Anthropic's Unreleased 'Claude Oceanus' Reportedly Leaked Through a Chinese Proxy Hours After Reaching Red Teamers

On June 3, a new model identifier — claude-oceanus-v1-p — surfaced inside Anthropic's Claude Console and was, according to multiple reports, handed to vetted red-team evaluators the same day. Within hours, researchers say, an unidentified actor resold API access to the unreleased model through a Chinese-based proxy service, putting outputs from a system Anthropic has not announced into the hands of people far outside its testing program. Anthropic has not publicly confirmed any of this, and much of what is circulating remains unverified — but the sightings are consistent enough across trackers to be worth taking seriously.

The naming is the tell. Oceanus appears to be the next step in Anthropic's Mythos line, building on the Claude Mythos Preview that launched in April 2026 and has since been distributed under the company's Project Glasswing cybersecurity program. The "-v1-p" suffix reads as a preview candidate moving through evaluation rather than a finished release, and early descriptions frame Oceanus as tuned for advanced reasoning, coding, cybersecurity and long-horizon agentic work rather than everyday chat — the same capability profile that has made Mythos both valuable and tightly controlled.

That control is precisely why a leak matters here. Anthropic has repeatedly said Mythos-class capabilities will not be cleared for general public release until it builds "highly robust safeguards to prevent misuse," and has kept the models inside a small circle of governments, banks and security partners. Red-team access typically precedes a wider rollout by only a week or two, and outlets including TestingCatalog read the Oceanus sighting as a sign that a broader launch could be just weeks away. A model built partly to find and exploit software vulnerabilities is not one a safety-focused lab wants leaking out the side door before those safeguards are in place.

The specifics being passed around should be treated as rumor, not record. Social-media posts cited by Cyber Security News claim the reseller priced the proxy at roughly $16 per million input tokens and $80 per million output tokens, with some forum chatter describing a million-token context window — figures no one has independently verified. In response to the resale, Anthropic reportedly paused access for the broader red-team cohort while it investigated. It is also worth separating this episode from the unrelated leak of Claude Code's source that set Chinese developer forums buzzing the same week; the two stories share a country and a company but not a cause.

The episode previews a problem the whole frontier is about to share: the most capable models now reach outside testers before they reach the public, and that testing surface is exactly where they leak. Anthropic has spent 2026 accusing Chinese labs of running millions of interactions through fake accounts and proxy services — so an Oceanus resold through a Chinese proxy, if the reports hold up, lands as a pointed reminder that withholding a model from the public is not the same as keeping it contained. For now, "Claude Oceanus" is best read as a credible leak about the next Mythos model, not a confirmed product.