Full Report
And that unauthorized access? 'A nothing burger,' hacking startup CEO tells El Reg Anthropic's Mythos model is purportedly so good at finding vulnerabilities that the Claude-maker is afraid to make it available to the general public for fear that criminals will take advantage. But early analysis shows that Mythos may not be as dangerous as some would have you believe.…
Analysis Summary
# Vulnerability: Unauthorized Access to Anthropic Claude Mythos Preview
## CVE Details
- **CVE ID**: Not Assigned (Third-party environment configuration issue)
- **CVSS Score**: N/A (The "breach" involves unauthorized access to a proprietary AI model rather than a software vulnerability in a traditional product)
- **CWE**: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor; CWE-1333 (Information Exposure via URL Pattern Prediction)
## Affected Systems
- **Products**: Anthropic Claude Mythos Preview (part of Project Glasswing)
- **Versions**: Preview/Pre-release versions
- **Configurations**: Model deployment via specific third-party vendor environments (reportedly linked to Mercor) using predictable URL patterns.
## Vulnerability Description
Unauthorized users gained access to Anthropic’s "Mythos" bug-hunting model not through a technical exploit of the model itself, but through a failure in supply-chain security and "security by obscurity." Unauthorized parties made "educated guesses" regarding the model's online location (URL) based on existing Anthropic model naming conventions. This was exacerbated by a supply-chain incident involving LiteLLM that affected Mercor, a third-party vendor used by Anthropic for model development and contractor management.
## Exploitation
- **Status**: Confirmed unauthorized access (reported "handful" of users in a private Discord channel); no evidence of exploitation in the wild for malicious purposes.
- **Complexity**: Low (Required "educated guesses" and knowledge of URL patterns).
- **Attack Vector**: Network (Cloud-based API/Environment).
## Impact
- **Confidentiality**: High (Unauthorized access to proprietary, pre-release AI intellectual property).
- **Integrity**: Low (No evidence of model tampering or unauthorized system changes).
- **Availability**: Low (No service disruption reported).
## Remediation
### Patches
- **Anthropic Response**: Anthropic is currently investigating the third-party environment and has restricted access.
- **Vendor Hardening**: Strengthening of API gateway controls and model endpoint obfuscation.
### Workarounds
- **De-coupling**: Better isolation of contractor environments from production model weights.
- **Access Control**: Implement robust authentication for all pre-release model endpoints rather than relying on hidden URLs.
## Detection
- **Indicators of Compromise**: API requests originating from unauthorized IP addresses or non-Glasswing partner accounts for Mythos-specific endpoints.
- **Detection methods**: Log analysis of third-party vendor environments for anomalous traffic patterns or "URL fuzzing" behavior targeting model endpoints.
## References
- Anthropic Official Statement (via The Register): hxxps[://]www[.]theregister[.]com/2026/04/22/anthropic_mythos_nothingburger/
- Bloomberg Original Report: hxxps[://]www[.]bloomberg[.]com/news/articles/2026-04-21/anthropic-s-mythos-model-is-being-accessed-by-unauthorized-users
- Related FreeBSD Security Advisory: hxxps[://]www[.]freebsd[.]org/security/advisories/FreeBSD-SA-26:08.rpcsec_gss.asc