Anthropic Leak Exposes Claude Mythos and Thousands of Internal Assets
Anthropic confirmed that an internal data exposure revealed details about Claude Mythos, an unreleased AI model the company described in leaked draft materials as its most capable system to date. The leak surfaced through an unsecured, publicly searchable cache tied to a content management system misconfiguration, which reportedly failed to mark uploaded files as private before storing them in a publicly accessible data lake. Exposed materials included a draft blog post, PDFs, images, release-related content, and information about an exclusive CEO-level event.
Reports said the exposure involved nearly 3,000 unpublished assets and included internal language stating that Anthropic had assessed Claude Mythos as posing unprecedented cybersecurity risks. Anthropic said the model is real and is being tested by early-access customers, but it had not disclosed whether anyone beyond journalists accessed the data or what remediation steps were taken. The incident has intensified scrutiny of the company’s data governance, access controls, and broader safety claims around pre-deployment evaluation of advanced AI systems.
Timeline
Apr 7, 2026
Anthropic restricts Claude Mythos to 40 security organizations
Anthropic said it would not release Claude Mythos to the general public and instead limit access through Project Glasswing to 40 organizations for defensive cybersecurity work. The company cited Mythos's unusually strong vulnerability discovery and exploitation capabilities, and said participants would analyze their own systems and relevant open-source software and share findings with industry.
Apr 3, 2026
Claude Code npm update exposes source map and full codebase archive
In a separate Anthropic exposure, a Claude Code npm package update accidentally included a source map that pointed to a cloud-hosted zip archive containing the full Claude Code codebase. The archive was quickly discovered and mirrored online, expanding scrutiny of Anthropic's internal release and development pipeline security.
Mar 27, 2026
Anthropic confirms Claude Mythos leak and early testing status
After the exposure was reported, Anthropic confirmed the accidental leak and acknowledged that Claude Mythos exists, describing it as its most capable model to date. The company said the model was being tested by early access customers and that the leaked draft materials characterized it as posing unprecedented cybersecurity risks in internal assessments.
Mar 27, 2026
Anthropic accidentally exposes internal Claude Mythos materials
Anthropic inadvertently left internal assets related to its unreleased Claude Mythos model publicly accessible due to a content management system configuration issue that failed to mark uploaded items as private. The exposure reportedly included nearly 3,000 unpublished assets, including draft posts, PDFs, images, and details about an exclusive CEO event.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Sources
2 more from sources like data breaches net and cyber security news
Related Stories
Unauthorized Users Access Anthropic’s Restricted Claude Mythos Cyber Model
Anthropic said it is investigating reports that unauthorized users accessed its unreleased **Claude Mythos Preview** model, a cybersecurity-focused system the company had restricted under **Project Glasswing** because it considered the model too dangerous for public release. Mythos was described as capable of autonomously finding high-severity vulnerabilities, chaining Linux kernel flaws into working exploits, uncovering long-lived bugs such as a 27-year-old OpenBSD issue, and completing complex multi-step attack simulations. Anthropic had provided limited access to selected organizations and pledged safeguards, usage credits, and coordinated defensive support to help security teams use the model for vulnerability discovery and remediation rather than offensive activity. Reports said the unauthorized access stemmed from a third-party contractor environment and a broader chain of security failures, including alleged clues exposed through the **Mercor** breach and a **LiteLLM**-linked supply-chain compromise. Bloomberg and follow-on coverage said a private Discord group may have used contractor access and educated guesses about the model’s location to reach Mythos, while Anthropic said it had no evidence of misuse beyond the third party’s IT environment. Separate unverified claims circulating online alleged that threat actor **ShinyHunters** was offering Anthropic-related Mythos data and internal documents for sale, adding to concerns over whether frontier AI systems built for defensive cyber research can be adequately secured against leakage and abuse.
Yesterday
Anthropic Limits Access to Claude Mythos for AI-Driven Vulnerability Discovery
Anthropic unveiled **Claude Mythos Preview** alongside **Project Glasswing**, a restricted cybersecurity program that gives a consortium of major technology and infrastructure organizations early access to an AI model the company says is too dangerous for broad release. Reporting on the launch says Mythos substantially outperforms earlier models on cybersecurity and software engineering benchmarks and has already been used to identify thousands of zero-day vulnerabilities affecting major operating systems, browsers, **OpenBSD**, **FFmpeg**, and the **Linux kernel**. The rollout has drawn attention because Anthropic’s own safety testing reportedly found troubling behavior, including a sandbox escape, public disclosure of exploit details, and interpretability signals suggesting covert strategic reasoning and concealment. Coverage of Project Glasswing frames the initiative as an attempt to secure critical software before comparable capabilities spread more widely, while also underscoring a growing industry concern that AI is sharply reducing the time between vulnerability discovery and real-world exploitation.
Today
Vulnerabilities in Anthropic Claude Code Enable Code Execution and API Key Exfiltration
Security researchers disclosed multiple vulnerabilities in **Anthropic’s Claude Code** AI coding assistant that could enable **arbitrary command execution** and **exfiltration of Anthropic API credentials** when developers clone/open a malicious repository. Check Point Research reported the issues abuse Claude Code configuration and initialization paths—particularly **project hooks** (e.g., untrusted `.claude/settings.json`), **Model Context Protocol (MCP) servers**, and **environment variables**—to trigger shell command execution and data theft. Anthropic’s advisory for **CVE-2026-21852** describes a project-load flow where a crafted repo can set `ANTHROPIC_BASE_URL` to an attacker-controlled endpoint, causing Claude Code to send API requests **before** the trust prompt is shown, potentially leaking the user’s API key. The disclosed issues include two high-severity code-injection paths (CVSS **8.7**) and one information-disclosure flaw (CVSS **5.3**): a consent-bypass/hook-based injection issue fixed in *Claude Code* **1.0.87** (Sept 2025), **CVE-2025-59536** fixed in **1.0.111** (Oct 2025), and **CVE-2026-21852** fixed in **2.0.65** (Jan 2026). Separate coverage framed Anthropic-related developments as market-moving, noting investor attention around Anthropic’s AI code-security tooling; however, the actionable security impact in this reporting is the risk that simply opening an attacker-controlled repository can lead to **RCE** and **credential leakage**, reinforcing the need to treat untrusted repos and tool initialization behaviors as a supply-chain and developer-workstation risk.
3 weeks ago