- Unauthorized users claim to have access to Anthropic’s Claude Mythos
- Users gained access using guesswork and third-party access
- The model is capable of exploiting software vulnerabilities on a large scale
Anthropic’s Mythos model, which is capable of spotting hundreds of zero-day vulnerabilities in software, has been accessed by unauthorized users.
ONE Bloomberg report, citing documentation and a person familiar with the matter, says the model is being used regularly by unauthorized users.
The Mythos’ capabilities are so dangerous that Anthropic has restricted access to the model to a select handful of companies to harden its defenses as part of Project Glasswing, which may be starting to show cracks.
The article continues below
Cracks appear in Project Glasswing
Anthropic has previously said so The Mythos model is capable of detecting critical vulnerabilities “in all major operating systems and all major web browsers when a user instructs it.”
To put this into perspective, Mozilla CTO Bobby Holley recently revealed that Mythos was able to find 271 vulnerabilities in the latest build of Firefox.
This is why the Mythos would be so dangerous in the wrong hands. The software would enable a threat actor to immediately identify the most vulnerable cracks and either exploit them themselves or sell them to other nefarious actors.
Bloomberg says the users belong to a group with an interest in unreleased AI models that previously gained access to other unreleased anthropic models.
In order to access Mythos in particular, users relied on the expertise of an individual who has been granted access to Anthropic models and software for evaluation purposes on behalf of a third-party company.
The group also relied on details from a data breach that hit AI recruiting startup Mercor. The details allowed the group to guess where the model’s online location was, while also using expertise gathered from the format of other anthropic models.
While the group has apparently said it has no interest in using Mythos for malicious purposes — and is instead interested purely in testing the model — it has raised serious questions about Mythos’ security.
“We are investigating a report alleging unauthorized access to Claude Mythos Preview through one of our third-party vendor environments,” an Anthropic spokesperson said in a statement, adding that the company has no evidence that the access extended beyond a third-party vendor’s environment.
Anthropic recently discovered exploit attempts and hidden evaluation awareness within the Mythos model, which it called “strategic manipulation” features.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.
