Executive Summary: How Threat Actors Are Exploiting the Claude Brand
Date: May 2026
Source: PreCrime™ Labs
In the six weeks following Anthropic’s Mythos announcement, BforeAI’s PreCrime™ Labs identified 3,188 domains built to exploit the Claude and Mythos brands. These weren’t simple typosquat pages – they were enterprise-style platforms impersonating AI security scanners, developer tools, vulnerability assessment services, and account marketplaces. Their targets: developers, security teams, and organizations curious enough about Mythos to hand over API tokens, infrastructure data, or payment credentials without realizing the platform wasn’t legitimate.
This series of threats are coming after Anthropic’s recent announcement of Mythos, and its shareability to a limited set of vendors to find vulnerabilities.
The observed dataset resembles active instances of emerging AI narratives by creating convincing enterprise-style platforms designed to attract developers, startups, researchers, and organizations wanting to experiment with Anthropic’s recent technologies. Several observed domains impersonated AI security scanners, AI-defense platforms, developer optimization services, and account marketplaces while encouraging users to submit infrastructure details, authentication data, API tokens, or payment information under the assumption that they were interacting with legitimate Anthropic or Claude-related ecosystems.
The researchers also observed a security‑themed terminology across a wide variety of novelty TLDs, registrars, concentration with mass‑market registrars, and frequent WHOIS redaction. Majority of these domains were found to be short-lived or stockpiled for future attack, wherein the malicious domains would age enough to rank organically on search engines.
PreCrime™ Preemptive Cybersecurity
Get complimentary access to the Gartner report, Emerging Tech: Top Solution Capabilities in Preemptive Cybersecurity
How Attackers Are Naming Fake Claude and Mythos Domains
Total domains observed: 3188
Timeframe: Apr 1, 2026 to May 15, 2026
Across the research, domain names fall into several distinct categories:
Pure “mythos” branding (approximately 500 domains)
Names such as mythosaiapp, mythosaiagents, mythosbench, mythosreport, mythosagent, mythosproxy, mythosrouter, and mythosauth clearly evoke AI agents, evaluation tools, dashboards, and infrastructure components. These strings are tailor-made for “AI security copilot” or “agent framework” narratives that would appeal to developers and security teams.
Claude‑mythos hybrids (Approximately 96 domains)
Domains like claudemythospreview, claudemythoscode, freeclaudemythos, and regional variants on “.asia” or “.ru” explicitly bind Claude to a “Mythos” feature, preview program, or free tier. This directly sets the stage for fake early‑access programs, cracked clients, or “Pro unlocks” tied to a specific product story.
Claude‑only strings (Approximately 2300 domains)
Names such as 10xclaude, 1claude, 2claude, and mash‑ups like 23andclaude leverage the Claude brand without mythos, suitable for phishing around “Claude Pro”, “10x Claude productivity hacks”, or hybrid scams built on other recognizable brands.
Security‑themed mythos names
A significant subset uses explicit security language: mythoscyber, mythosprotect, mythosprotector, mythosbreach, mythosforensics, mythosvulnerabilityscanner, mythosidentity, mythosdefence.
An interesting thing to note here is that these security-themed domains could plausibly be a genuine entity but they also form excellent covers for phishing security practitioners or shipping malicious “security scanners”. The suspicions arise given the registration timings align right during Anthropic’s announcement, along with the high-level AI-themed content hosted on the website, the infrastructure could easily be perceived as legitimately associated with Anthropic.
Top-Level Domain (TLD) Strategy
The campaign spans both high‑trust and high‑abuse namespaces:
Conventional and commercial TLDs:
“.com”, “.net”, “.org”, “.io”, “.cc”, plus various ccTLDs (“.de”, “.fr”, “.be”, “.ar”, “.ru”, “.tokyo”). These TLDs tend to look credible to users and are natural homes for long‑lived “hub” domains.
AI‑ and app‑aligned TLDs:
“.ai”, “.app”, “.cloud”, “.tech”, “.digital”, “.space”, “.guide”, “.ninja”, “.energy”, “.life”. These fit the AI tooling narrative and may pass casual scrutiny in technical communities.
Cheap/abuse‑prone or novelty TLDs:
“.xyz”, “.top”, “.click”, “.vip”, “.live”, “.shop”, “.world”, “.fun”, “.monster”, “.bond”, “.wang”, “.cfd”, “.icu”, “.green”. These are low‑cost and easy to churn, and we see them used disproportionately for Claude‑mythos pairings (e.g., claudemythos[.]icu, claudemythos[.]space, freeclaudemythos[.]cfd).
Registrar and Hosting Characteristics
Our findings show clustering at a small group of mass‑market registrars that offer low‑cost registrations, bulk tooling, and rapid provisioning. There exists a notable large volume of Claude‑prefixed domains registered with mainstream consumer registrars, often with default DNS and privacy settings. Mythos‑branded domains spread across multiple registrars but skewed toward providers known for budget pricing and hands‑off WHOIS privacy.
Registration dates cluster tightly around recent months, coinciding with intense LLM/AI media cycles and vendor announcements. Instead of a slow, organic trickle, we see bursts of Claude and mythos registrations, including waves of “claude*”, “*claude*”, and “mythos” domains over short intervals.
This behavior is a classic signal where threat actors are monitoring news in anticipation of future value, whether for resale, phishing, or malware.
How Fake Mythos Security Platforms Target Cybersecurity Teams
The surge and hype around Anthropic’s products surged drastically after their announcement, leading to threat actors making AI-based offerings in cybersecurity on of the honeypots to attract victims. For example, the observed domain, “mythos-ai[.]net,” appears to impersonate a highly advanced AI-powered cybersecurity research platform branded as “Mythos by Anthropic.” The infrastructure heavily leverages Anthropic-related terminology, futuristic AI-defense narratives, and enterprise-style branding to create the appearance of a next-generation cybersecurity intelligence platform.
A series of observed domains from the dataset demonstrates several characteristics commonly associated with AI-themed impersonation and trust-abuse campaigns:
Unauthorized association with Anthropic and Claude branding.
Use of futuristic “preview access” and exclusive research language.
Enterprise SaaS-style interface mimicking legitimate AI startups.
Security and intelligence terminology intended to attract technically sophisticated users, especially from cybersecurity.
“Request Access” workflow potentially designed for lead collection, credential harvesting, or gated malware delivery.
Potential objectives behind the operation may include credential harvesting, collection of corporate or developer identities, malicious distribution of trojanized AI-security tooling, unauthorized API token acquisition, or reconnaissance targeting organizations interested in frontier AI adoption. The campaign reflects a growing trend where threat actors increasingly exploit AI hype and cybersecurity branding to create pseudo-legitimate platforms capable of enabling long-term trust abuse, follow-on phishing operations, and broader enterprise targeting.
The Real Risk: Voluntary Exposure of Sensitive Infrastructure Data
Several observed domains within the dataset, including “mythosvulnerabilityscanner[.]com” and “mythoscybersecurity[.]com,” attempt to impersonate AI-powered cybersecurity and vulnerability assessment platforms. The websites exclusively mention infrastructure capabilities such as AI-driven vulnerability discovery, security reasoning, and advanced threat analysis while emphasizing “early access,” “founding member” programs, and enterprise-style onboarding experiences to establish legitimacy among developers, startups, researchers, and security teams exploring Mythos tooling.
The primary risk associated with these operations is not traditional phishing alone, but the voluntary exposure of sensitive organizational intelligence. Under the pretext of delivering AI-powered security assessments or vulnerability scanning, organizations may unknowingly submit internal application data such as URLs, APIs, repositories, authentication workflows, cloud configurations, exposed endpoints, vulnerability reports, or broader infrastructure details directly into attacker-controlled environments.
This provides adversaries with high-level overview and contextual visibility into the victim;s technology stack, security posture, and operational architecture without requiring active intrusion, added efforts, or noisy reconnaissance. By exploiting curiosity around Mythos tooling and free-access experimentation, threat actors can significantly reduce the barrier towards victim’s resistance, enabling more tailored campaigns or supply-chain compromise attempts.
PreCrime™ Predicts
The activity reflects an emerging evolution in AI-themed abuse where attackers increasingly weaponize trust in AI-security platforms to acquire reconnaissance-level intelligence directly from victims themselves while maintaining the appearance of legitimate cybersecurity engagement.
Tradecraft Domains: When Fake AI Startups Look Legitimate
Certain domains masquerading as legitimate services were registered around the same timeframe as Anthropic’s announcement, raising suspicion regarding the intent behind the infrastructure and its potential association with an opportunistic abuse activity. The domain notably combines high-trust themes such as “AI,” “Defense,” and “Security” terminology to likely be associated with modern cybersecurity vendors, military-adjacent AI tooling, and enterprise threat detection platforms.
This can potentially lead to fake AI and defense vendor impersonation, designed to imitate an emerging AI-defense startup to attract organizations, investors, researchers, or government-related users. Another threat use case can be collection of corporate emails, phone numbers, organizational interests, or security-related inquiries from visitors through the chat widget.
Other Active Campaigns: Fake Downloads, Gambling Sites, and Account Markets
Fake Claude Pro Downloads
Several domains leveraged the growing popularity of Anthropic’s Claude ecosystem, by creating landing pages that markets itself as “Claude-Pro”, a premium relay optimization layer, preferably to provide stability for developers using Claude-Code CLI environments through improved latency, throughput, and connection. Other observations include fake dashboards and consoles branded as “Claude Pro”, “Claude Research Workspace”, or “Claude Mythos Agents”, asking users to log in with existing credentials or connect via OAuth.
Another noteworthy threat observation includes deploying malicious installers claiming to be “Claude Desktop”, “Claude Mythos CLI”, “Claude Browser Extension”, or “Claude Security Agent”, which in practice deliver infostealers or RATs (Remote Access Trojans). Such domains can promote subscriptions through highly polished payment pages that with realistic vendor billing flows but collect card details directly or redirect to shady payment processors.
Poker and Casino
Certain domains used the “Mythos” keyword to promote a potentially malicious gambling and digital marketplace ecosystem. They referenced invoices, top-up balances, transaction histories, and account management workflows all commonly abused in fraudulent gaming ecosystems.
The infrastructure may support several malicious objectives, including credential harvesting, fake gaming-currency top-ups, fraudulent reseller operations, payment theft, piracy, trojanized downloads, and account takeover activity.
Fake AI platforms:
The observed domain, “anthropicclaude[.]pw,” appears to impersonate Anthropic through direct brand abuse by using visuals commonly associated with legitimate AI companies, and heavy reliance on phrases such as “Building AI You Can Trust” and “AI Safety & Research” to establish credibility as an authoritative AI research platform.
This serves multiple malicious objectives including credential harvesting, collection of corporate inquiries through “Get in Touch” workflows, fake partnership or onboarding schemes, malicious software distribution, or reconnaissance targeting users interested in AI research ecosystems.
Narrative Setting and Negative Influencing:
The observed domain, “bannedbyanthropic[.]com,” presents itself as a community-driven archive tracking bans, restrictions, and access-loss incidents allegedly linked to Anthropic services. A clean investigative-style interface resembling transparency portals or whistleblower databases, using searchable case records and contributor references to set a negative narrative towards the upcoming launches.
Such sites can attract developers, researchers, and users affected by Claude-related moderation actions or account suspensions. By framing itself around “public records” and documented enforcement cases, the domain drives curiosity, frustration, and controversy surrounding Anthropic and drives engagement.
Such infrastructure could be used for identity collection, submission harvesting, unofficial appeal scams, dissemination of modified access tools, or broader social engineering campaigns targeting disgruntled users seeking restored access to AI services.
Free Account Access likely sourced from Scam Markets:
Several websites supported a commercialized underground ecosystem focused on the sale, resale, and distribution of unauthorized Claude and ChatGPT-related accounts, subscriptions, and verification services. Domains such as “claudekyc[.]shop” and “claudecode-buy[.]com” openly advertise AI platform accounts, subscription tiers, bulk access offerings, and reseller-style pricing models while integrating Telegram-based after-sales communication channels and marketplace-oriented purchasing workflows.
Rather than impersonating Anthropic through fake corporate branding alone, these operations function more like gray-market or illicit-access storefronts targeting users seeking bypasses for regional restrictions, KYC requirements, subscription costs, or access limitations associated with premium AI services. The infrastructure heavily promotes “verified” Claude accounts, wholesale access, account stocking systems, and long-term subscription packages, indicating an organized monetization activity potentially involving compromised accounts, fraudulent registrations, automated account farming, or abuse of payment and identity verification processes.
This category of threat presents multiple risks including credential theft, resale of compromised AI accounts, payment fraud, abuse of stolen identities for KYC verification, distribution of unauthorized API access, and enabling downstream malicious activity through anonymous AI usage. The use of Telegram support channels, reseller recruitment, and subscription-commerce interfaces demonstrates how threat actors are increasingly building scalable black-market ecosystems around high-demand AI platforms into a monetized underground commodity.
AI Monetization Scams: 'Earn With Claude' and Similar Schemes
The domain “earnwithclaude[.]com” appears to leverage Claude-related branding alongside “make money online” style messaging to attract users interested in monetization opportunities, affiliate-style income, or AI-driven side hustles. The website was under construction while writing this report, however, it used the “Launching Soon” teaser and generic business imagery to build curiosity and early trust among financially motivated audiences.
The operation may function as a lead-generation funnel, fake AI-business opportunity platform, initial high-investment driven frauds or future onboarding portal designed to collect user information, promote questionable monetization schemes, or redirect users toward subscription scams and referral abuse ecosystems.
By combining AI hype with income-generation narratives, the campaign targets users seeking quick financial opportunities tied to emerging AI platforms and automation trends.
PreCrime™ Predicts
This reflects a growing category of AI-themed social engineering where attackers exploit public excitement around AI monetization, passive income, and digital entrepreneurship rather than relying purely on fear-based phishing or technical deception.
Impact of Anthropic Mythos Phishing Domains
One of the most critical concerns is the possibility of organizations voluntarily exposing sensitive internal information under the belief that they are interacting with trusted AI-security services powered by Anthropic or “Claude Mythos.”
The campaigns present additional risks including credential harvesting, unauthorized API token collection, payment fraud, and the creation of scalable underground ecosystems for monetizing compromised accounts and AI access. Malware is also distributed through ‘free or cracked tools’ such as browser extensions or CLIs. Furthermore, these activities pose reputational and operational risks for AI companies like Anthropic due to brand abuse across unofficial ecosystems.
Threat Mitigation Strategies
Finetuning detections
Defenders can convert these findings into concrete heuristics where flagging domains with keywords “claude” or “anthropic” appears in the label, especially when paired with:
- Novelty TLDs (“.cfd”, “.icu”, “.xyz”, “.top”, “.click”, “.space”, “.green”, “.monster”).
- Productive keywords: “pro”, “key”, “unlock”, “free”, “agent”, “proxy”, “router”, “bench”, “auth”, “identity”, “security”, “scanner”.
Additionally, tracking mythos combined with AI or security nouns, with extra scrutiny for “.com”, “.io”, “.ai”, “.app”, “.cloud”, and “.tech”, which have higher user trust. Registrars can be encouraged to apply brand‑pattern risk scoring for new registrations that include “claude”, “anthropic”, or suspicious “mythos+security” combinations, particularly on cheap TLDs and with high‑risk customers.
Particularly with registrars, engaging in an optional manual review for domains that look like full product names (e.g., “mythosidentity”, “mythosauth”, “claudemythospreview”) to reduce the likelihood of obvious impersonation going unchallenged.
User and Organizational Suggestions
Organizations should treat unofficial AI-security platforms, “early access” vulnerability scanners, AI-defense services, and Claude-related tooling with the same scrutiny until official announcements of associations are established. Any platform requesting infrastructure details, repositories, APIs, authentication mechanisms, or data should undergo strict vendor validation and reputation assessment before engagement.
Establish policies restricting submission to unverified AI-driven assessment platforms: This also includes unofficial “AI cybersecurity” services. Organizations should also monitor for brand impersonation involving “Anthropic”, “Claude”, or “Mythos” related terminology across newly registered domains, Telegram-linked marketplaces, and tradecraft businesses using the same keywords.
Monitor for brand impersonation across newly registered domains and Telegram-linked marketplaces: Detection efforts should focus on indicators such as “Claude verified accounts,” AI subscription resale ecosystems, “powered by Mythos” branding, suspicious “security scanner” claims, and AI monetization narratives targeting developers or startups.
Centralize AI agent tooling choices and whitelist known-good domains: Organizations experimenting with AI agents to centralize their tooling choices, and to whitelist known‑good domains while monitoring for outbound traffic to newly registered Claude or Mythos hosts.
Treat any “Claude-” or “Mythos-” branded domain outside known vendor namespaces as untrusted by default: User awareness initiatives should emphasize that modern AI-themed threats increasingly replicate legitimate startups, SaaS platforms, research initiatives, or cybersecurity vendors capable of sustaining long-term trust abuse and collecting highly contextual organizational intelligence. Users should exercise caution and treat any “Claude‑” or “Mythos‑” branded domain outside known vendor namespaces as untrusted by default, especially when prompted for credentials, API keys, or downloads.
Conclusion
The emergence of Mythos and Anthropic-themed abuse infrastructure demonstrates how rapidly threat actors adapt to major AI narratives and product discussions within the cybersecurity ecosystem. Rather than merely impersonating login pages, attackers are now constructing full-scale pseudo-enterprise platforms, AI-security startups, vulnerability scanners, monetization portals, and underground AI marketplaces designed to appear operationally legitimate to technically mature audiences.
These campaigns represent a shift toward intelligence-driven social engineering where attackers exploit curiosity, experimentation, and early-access culture. In several observed cases, organizations themselves may unknowingly assist attackers by voluntarily providing infrastructure visibility, authentication flows, or operational context while seeking AI-powered security capabilities.
The findings reinforce the importance of validating AI-security vendors, monitoring AI-themed brand abuse, and treating emerging AI ecosystems as high-interest attack surfaces for both opportunistic and organized threat actors.
The recent announcement is a classic example of an emerging AI‑brand attack surface leading to a variety of naming combinations, cheap and reputable TLD mix, mass‑market registrars, and a fast-growing campaign targeting key and associated assets.
BforeAI’s prediction suggests AI-related trust abuse is likely to evolve into a persistent threat category spanning phishing, infrastructure reconnaissance, credential theft, underground account economies, and supply-chain-style targeting.
FAQs
What is the Anthropic Mythos phishing campaign?
A coordinated wave of domain registrations that impersonate Anthropic’s Mythos product to lure developers and security teams into fake AI platforms, vulnerability scanners, and credential-harvesting portals.
How many fake Claude and Mythos domains were found?
BforeAI identified 3,188 abusive domains registered between April 1 and May 15, 2026, clustering tightly around Anthropic’s Mythos announcement.
What do fake Mythos cybersecurity platforms actually do?
They present as AI-powered vulnerability scanners or security copilots, then collect internal infrastructure data – URLs, APIs, repositories, authentication flows – without any active intrusion required.
How can organizations identify fake Claude or Mythos domains?
Flag domains combining “claude” or “mythos” with novelty TLDs (.icu, .cfd, .xyz) and keywords like “pro,” “scanner,” “auth,” or “unlock.” Treat any platform outside known Anthropic namespaces as untrusted by default.
Are these threats limited to phishing?
No. The campaign spans credential harvesting, malware delivery via fake CLI tools, underground account resale, payment fraud, and social engineering through fake “earning opportunity” or whistleblower-style sites.
What is an AI brand attack surface?
It refers to the set of domains, platforms, and personas that impersonate a legitimate AI vendor – in this case Anthropic – to deceive developers, researchers, and organizations into exposing sensitive data or downloading malicious tooling.
