Mythos, Anthropic’s latest cybersecurity model, has encountered a security issue with a small faction of unauthorised users gaining access. This model was introduced in a preview phase and is designed for limited access, restricted to only 40 firms under Project Glasswing. Anthropic has indicated that this limited accessibility is essential given its robust capabilities, which could be misused easily.
Currently, Mythos is undergoing testing and evaluation by top industry authorities to determine its safety, fortify protections, and ascertain that it can be utilised responsibly without generating cybersecurity risks or the threat of misuse.
Must read: A fintech chief technology officer cautions against overconfidence after Anthropic halts more than 60 accounts.
Access Breach of Anthropic Mythos
A report from Bloomberg highlighted that the unauthorised group accessed Mythos on the very day it was publicly announced. They seemingly discerned the possible hosting location of the model online, leveraging patterns or formats utilized by Anthropic in their earlier models. This indicates that the group made an educated guess instead of employing sophisticated hacking techniques. Although the unauthorised users have been experimenting with the tools, they did not indicate any intentions linked to cybersecurity threats.
Anthropic stated that their team is investigating claims regarding unauthorised access to the Claude Mythos Preview through a third-party vendor environment. The company also reassured that there is no evidence suggesting that the incident impacted its systems.
It has been reported that the group attempted various methods to enter the model, including utilising the access of an individual associated with a third-party contractor collaborating with Anthropic. Thus, the group had access to legitimate credentials rather than merely speculating about the system’s location.
Must read: Despite being blacklisted, reports suggest that the NSA is using Anthropic’s Mythos.
Bloomberg additionally disclosed that the group is part of a Discord community actively seeking unreleased AI models. They also provided proof to the publication of their ongoing usage. The group claims their interest lies in exploring new models rather than causing disruption.
In addition to Mythos, the group asserted they have gained access to other unreleased AI models from Anthropic. This raises significant concerns regarding potential deficiencies in access controls and security measures, especially for critically sensitive systems like Mythos. It underlines the fact that even users with benign intentions could inadvertently expose powerful tools before the necessary safeguards are completely established.