- Unauthorized users claim to have access to Anthropic’s Claude Mythos
- Users gained access with guesswork and third-party access
- The model is capable of exploiting software vulnerabilities on a large scale
Anthropic’s Mythos model, capable of detecting hundreds of zero-day vulnerabilities in software, was accessed by unauthorized users.
A Bloomberg The report, citing documentation and a person familiar with the matter, claims the model is used regularly by unauthorized users.
Mythos’ capabilities are so dangerous that Anthropic has restricted access to the model to a select handful of companies in order to bolster their defenses under Project Glasswing, which may be starting to show cracks.
Article continues below
Cracks appear in the Glasswing project
Anthropic has already said that The Mythos model is capable of detecting critical vulnerabilities “in every major operating system and every major web browser when requested by a user.”
To put this into perspective, Mozilla CTO Bobby Holley recently revealed that Mythos was able to find 271 vulnerabilities in the latest version of Firefox.
This is why Mythos would be so dangerous in the wrong hands. The software would allow a malicious actor to immediately identify the most vulnerable cracks and exploit them themselves or sell them to other nefarious actors.
Bloomberg says the users belong to a group interested in novel AI models and who have already accessed other novel anthropogenic models.
To access Mythos specifically, users relied on the expertise of an individual authorized to access Anthropic models and software for evaluation purposes on behalf of a third party company.
The group also relied on details of a data breach that affected AI recruiting startup Mercor. The details allowed the group to guess where the model’s online location is, while also using expertise gained from the format of other Anthropic models.
Although the group has apparently stated that it has no interest in using Mythos for malicious purposes – and instead wants to test the model – it has raised serious questions about the security of Mythos.
“We are investigating a report of unauthorized access to Claude Mythos Preview through one of our third-party vendor environments,” an Anthropic spokesperson said in a statement, adding that the company had no evidence that access extended beyond a third-party vendor environment.
Anthropic recently detected exploitative attempts and hidden evaluation awareness in the Mythos model, which it called “strategic manipulation” features.
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.
