Anthropic has spent months telling the world that Claude Mythos Preview is too dangerous for broad release. The model can find zero-day vulnerabilities across major operating systems. Its red team says non-experts can request exploit searches overnight and wake up to working results. The White House blocked its expansion to 120 organizations. The Pentagon called it a "separate national security moment."

And a group of people on Discord got into it through a vendor.

What Happened

Bloomberg reported on April 21 that a small group of unauthorized users gained access to Mythos Preview through a third-party vendor environment. The group, described as members of a Discord community looking for unreleased AI models, were not malicious. They were curious. They found a way in, and then they used the model regularly.

Anthropic confirmed it is investigating "unauthorised access to Claude Mythos Preview" and says there is no evidence its own systems were compromised. The access route ran through a third-party vendor, not Anthropic's infrastructure directly.

The Supply Chain Problem

This is a supply chain security story at its core. Mythos Preview is being tested under Project Glasswing, Anthropic's initiative that includes heavyweights like AWS, Apple, Microsoft, and Nvidia. Anthropic has committed up to $100 million in usage credits for the preview and $4 million in donations to open-source security organizations. The model has found thousands of high-severity vulnerabilities across major operating systems and web browsers.

But the access controls around this extraordinarily capable model apparently had a gap: the vendor layer. When you distribute a model to partners through third-party vendor environments, every vendor becomes a potential entry point. Anthropic can lock down its own infrastructure perfectly and still lose control through someone else's.

Why This Hits Different

If this were any other AI model, unauthorized access would be a boring compliance story. But Mythos is the model that Anthropic explicitly says "poses unprecedented cybersecurity risks." This is the model the White House personally intervened to restrict. The Pentagon's CTO called it a "separate national security moment." CISA is reportedly considering slashing government patching deadlines from three weeks to three days specifically because models like Mythos exist.

And a Discord group found a way in through a vendor.

The group was described as non-malicious. Curiosity-driven. They wanted to play with a model they could not officially access. But the uncomfortable question is: if curious hobbyists found a vendor-layer gap, what happens when someone with actual intent goes looking? Anthropic built Project Glasswing specifically to control access to a model it considers dangerous. The third-party vector is the one they apparently did not fully lock down.

What to Watch

Three things. First, the investigation results. Anthropic says its own systems were not impacted, but the details of how the vendor access was exploited will determine whether this was a configuration error, a credential leak, or something structural about how Glasswing distributes preview access. Second, the impact on Anthropic's October IPO timeline. A safety-first company losing control of its most dangerous model through a vendor is exactly the kind of disclosure that complicates an S-1 filing. Third, the policy response. The White House already restricted Mythos access to around 40 organizations. Unauthorized access through a vendor will either accelerate those restrictions or force Anthropic to fundamentally redesign how it distributes frontier models.

Anthropic has positioned itself as the company that takes AI safety more seriously than anyone. When your most dangerous model leaks through a vendor, that positioning gets tested in a way no whitepaper can prepare you for.

First reported by Bloomberg.