A third party has reportedly already gained access to Anthropic’s guarded Claude Mythos model.
Claude Mythos is an advanced AI model developed by Anthropic that the company says has a level of coding ability that can “surpass all but the most skilled humans at finding and exploiting software vulnerabilities.” Anthropic has been adamant about keeping Mythos under lock and key because of its purported abilities. Even so, the unauthorized access reportedly occurred in early April, on the same day that Anthropic announced its plans to grant a small group of users a preview version of Mythos for testing. Bloomberg first reported the breach.
“We’re investigating a report claiming unauthorized access to Claude Mythos Preview through one of our third-party vendor environments,” an Anthropic spokesperson said.
According to Bloomberg, several users in a private Discord channel have been regularly using Mythos since Anthropic announced its plan, although they reportedly have not been using it for cybersecurity purposes. The group reportedly accessed the model through an individual who works for a third-party contractor that evaluates Anthropic’s models and software. The group also reportedly used some common cybersecurity research techniques, and leveraged details released in the breach of AI recruiting and training startup Mercor to make some guesses about where the model could be found. The individual told Bloomberg that the group also has access to other unreleased models.
An Anthropic spokesperson noted that there is no indication the unauthorized activity went beyond the third-party vendor or impacted Anthropic systems. Anthropic works with third-parties on model development, which is the avenue of unauthorized access that it is currently investigating.
Anthropic has offered its preview version of Mythos to a limited number of companies, including Apple, Amazon, Cisco, CrowdStrike, Google, JPMorganChase, Microsoft, and Nvidia through an initiative it calls Project Glasswing. Those organizations and some 40 others have clearance to use the model to test and secure their own systems, according to an Anthropic announcement.
The Pentagon ruled Anthropic a supply chain risk to national security in March. Even so, the Department of Treasury has been seeking access to Mythos. And the Commerce Department’s Center for AI Standards and Innovation and the National Security Agency reportedly already have access.
