Anthropic has confirmed it is investigating reports that an unauthorized group accessed Claude Mythos Preview, the company's most powerful unreleased AI model, through a third-party vendor environment. The breach, first reported by Bloomberg, involves a private online forum and Discord-based community that specifically hunts for access to unreleased frontier AI systems. Mythos was deemed too dangerous for public release due to what Anthropic described as "unprecedented cybersecurity risks."

What Happened

A group operating out of a private online forum reportedly obtained access to Claude Mythos Preview by compromising a third-party vendor environment connected to Anthropic. Bloomberg, citing a person employed by an Anthropic contractor, reported that the group attempted multiple strategies before successfully gaining entry and then used the model on an ongoing basis. Anthropic confirmed the investigation in a statement to Euronews Next, saying it has found no evidence that its own systems were impacted or that the activity extended beyond the third-party environment. The group is reportedly tied to a Discord channel dedicated to seeking out information about and access to unreleased AI models.

What Was Taken

The compromised asset is access to Mythos itself, an enterprise-security-focused frontier model that Anthropic has explicitly classified as too dangerous for general release. While no traditional data exfiltration figures have been disclosed, the loss is functional rather than volumetric: unauthorized parties have repeatedly queried a model designed to find software vulnerabilities at scale. The exposure window includes prompt and response telemetry generated by the intruders, any prompts the attackers crafted to probe the model's capability boundaries, and any model outputs that may have included offensive cyber tooling, exploit logic, or vulnerability analysis derived from Mythos's capabilities.

Why It Matters

Mythos is not a standard product leak. The model is being piloted under Project Glasswing with a tightly controlled circle that reportedly includes Amazon, Apple, JPMorgan Chase, Goldman Sachs, Citigroup, Bank of America, and Morgan Stanley, after Treasury Secretary Scott Bessent convened senior American bankers in Washington this month to encourage its use for vulnerability discovery. A model gated for national-security-adjacent reasons is now in the hands of an unvetted online group. The incident also reinforces a pattern threat intel teams have tracked for two years: third-party vendors, not the AI labs themselves, are the soft underbelly of frontier model distribution.

The Attack Technique

According to Bloomberg's reporting, the unauthorized group did not breach Anthropic directly. Instead they pivoted through a third-party vendor environment that had been granted Mythos Preview access as part of the controlled rollout. The group reportedly tried "several strategies" before succeeding, suggesting iterative probing of the vendor's authentication, API key handling, or sandbox environment rather than a single zero-day. Once inside, the group maintained persistent, recurring use of the model rather than a smash-and-grab extraction, indicating either credential theft or a session-token style foothold within the vendor's tenancy. Anthropic has not publicly named the vendor.

What Organizations Should Do

1. Inventory every third-party environment with access to frontier model previews, including contractors, integration partners, and red-team firms; treat each as in-scope for your own incident response plan.
2. Rotate API keys, OAuth tokens, and service-account credentials tied to any AI model preview programs, and enforce short-lived credentials with mandatory IP allowlisting.
3. Require vendors handling preview access to provide attestation of MFA enforcement, SSO integration, and tenant isolation before granting them access to gated capabilities.
4. Monitor outbound traffic from contractor environments to AI provider endpoints for anomalous query volume, off-hours usage, and unusual prompt patterns consistent with capability probing.
5. If you are a Project Glasswing participant or run similar pilots, assume your prompts and responses to Mythos may have been observable to a third party during the exposure window and treat any vulnerability disclosures generated through it as potentially compromised.
6. Update insider-risk and supply-chain playbooks to account for AI-model exfiltration as a distinct threat category, with detections tuned for token reuse, anomalous geolocation, and Discord or forum-based brokerage of access.

Sources: Hackers breach Anthropic's 'too dangerous to release' Mythos AI model, report