Anthropic’s Mythos Model Breached: How a Simple URL Guess Undermined AI Security

Anthropic, which touts "security first," saw its most powerful model Claude Mythos Preview accessed by a small group of Discord users on the day it was announced, despite the company’s public emphasis on AI safety.

01 Leak Details: Contractor Access and URL Guessing Breached Defenses

According to insiders, the intruders did not use sophisticated exploits; instead they combined a contractor’s legitimate third‑party access, internet reconnaissance tools, and educated guesses of Anthropic’s URL patterns derived from previous models. They also leveraged information from a recent data leak at AI‑startup Mercor. On the release day, the attackers correctly inferred the model’s online location by extrapolating Anthropic’s known URL conventions, demonstrating that a simple "guess‑the‑URL" approach could bypass the initial security layer.

02 Official Response: Admission of Intrusion but Claim Core Systems Remain Intact

Anthropic’s spokesperson confirmed the report, stating that they are investigating a claim of unauthorized access to Claude Mythos Preview via a third‑party supplier environment. The company emphasized that there is no evidence the access extended beyond the supplier environment or impacted Anthropic’s own systems. Critics remain uneasy, noting that a model capable of identifying and exploiting vulnerabilities across major operating systems and browsers has been circulating in private Discord channels for weeks.

03 ShinyHunters’ "Follow‑Up" Claim: Hype or Real Intrusion?

The hacker group ShinyHunters, known for breaching large identity systems and APIs, claimed to have infiltrated internal systems related to Mythos and posted screenshots of a user‑management panel, AI experiment dashboard, and model performance and cost analyses. Security experts point out that ShinyHunters has recently boasted about breaches of Rockstar Games, Amtrak, and Vercel, and that the Mythos incident is being leveraged for malicious marketing on underground forums. The shared dashboard screenshots closely resemble those from the earlier Vercel leak, leading analysts to suspect a supply‑chain attack—perhaps compromising a cloud‑management or audit tool used by Anthropic—rather than a direct penetration of Anthropic’s core infrastructure.

04 Mythos: A Double‑Edged Sword

Mythos is not a dedicated security model but a general‑purpose large language model whose safety capabilities represent a generational leap, driven by advanced logical reasoning and autonomous agent decision‑making. In recent weeks, Mythos reportedly identified thousands of high‑severity vulnerabilities, some hidden for 10‑20 years, including one that lingered for 27 years in the security‑focused OpenBSD operating system.

The UK’s AI Security Institute (AISI) independently tested Mythos in a "Last Survivor" (TLO) scenario that simulated a 32‑step enterprise network penetration. Mythos completed the full attack chain in 3 out of 10 attempts, averaging 22 of the 32 steps per run. AISI concluded that Mythos can autonomously conduct multi‑step attacks against small‑scale, poorly defended enterprise systems once it has initial network access, effectively lowering the barrier for non‑expert attackers to develop exploit code.

Based on this risk assessment, Anthropic placed Mythos in a restricted "Project Glasswing" program, limiting defensive testing to roughly 40 vetted organizations such as Apple, Amazon, and Cisco.

05 Industry Shockwaves: Aftermath of the Security Myth Collapse

Bloomberg reported that Anthropic’s annual revenue has surpassed $30 billion, outpacing OpenAI with a three‑fold growth rate since the end of last year. However, the rapid commercial expansion is now contrasted with evident security gaps. On the day Mythos was limited‑released, U.S. Treasury Secretary Scott Morrison and Federal Reserve Chair Jerome Powell convened a closed‑door meeting with Wall Street executives to discuss the risks posed by Mythos and similar AI models—an escalation typically reserved for systemic financial crises.

Japan’s Finance Minister and Australian central banks have also signaled upcoming discussions with major financial institutions about Mythos’s potential impact. Anthropic has not issued further public statements, but the episode has shattered the perception that a company branding itself around "security" can protect its most dangerous product at the first line of defense.

With Mythos capable of autonomously executing multi‑step network attacks and uncovering zero‑day vulnerabilities that would take human experts months to find, the question remains: who can guarantee that the next person who correctly guesses a URL won’t weaponize the model?