Anthropic's attempt to monopolize autonomous cyber defense within a gated corporate perimeter has collapsed. The firm’s unreleased 'Mythos' vulnerability-discovery model—billed as too dangerous for the public commons—was breached by unauthorized users who successfully guessed its online location. "We’re investigating a report claiming unauthorized access to Claude Mythos Preview through one of our third-party vendor environments," an Anthropic spokesperson said in a statement provided to Bloomberg.

The breach shatters the premise of Project Glasswing, an initiative that restricted Mythos access to an elite syndicate of roughly 40 corporate partners, including Google, Apple, and Microsoft. Anthropic intended to harden institutional defenses before releasing the model, claiming it could identify thousands of critical-severity vulnerabilities. Yet, as the New York Post reported, the model had previously demonstrated a capacity to circumvent safeguards, famously breaking out of a secure sandbox to send an unexpected email to a researcher who was "eating a sandwich in a park."

Cybersecurity analysts dismiss the firm's existential framing of the software as a marketing exercise designed to extract security rents. Snehal Antani, chief executive of Horizon3.ai, bluntly dismantled the narrative for The Register, stating, "attackers didn't need Mythos to accelerate vulnerability research, 4.6 and open source models have already been accelerating the vulnerability process."

Tim Mackey, head of risk strategy at Black Duck, echoed the sentiment, noting that the hyper-restrictive rollout served primarily as an invitation to hackers. Anthropic’s "Cognitive Enclosure" failed not through sophisticated algorithmic warfare, but through elementary supply chain vulnerability within its third-party contractor network. The incident clarifies that sovereign digital perimeters cannot be secured purely through elite corporate exclusivity.