigroupLinkedinGoldman SachsSamsung ElectronicsBlack DuckByBitAISLEMeta PlatformsCrowdStrikeMerckOpenaiAppleMicrosoft CorporationGitHubHewlett Packard EnterpriseJPMorgan ChaseBloombergSafe{Wallet}GooglePCMagSilicon AngleDelveFuture PublishingSony Group CorporationBreachNewsAcalvio Technologies Inc.
Breaches
5 linked
ANTHROPIC-2026-04LITELLM-2026-03MERCOR-2026-04MERCORINC-2026-04META-2026-04
The operational view lives in Mallory

See the full picture, correlated to your attack surface.

This page covers what’s public. Mallory adds the parts that aren’t — which of your assets are affected, which threat actors are using it right now, which detections to deploy, and what to do next.
Exposure mapping

Map indicators from this story to your assets and identify affected systems in minutes.

Threat actor evidence

Every observed campaign, victim, and pivot linked to actors named in this story.

Associated malware

Malware, exploits, and IOCs connected to the activity described here.

Detection signatures

YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.

Scheduled alerts

Get matching new stories delivered to your team as they break — not the next morning.

AI threads

Ask questions about this story and take action on the answers.