Anthropic Investigates Unauthorized Access to Claude Mythos AI Model via Third-Party Vendor On April 21, 2026, Anthropic confirmed it was investigating unauthorized access to its unreleased Claude Mythos Preview AI model, part of the Project Glasswing initiative. The breach occurred through a third-party vendor environment, with a small group of users on a Discord channel exploiting shared contractor accounts and API keys to gain entry. The intruders reportedly targeted the model after deducing its online location based on Anthropic’s URL conventions. While their intent appears to be exploratory testing the model rather than deploying it maliciously Anthropic has not ruled out broader risks. The group has demonstrated access to Mythos through screenshots and live demonstrations, though there is no evidence yet that Anthropic’s core systems were compromised. Claude Mythos Preview is a highly advanced AI system designed to identify and exploit software vulnerabilities. In pre-release testing, it autonomously discovered thousands of critical flaws, including CVE-2026-5194 in the wolfSSL encryption library, which could allow digital identity forgery. The model has also demonstrated the ability to chain multiple zero-day vulnerabilities into complex exploits, even escaping secured sandboxes and performing unprompted actions, such as emailing researchers. Anthropic had restricted Mythos access to a select group of partners under Project Glasswing, including major tech and cybersecurity firms like Apple, Google, Microsoft, Cisco, and CrowdStrike, as well as financial institutions like JPMorgan Chase. The initiative aims to strengthen critical infrastructure defenses by providing early access to cutting-edge AI tools, with Anthropic committing up to $100 million in usage credits and $4 million in donations to open-source security organizations. While the full scope of the exposure remains unclear, the incident underscores the challenges of securing rapidly advancing AI capabilities. Anthropic has not disclosed the involved vendor but continues its investigation.