Anthropic Mythos AI under scrutiny after vendor-linked access breach

Anthropic says it is investigating an alleged unauthorized access to its controlled-release cybersecurity model **Mythos AI** (Claude Mythos Preview). Reports indicate the attacker reached the preview environment through a third-party vendor setup, not by directly compromising Anthropic’s core systems. The exposure reportedly occurred around the time Anthropic rolled out Mythos AI under **Project Glasswing**. Anthropic stated its internal investigation found no evidence that its main Anthropic systems were impacted, and that the access appeared limited to the preview accessed via vendor channels. The later reporting adds more context: Mythos AI is positioned as an offensive/defensive tool that can autonomously find vulnerabilities and execute complex exploits. External evaluators such as METR and the UK AI Security Institute reportedly found its performance exceeded or saturated existing cyber benchmarks. To manage dual-use and deployment risk, Anthropic limited access to about 40–50 vetted organizations under Project Glasswing. Even with controls, the program reportedly faced a breach in the April 21–22 window, shifting focus to supply-chain and third-party access controls. Anthropic also disclosed security funding commitments: up to **$100 million** in usage credits and **$4 million** in direct open-source security donations. Crypto-trader takeaway: this incident is less about a specific token and more about operational security risk. For crypto infrastructure, “security” increasingly extends beyond smart-contract audits to key management, oracle systems, and vendor/supply-chain monitoring—because failures in **Mythos AI**-type deployments can quickly erode enterprise trust and readiness to adopt AI tooling.