- Unauthorized users claim to have access to Anthropic’s Claude Mythos
- Users gained access with guesswork and third-party access.
- The model is capable of exploiting software vulnerabilities at scale.
Unauthorized users have accessed Anthropic’s Mythos model, which is capable of detecting hundreds of zero-day vulnerabilities in software.
TO Bloomberg The report, citing documentation and a person familiar with the matter, says the model is regularly being used by unauthorized users.
Mythos’ capabilities are so dangerous that Anthropic has restricted access to the model to a select handful of companies to bolster their defenses as part of Project Glasswing, which may be starting to show cracks.
Article continues below.
Cracks Showing in Project Glasswing
Anthropic has previously said that The Mythos model is capable of detecting critical vulnerabilities “in all major operating systems and in all major web browsers when indicated by a user.”
To put this into perspective, Mozilla CTO Bobby Holley recently revealed that Mythos was able to find 271 vulnerabilities in the latest version of Firefox.
This is why Mythos would be so dangerous in the wrong hands. The software would allow a threat actor to immediately identify the most vulnerable cracks and exploit them themselves or sell them to other nefarious actors.
Bloomberg says the users belong to a group interested in unpublished AI models that have previously accessed other unpublished anthropic models.
To access Mythos in particular, users relied on the expertise of an individual who has been given permission to access Anthropic models and software for evaluation purposes on behalf of an outside company.
The group also drew on details of a data breach that affected AI recruiting startup Mercor. The details allowed the group to guess the whereabouts of the model’s online location, while also using experience gained from the format of other Anthropic models.
While the group has apparently said it has no interest in using Mythos for malicious purposes (and is instead interested only in testing the model), it has raised serious questions about Mythos’ security.
“We are investigating a report alleging unauthorized access to Claude Mythos Preview through one of our third-party vendor environments,” an Anthropic spokesperson said in a statement, adding that the company has no evidence that the access extended beyond a third-party vendor environment.
Anthropic recently detected exploitative attempts and hidden evaluation awareness within the Mythos model, which it called “strategic manipulation” features.
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
