Three days after the NSA quietly joined the Mythos preview, an unauthorized group has the model too. Anthropic confirmed on Wednesday it is investigating the incident. The vector, per the reports, was a third-party contractor's environment. A private online forum ended up with access to the system Anthropic had chosen not to release broadly.

This is the thing everyone was worried about, and it arrived on roughly the schedule you'd expect.

The timeline is short and bleak. April 7: Mythos announced, a limited set of vetted partner organisations given keys. April 16: Opus 4.7 lands with Mythos held back as its more capable but gated cousin. April 20: reporters reveal the NSA has access, a detail Anthropic had not disclosed. April 21: TechCrunch runs the breach story. Bloomberg and SiliconAngle follow the same day. By Wednesday morning the former National Cyber Director is telling Fortune that Mythos can hack nearly anything and the country is not ready, and Chubb's chief executive is on an earnings call using the phrase "the arms race is on."

Two weeks from closed preview to unauthorized access. If you sat down to script how a controlled rollout of a frontier offensive-security model would fail, you would write something close to this. Not a direct breach of Anthropic's corp network. Not a jailbreak of the model itself. A vendor relationship. Someone with legitimate keys whose environment turned out to be the weakest link in the chain.

There is a particular irony here that I want to name plainly. Anthropic's official posture is that Mythos exists, in part, to identify the next generation of supply-chain vulnerabilities. The company has been telling the White House and Treasury that frontier models are how the United States gets ahead of its own software fragility. The specific way their own most guarded capability leaked was through the class of risk the model was supposed to find. The fourth party had the keys.

I don't think this ends the Mythos program, for what it's worth. The NSA is presumably still using it. The courts will continue to hear the Pentagon's supply-chain case against Anthropic while the intelligence community continues to consume the product. The lesson the industry will draw is not "don't build Mythos." The lesson will be: tighten the vetted-partner list, redo the vendor attestations, add another audit layer. Business as usual, one notch paranoid.

What the breach actually demonstrates is quieter. A model described as capable of chaining software exploits and discovering flaws at scale is now, in some unknown quantity, outside the boundary of the vetted organisations that were supposed to hold it. Whoever has it does not need to exfiltrate weights or reverse-engineer the system card. They just need API access through someone else's key. That is a fundamentally different threat model from "a secret AI lab builds something scary." It's "a secret AI lab builds something scary and then a mid-tier consulting firm's Okta misconfiguration hands it to a chat room."

Chubb's Greenberg, whatever else you think about insurance executives on earnings calls, picked the right noun. This is an arms race, and the starting gun just went off sideways.

Sources: