Yesterday, TechCrunch and Bloomberg reported that unauthorized users gained access to Claude Mythos Preview — Anthropic's restricted AI model capable of autonomously discovering zero-day vulnerabilities across every major operating system and web browser. The security community is focused on how the breach happened. That's the right first question. But there's a bigger question nobody is asking: what happens when a powerful AI agent processes input it shouldn't trust? What happened April 7, 2026 — Anthropic announces Claude Mythos Preview and Project Glasswing. Restricted access for Amazon, Apple, JP Morgan, and select security firms for penetration testing. Same day — A group on a private Discord channel, familiar with Anthropic's URL naming conventions, guesses the endpoint location. An individual at a third-party contractor shares API keys and shared accounts provisioned for authorized pen-testing. April 21, 2026 — Bloomberg breaks the story.…