"We're investigating a report claiming unauthorized access to Claude Mythos Preview through one of our third-party vendor environments," an Anthropic spokesperson told The Register.
Project Glasswing: a controlled preview meant to surface bugs
Anthropic released Mythos in preview under the name Project Glasswing to a select, growing set of organizations so they "could find and fix vulnerabilities in their environment before criminals got hold of the purported zero-day machine," the company said. The preview was intended as a defensive, limited rollout — not a public launch — but the model's availability was quickly tested outside that controlled set.
How non-partners reportedly found Mythos
Bloomberg reported that "a handful" of people gained access to Mythos after making "an educated guess about the model's online location" based on Anthropic's prior models, and that those details were revealed in the Mercor data breach. Anthropic confirmed to The Register that some non-Glasswing parties may have accessed Mythos, but said the access was not through Anthropic's production API and that "there's no evidence that unauthorized activity extended beyond the third-party vendor's environment or that Anthropic systems are affected," we're told.
Supply-chain and insider exposures, not a sophisticated cyberattack
Mercor, an AI staffing startup that supplies contractors to major AI labs including Anthropic, said it was "one of thousands of companies" affected by the LiteLLM supply-chain attack. Security experts quoted by The Register argued the incident exposes the weakness of controlled releases when contractors, URL patterns and day-one guesses are enough to get in. Ram Varadarajan, CEO at Acalvio, said, "The Mythos breach didn't require a sophisticated attack. It just required a contractor, a URL pattern, and a day-one guess, which means the 'controlled release' model failed at its weakest link before the model's capabilities were ever the issue."
What Mythos actually found — claims, tests, and contesting analyses
Anthropic asserted Mythos identified "thousands of additional high- and critical-severity vulnerabilities." Early previews and third-party analyses paint a more measured picture. Mozilla CTO Bobby Holley reported that Mythos found 271 vulnerabilities in Firefox 150, but added: "So far we've found no category or complexity of vulnerability that humans can find that this model can't" and "We also haven't seen any bugs that couldn't have been found by an elite human researcher." VulnCheck researcher Patrick Garrity estimated the count at "maybe 40. Or maybe none at all."
Independent examination by a researcher identified as Devansh reviewed Mythos-related CVE advisories, Anthropic's exploit code, a 44-prompt transcript, the 244-page system card, Glasswing partner agreements, red-team writeups, and Aisle's replication study. Devansh concluded the bugs Mythos found are real but characterized the overall narrative as "one of misinformation and hype." Aisle's replication study reportedly applied Mythos showcase prompts to small, cheap, open-weights models and "found they produced much of the same analysis."
Specific examples raised by critics further undercut the more alarming claims: the Anthropic-claimed 181 Firefox exploits reportedly ran with the browser sandbox turned off, the FreeBSD exploit transcript "shows substantial human guidance, not autonomy," and a Linux kernel bug touted in materials was found by Opus 4.6, the public model, not Mythos, according to the researcher.
Documentation gaps and the marketing narrative
Researchers noted absences in Anthropic's public documentation. Davi Ottenheimer pointed to Section 3 (pages 47–53) of the 244-page documentation and said it "contains no count of zero-days at all," listing "no CVE list, no CVSS distribution, no severity bucket, no disclosure timeline, no vendor-confirmed-novel table, no false-positive rate." Tim Mackey, head of risk strategy at Black Duck, said Anthropic's marketing was "effectively a challenge, not dissimilar to a capture-the-flag exercise, where success includes claims of unauthorized access to Mythos."
What this means for technologists, enterprises, and adversaries
- Technologists and security teams: Mythos can speed vulnerability discovery and "requires less hands-on guidance" from security engineers, the reporting says, but experts including Mozilla's Bobby Holley suggest it has not supplanted elite human researchers.
- Affected enterprises and procurement leaders: The incident highlights supply-chain and contractor exposure; Mercor's disclosure that it was "one of thousands of companies" hit by LiteLLM underscores the broad surface for leakage of preview artifacts and URLs.
- Adversaries and threat actors: Several security figures told The Register that attackers do not need Mythos to accelerate vulnerability research — Snehal Antani, co-founder and CEO of Horizon3.ai, concluded, "In my honest opinion, it's a nothingburger," and added, "The adversary doesn't need Mythos to hack you."
Anthropic is investigating the reported unauthorized access and says there is no evidence the activity reached Anthropic's production systems. The episode sharpens a concrete takeaway repeated by multiple observers in the coverage: the more immediate risk appears to be leakage through third-party vendors, contractors and publicized URL patterns — not an uncontrollable "zero-day" machine. The record also shows the company's headline claims about "thousands" of severe vulnerabilities are contested, with independent researchers and preview partners finding a more complicated, less apocalyptic reality.
