A small group of unauthorized users accessed Anthropic’s Claude Mythos Preview on the same day the company announced its controlled release, according to Bloomberg.
The incident raises questions about Anthropic’s ability to contain a model it deemed too dangerous for public release.
How a Discord Group Walked Into Mythos
Members of a private Discord channel dedicated to hunting unreleased AI models made an educated guess about the Mythos endpoint URL.
“Anthropic said Mythos was too dangerous to release. Then four random guys in a Discord gained access on day one by guessing the URL…,” wrote Josh Kale, a popular user on X.
They reconstructed Anthropic’s naming conventions using data exposed in the Mercor breach three weeks earlier, Bloomberg reported, citing a person familiar with the matter.
One group member also held legitimate evaluation credentials through contract work for an Anthropic vendor. Those credentials, combined with the guessed URL, granted the group ongoing access.
The users have reportedly been running Mythos regularly since gaining entry. However, they have avoided cybersecurity-related prompts and instead used it for benign tasks like building simple websites.
Anthropic confirmed it is investigating the report but said it has found no evidence the access extended beyond the vendor environment.
Anthropic has said Mythos can identify and exploit zero-day vulnerabilities in every major operating system and web browser.
Under Project Glasswing, the company restricted access to roughly 40 approved organizations, including Apple, Amazon, and Cisco, strictly for defensive security testing.
White House Pushes Federal Access Despite Pentagon Ban
The breach comes as the White House moves to expand Mythos access to civilian federal agencies. The Office of Management and Budget emailed Cabinet officials on April 15 outlining plans for a safeguarded version of the model.
This represents a reversal from earlier this year, when the Pentagon designated Anthropic a “supply chain risk” after the company refused to remove safety guardrails for military use.
“We will not let ANY company dictate the terms regarding how we make operational decisions,” Defense Department spokesman Sean Parnell wrote on X.
A federal judge later paused the broader ban following an Anthropic lawsuit.
Anthropic CEO Dario Amodei met White House officials on April 17, with both sides calling talks “productive.”
The NSA has already been using Mythos for vulnerability scanning despite the Pentagon blacklist, according to Axios.
