Anthropic's New Mythos Model Reportedly Accessed By Unauthorized Users
In early April, Anthropic announced its latest Mythos model, saying it would remain exclusive to select tech companies for cybersecurity purposes. Anthropic has now confirmed it's actively investigating an incident where a group claims to have unauthorized access to Mythos.
A Bloomberg report, citing anonymous sources, documentation, and examples of Mythos up and running, alleges that a group of users accessed the Mythos model without Anthropic's authorization.
Mythos is said to be capable of exploiting vulnerabilities in "every major operating system and every major web browser," if the user intends to do so, according to Anthropic.
At launch, Anthropic claimed to have found "thousands of high-severity vulnerabilities" in everyday software. Yesterday, Mozilla claimed to have found 271 vulnerabilities within Firefox through its use of Mythos.
Anthropic previously said it would restrict access to the model to 11 tech companies through its Project Glasswing program. Restricting users means software makers can fix any identified software issues before bad actors gain access to similar AI models.
However, that exclusivity may not have been as strong as first thought, with this group of users who talk in a private Discord group claiming to have had access since day one. If true, they've had access to the software for over two weeks.
The group told Bloomberg that it accessed the tool through a member's third-party contractor status with Anthropic. It also used tools typically employed by cybersecurity researchers, along with knowledge of where Anthropic hosts other models, to better predict where Mythos would sit within its systems.
A spokesperson for Anthropic told Bloomberg, "We're investigating a report claiming unauthorized access to Claude Mythos Preview through one of our third-party vendor environments." It says there's currently no evidence that access went beyond the vendor's own tools.
Speaking with Bloomberg, the group says it's not intending to cause any damage with its access to Mythos. That may not be true for other groups who may be trying to gain access to Mythos themselves.