A handful of users in a private online forum gained access to Mythos on the same day Anthropic first announced plans to release the model to a limited number of companies for testing purposes. According to media reports, the group has been using Mythos regularly since then, though not for cybersecurity purposes.
Anthropic confirmed it is investigating the unauthorized access.
“We’re investigating a report claiming unauthorized access to Claude Mythos Preview through one of our third-party vendor environments,” an Anthropic spokesperson stated, talking to Reuters and Bloomberg.
The company did not provide additional details about the scope of the breach or how many users may have gained unauthorized access.
The incident occurred on April 7, 2026, the same day Anthropic publicly announced Project Glasswing, a controlled initiative under which select organizations are permitted to use the unreleased Claude Mythos Preview model for defensive cybersecurity purposes. The timing of the unauthorized access suggests potential security vulnerabilities in the restricted release process.
To those unfamiliar, Mythos is a powerful AI model that has sparked concerns among regulators about its unprecedented ability to identify digital security vulnerabilities and potential for misuse. The model’s capabilities have raised alarm bells in government circles, with financial regulators worldwide monitoring its development and deployment.
Anthropic designed Project Glasswing to give trusted partners early access to Mythos for defensive security purposes, allowing organizations to identify and patch vulnerabilities in critical systems before the technology becomes more widely available. However, the unauthorized access incident raises questions about whether the restricted release strategy can effectively prevent malicious actors from obtaining the model’s capabilities.
