Skip to content Home > Data Breaches > ShinyHunters Claims Sale of Anthropic Claude Mythos AI Model Data and Internal Documents ShinyHunters Claims Sale of Anthropic Claude Mythos AI Model Data and Internal Documents m00s3c April 24, 2026 Technology High Severity April 24, 2026 ShinyHunters listing advertising alleged Anthropic “Claude Mythos” AI model data, including internal documents and claimed administrative access. Contact details have been redacted. The threat actor group ShinyHunters is claiming to sell what it describes as internal data tied to an experimental Anthropic AI model referred to as “Claude Mythos,” including thousands of documents, technical specifications, and purported access to restricted systems. The listing, posted April 24, 2026, has not been independently verified, and Anthropic had not issued any public statement at time of publication. Threat actor claims access to internal AI model data and systems According to the listing, the dataset allegedly includes approximately 3,000 internal documents along with technical details related to model architecture, training configurations, and deployment environments. The actor also claims access to administrative panels and monitoring systems tied to the AI platform, suggesting visibility into internal operations. The post describes what it calls a “core control dashboard,” alongside references to superuser-level access and system monitoring interfaces. These claims, if accurate, would indicate exposure beyond static data and into operational systems, though no supporting evidence has been publicly validated. Model specifications raise questions about accuracy of claims ShinyHunters describes the alleged model as having 10 trillion parameters using a mixture-of-experts architecture, with an estimated raw size of approximately 20 terabytes when stored in standard precision formats. While large-scale models using these techniques do exist, the scale and framing of the claims raise questions about their accuracy and whether the data represents a production system, an experimental project, or potentially exaggerated figures. Threat actors frequently inflate technical specifications in sale listings to increase perceived value, particularly in cases involving intellectual property or emerging technologies such as artificial intelligence. Listing includes alleged zero-day and restricted model access The actor further claims that the package includes a zero-day vulnerability and restricted access pathways to the model via vendor systems. No technical details or proof-of-concept information has been provided to substantiate these claims, and it remains unclear whether any vulnerability exists or whether the statement is part of standard extortion or sales language. The listing advertises the dataset for sale in the range of $300,000 to $500,000, positioning it as a high-value asset tied to proprietary AI development. Follows broader ShinyHunters campaign targeting corporate data The alleged sale comes amid a broader wave of activity from ShinyHunters involving multiple organizations across industries. BreachNews recently reported on a series of claimed data releases impacting companies including Zara, 7-Eleven, and Carnival , where the group asserted that datasets were published following failed negotiations. ShinyHunters has historically operated on a data exfiltration and extortion model, often combining breach claims with sale listings or public leaks. A detailed overview of the group’s activity is available in the BreachNews ShinyHunters threat actor profile . AI intellectual property emerges as high-value target If legitimate, the exposure of internal AI model data could carry significant implications beyond traditional data breaches. Proprietary model architectures, training methods, and system designs represent core intellectual property for AI companies and can provide competitive advantages in model performance and deployment. Unlike customer data breaches, incidents involving AI systems may also introduce risks related to model replication, misuse, or unauthorized access to advanced capabilities, depending on the nature of the systems involved. No confirmation from Anthropic as claims remain unverified At this stage, there has been no confirmation from Anthropic regarding the alleged breach or the authenticity of the materials described. As with similar listings, the claims are based solely on threat actor statements without independent verification. Further developments may emerge if the data is publicly released, independently analyzed, or addressed by the organization. Tags: customer-data source-code-leak technology m00s3c Moose (@m00s3c) is the author of BreachNews, focusing on data breach intelligence, dark web monitoring, and threat analysis. His work involves analyzing breach claims, reviewing leaked datasets, and tracking threat actor activity to provide clear, factual reporting. Search & Monitoring Tools Free Data Breach Search Tool Check your email against 12 billion+ leaked records — then set up alerts so you're the first to know if you appear in a new breach. Instant breach lookup Real-time monitoring & alerts 12 billion+ leaked records Check now → Set up monitoring → Powered by BreachNews Trending News ShinyHunters Claims Sale of Anthropic Claude Mythos AI Model Data and Internal Documents April 24, 2026 Vercel Confirms Breach of Internal Systems as ShinyHunters Claims $2M Data Sale April 19, 2026 ShinyHunters Lists New Victims Including Zara, 7-Eleven, and Pitney Bowes in Alleged Data Release April 23, 2026 Handala Claims Persistent 18-Month Access to Israeli Cloud Giant GNS, Alleges 112,000 Machines Backdoored April 16, 2026 Hatica Allegedly Breached by FulcrumSec, 4,700 Slack Workspaces and Enterprise Credentials Exposed April 20, 2026 Fake Ledger Live App on Apple App Store Drains $9.5 Million from 50 Victims in Six Days April 16, 2026 Kraken Refuses Extortion Demand After Cybercriminals Recruited Support Staff to Record Internal Systems April 15, 2026 Basic-Fit Confirms Data Breach Exposing Bank Details of 1 Million Gym Members Across Europe April 14, 2026 Standard Bank and Liberty Confirm Breaches as Threat Actor Claims 1.2TB Data Release April 15, 2026 Bitwarden CLI Compromised in TeamPCP Supply Chain Attack Targeting Developer Secrets April 23, 2026