On June 3, an unannounced model identifier, claude-oceanus-v1-p, appeared inside Anthropic's Claude Console. Validated red teamers reported access within hours, per Cybersecurity News. Within the same window, an unidentified actor was reselling API calls through a Chinese-based proxy at $16 per million input tokens. Anthropic paused access for the broader cohort and opened an internal investigation by end of day.

That sequence is the story. The leak path wasn't a model weights exfiltration or a jailbroken endpoint. It was the trust perimeter of the evaluation program itself.

Oceanus-v1-p is almost certainly the Mythos successor Anthropic has been telegraphing since April, when it introduced Claude Mythos Preview through its Frontier Red Team. The Preview writeup is the kind of document that explains why the Console leak matters: Mythos was assessed as capable of identifying and exploiting zero-days across every major operating system and browser, and it surfaced CVE-2026-4747, a 17-year-old remote code execution flaw in FreeBSD's NFS implementation that lets an unauthenticated attacker anywhere on the internet obtain root. Project Glasswing has identified thousands more high- and critical-severity vulnerabilities. Across 198 manually reviewed bug reports, expert contractors agreed with Claude's severity assessment exactly 89% of the time, and landed within one level 98% of the time. The Register, citing Anthropic's own post, put the running total at 530 high-or-critical bugs identified, 75 patched, 65 with public advisories.

This is the model whose successor identifier got resold through a proxy the same afternoon it showed up.

The irony tightens when you set it next to Anthropic's recent posture. In late May the company told The Register it would only release Mythos-class models publicly "once safeguards are in place," with a line that's now doing a great deal of work: "Mythos-level capabilities, and by extension Oceanus-v1-p, will not be cleared for general public release until the company develops highly robust safeguards to prevent misuse." Anthropic has also publicly accused DeepSeek, Moonshot AI, and MiniMax of running roughly 24,000 fake accounts and pushing over 16 million interactions through proxies. The Oceanus reseller surfaced on infrastructure of the same shape.

Meanwhile the commercial perimeter keeps widening. Bloomberg reported on June 2 that Anthropic opened Mythos access to 150 additional organizations across 15 countries, bringing the cohort to roughly 200. TechCrunch named Okta, Samsung, SK Hynix, SK Telecom, NATO, and ENISA among partners across power, water, healthcare, communications, and hardware, sectors where, by Anthropic's own description, a successful attack could affect more than 100 million people.

Anthropic had gestured at general availability "in the coming weeks" alongside Opus 4.8. That window now depends on an investigation into the people the company trusted most.

Sources

https://cybersecuritynews.com/anthropics-claude-oceanus-v1-p/
https://red.anthropic.com/2026/mythos-preview/
https://www.bloomberg.com/news/articles/2026-06-02/anthropic-offers-mythos-model-access-to-150-additional-groups
https://techcrunch.com/2026/06/02/anthropic-scales-claude-mythos-to-critical-infrastructure-in-15-countries/
https://www.theregister.com/security/2026/05/25/anthropic-to-release-mythos-class-models-to-the-public/5245596