Anthropic's Claude Oceanus-v1-p AI Model Compromised During Red Team Testing
Anthropic's advanced AI model, Claude Oceanus-v1-p, intended for red team security evaluations, was compromised before its formal rollout, with unauthorized API access being resold on the black market.
Anthropic's latest AI model, codenamed Claude Oceanus-v1-p, has already fallen victim to unauthorized distribution and resale, just as it was beginning its intended red team testing phase. The model identifier first appeared within Anthropic's internal Claude Console and subsequently surfaced on unauthorized API proxy services on June 3, 2026, sparking immediate speculation about a successor to the Claude Mythos line. Researchers and red team evaluators gained access to the new model on the same day, but this controlled evaluation was short-lived.
Within hours of the model's availability to vetted testers, reports emerged that an unidentified actor had begun reselling API access to Claude Oceanus-v1-p. This resale occurred through a Chinese-based proxy service, with prices reportedly reaching a premium of $16 per million input tokens, significantly exceeding Anthropic's standard enterprise pricing. This incident echoes previous accusations against Chinese AI labs for similar proxy abuse, where Anthropic alleged the use of thousands of fake accounts to access its models.
In response to this breach, Anthropic has reportedly paused model access for the broader red team cohort while it conducts an internal investigation into the incident. The resale of API access highlights the persistent challenges in controlling the distribution and preventing the misuse of powerful AI models, even within restricted testing environments.
Claude Oceanus-v1-p is understood to be a direct evolution of the Claude Mythos Preview, which was launched in April 2026. The Mythos model demonstrated a concerning capability for identifying and exploiting zero-day vulnerabilities across major operating systems and web browsers. Anthropic's own Frontier Red Team assessed Mythos as capable of finding such flaws, with partners uncovering over 10,000 high or critical-severity vulnerabilities since the program's inception.
The capabilities of these advanced models are underscored by findings from The Turing Institute, which noted that Mythos's red team achieved a vulnerability recovery rate exceeding 99% in disclosed test cases. This indicates a high degree of effectiveness in identifying exploitable weaknesses.
The Oceanus red team evaluation also follows Anthropic's recent expansion of Project Glasswing, its AI cyberdefense initiative. On June 2, the program was extended to approximately 150 new organizations across more than 15 countries, including critical infrastructure sectors like power, water, healthcare, and communications. This expansion broadens the scope of AI-driven vulnerability research to sectors where successful attacks could have widespread societal impact.
Anthropic has been candid about the risks associated with these advanced AI capabilities, stating that models like Mythos and Oceanus-v1-p will not be cleared for general public release until robust safeguards against misuse are developed. The company acknowledges that such comprehensive safeguards are not yet industry-standard, underscoring the ongoing challenge of balancing AI innovation with security imperatives.