Anthropic is investigating potential “unauthorized access” to its Claude Mythos model that has been touted for its ability to find cybersecurity flaws, the company told Bloomberg. A group gained access to the model through a third-party contractor portal and by using internet sleuthing tools, according to the report. However, the group is only interested in trying the models and not using them maliciously, according to a person familiar with the matter.
“We’re investigating a report claiming unauthorized access to Claude Mythos Previous through one of our third-party vendor environments,” Anthropic said in a statement.
The Claude Mythos Preview arrived earlier this month as part of “Project Glasswing” with significant fanfare. Anthropic limited the preview release to a small number of trusted test companies including Amazon, Microsoft, Apple and Cisco. Another was Mozilla, which said the model helped it find and patch 271 Firefox vulnerabilities. A growing number of banks and government agencies have been seeking access as well in order to safeguard their own systems.
Advertisement
Advertisement
However, several unauthorized users (who reportedly have a private chat on Discord), supposedly gained access to Mythos through a developer portal and by making an educated guess as to where the model might be located. That same group may also have access to other unreleased Anthropic models, according to the report.
The new Mythos model has gained notoriety of late for its supposed ability to sniff out security flaws in operating systems and internet browsers. This has prompted some skepticism among security researchers but also fear that AI-generated cyber attacks could become a “real threat,” CTO of cloud security firm Edera Alex Zenla recently told Wired. Anthropic was recently designated as a “supply chain risk” by the US Department of Defense, but has been in talks with the Trump administration of late to have that label removed.
