Anthropic spent weeks warning that its new Claude Mythos model was too dangerous for public release. According to The Verge AI, a small group of unauthorized users has been poking around inside that same model since the day Anthropic first offered it to select testers. The company is now investigating, and the story is as embarrassing as it sounds.
The Verge AI reports, citing Bloomberg, that the intruders didn’t crack any elaborate defense. They made an educated guess about where Mythos was hosted online, then walked in. The clues came from a breach at Mercor, an AI training data vendor, plus insider knowledge from a group member who did contract work evaluating Anthropic’s models. No zero-day. No model theft. Just a hunch and a URL.
What happened
Here’s the short version of the incident, based on The Verge AI’s reporting:
- Mercor got breached first, exposing details about Anthropic’s model infrastructure.
- Using that info plus contractor access, a small group guessed the online location of Mythos.
- They got in on day one of the private rollout and stayed in.
- They mostly played around, avoiding cybersecurity tasks so Anthropic wouldn’t notice.
- A reporter, not Anthropic’s own monitoring, surfaced the breach.
Security researcher Lukasz Olejnik told The Verge AI this is an “entirely imaginable” failure mode the industry has been handling for twenty years. Anthropic can log and track model usage, he noted, which should have flagged the unauthorized access quickly. Especially since the rollout was meant to be tightly scoped.
Why this matters
Anthropic built its brand on being the grown-up in the AI room. It markets Mythos as a “watershed moment for security,” claiming the model found vulnerabilities in every major operating system and web browser. Mozilla CTO Bobby Holley, cited by The Verge AI, said Mythos uncovered hundreds of bugs in Firefox 150. Governments and banks have been lining up. The NSA reportedly has access, even as Anthropic carries a US supply chain risk designation.
That positioning is exactly why the breach stings. If Mythos is as powerful as Anthropic says, then monitoring should have been airtight. If the monitoring wasn’t airtight, then maybe the threat framing was more marketing than reality. Pia Hüsch, a research fellow at the UK’s Royal United Services Institute, summed it up to The Verge AI in one word: humiliation.
What stands out to me is the self-inflicted part. By hyping Mythos as uniquely dangerous, Anthropic painted a target on its own infrastructure. Hackers didn’t need a motive beyond curiosity. And this isn’t even the first Mythos stumble. The model’s existence leaked earlier through an unsecured data trove on a server holding website content.
What comes next
Anthropic will audit its supply chain and plug the obvious holes. The harder question is reputational. The Verge AI points out that the breach was found by a journalist, not by Anthropic’s own systems, which raises a reasonable concern: how many other groups got the same idea and just haven’t been caught?
For AI practitioners, a few practical takeaways:
- Treat model endpoints like any other sensitive API. Obscurity is not a defense.
- Vendor breaches cascade. Mercor’s leak became Anthropic’s problem within days.
- If you claim a model is too dangerous to release, your detection stack has to match the claim.
- Contractor access is still access. Supply chain risk cuts both ways.
Expect tighter rollout procedures on the next frontier model launch, both at Anthropic and at its rivals. OpenAI and Google are watching this closely, and no CISO wants to be the next case study. The bigger shift may be cultural. Safety theater ages badly when the receipts come in. Companies pitching themselves as responsible stewards of powerful AI will now get graded on operational discipline, not just policy documents.
Full details at the original source.