Anthropic and OpenAI face security incidents

Anthropic is investigating reports that unauthorized users accessed Claude Mythos Preview, while OpenAI briefly exposed unreleased models in its Codex app days later. (bloomberg.com) (theinformation.com) Bloomberg reported on April 21 that a small group of unauthorized users got into Mythos, Anthropic’s restricted cybersecurity model, through methods that included access tied to a contractor. Anthropic said it was investigating claimed access through “one of our third-party vendor environments.” (bloomberg.com) (techcrunch.com) Anthropic said it had found no evidence that its own systems were affected or that the activity extended beyond the vendor environment. The company introduced Mythos on April 7 and limited access to selected organizations working on critical software and infrastructure. (techcrunch.com) (bnnbloomberg.ca) Mythos is a model built for defensive cybersecurity work: finding software flaws, explaining attack paths, and helping patch systems before criminals exploit them. Anthropic and OpenAI have both argued that tools like that can also be misused if they spread too widely. (bnnbloomberg.ca) (nytimes.com) That is why Anthropic launched Project Glasswing alongside Mythos and kept the model out of broad public release. OpenAI made a similar move on April 14, saying it would share its GPT-5.4-Cyber system only with a limited group of partners. (bnnbloomberg.ca) (nytimes.com) Then came OpenAI’s own exposure. The Information reported on April 23 that OpenAI accidentally made a slate of unreleased models visible in Codex, its coding product, hours after Anthropic said it was probing the Mythos access report. (theinformation.com) OpenAI’s public Codex changelog shows GPT-5.5 became available on April 23, after outside reports said some users had briefly seen additional internal model names in the picker before launch. That sequence turned what looked like rumor into a product-release timeline with a visible slip in the middle. (developers.openai.com) (piunikaweb.com) The two incidents are not the same kind of failure. Anthropic’s case centers on reported unauthorized access through a vendor path, while OpenAI’s centers on accidental exposure of internal model listings inside its own app. (techcrunch.com) (theinformation.com) (developers.openai.com) Security researchers have used the Anthropic episode to point at a familiar weak spot: third parties. Separate April disclosures also raised concerns around Anthropic’s Model Context Protocol, or MCP, which is used to connect AI agents to outside tools and data sources. (cybernews.com) (thehackernews.com) For both companies, the immediate issue is narrower than “AI safety” in the abstract. It is who can see a model, who can call it, which environments are trusted, and how fast a company notices when those controls fail. (crn.com) (forbes.com) Anthropic says its investigation is ongoing, and OpenAI has since formally shipped GPT-5.5 in Codex. The larger test for both companies is whether restricted frontier models stay restricted once vendors, apps, and contractors enter the chain. (techcrunch.com) (developers.openai.com)