Anthropic's "too dangerous" AI was accessed by guessing the URL

That Linux kernel bug Anthropic highlighted as proof of Mythos's hacking prowess? Researcher Devansh found it was actually discovered by Claude Opus 4.6 -- Anthropic's publicly available model -- not by the restricted Mythos. The find is buried in a 244-page system card that independent researchers have been dissecting since the April 7 announcement, and it's one of several places where the hype doesn't hold up, according to The Register.

Anthropic rolled out Mythos under "Project Glasswing," restricting access to select partners like Google, Cisco, and Microsoft on the grounds it was too dangerous for public release. Unauthorized users got in anyway -- not through any sophisticated attack, but by guessing the URL based on Anthropic's naming patterns for previous models. How did anyone find out? A contractor-placement platform called Mercor got caught up in a supply-chain attack on the LiteLLM proxy, and the resulting breach made the unauthorized access visible.

Mozilla CTO Bobby Holley reviewed those 271 Firefox vulnerabilities Anthropic publicized and said the company "hasn't found any bugs that couldn't have been found by an elite human researcher." Devansh also found that the 181 Firefox exploit tests were conducted without the browser's sandbox protections in place, and the FreeBSD logs show a researcher walking the model through each step rather than the autonomous operation Anthropic described. VulnCheck researcher Patrick Garrity puts the actual verified CVE count at around 40, far from the "thousands" Anthropic claimed.

Snehal Antani, CEO of penetration testing firm Horizon3.ai, said: "it's a nothingburger. The adversary doesn't need Mythos to hack you." Ram Varadarajan of Acalvio said: "The Mythos breach didn't require a sophisticated attack. It just required a contractor, a URL pattern, and a day-one guess."