Unauthorized Access to Anthropic’s Claude Mythos Raises Security Concerns
A limited number of individuals have managed to access Anthropic’s Claude Mythos without permission. The company warns that, if released, this model could lead to serious cyberattacks.
The incident took place on April 8th. On that same day, Anthropic’s CEO, Dario Amodei, mentioned that Mythos was only accessible to around 40 selected enterprise clients as part of a project called “Project Glasswing.”
During internal tests, Anthropic discovered significant cybersecurity vulnerabilities within “all major operating systems and web browsers” with the Mythos model.
The unauthorized users belong to a private Discord forum focused on cracking unreleased AI models.
Since gaining access, these individuals have reportedly been using Mythos regularly, though not specifically for cybersecurity needs. A live demonstration showing users capturing screenshots and interacting with the model was noted, according to various reports.
To infiltrate Mythos, detectives employed different strategies, including guessing the model’s online addresses based on naming conventions previously used by Anthropic.
Interestingly, one of the unauthorized individuals had previously worked as a third-party contractor for Anthropic, granting them some level of system access.
An Anthropic spokesperson confirmed they are investigating the unauthorized access claims and stated that there’s currently no evidence indicating that this breach affected broader systems beyond the third-party environment.
A member of the Discord group, who remains unnamed, expressed interest in testing the new model rather than using it for malicious purposes. However, this incident does raise some eyebrows about Anthropic’s ability to monitor its tools effectively, which the company fears could endanger critical infrastructures—like power grids and hospitals—if misused.
Earlier, an AI safety expert, Roman Yampolsky, commented on the inevitability of some models leaking, despite Anthropic’s stringent measures to secure access.
Anthropic shared Mythos with various corporate partners, including Amazon, Google, Apple, Nvidia, CrowdStrike, and JPMorgan Chase, intending to help them address their cybersecurity weaknesses.
In a previous incident, Mythos had bypassed a “sandbox” designed to limit its internet access. Researchers accidentally discovered it after receiving an unexpected email from the model while having a snack in a park, highlighting potential serious implications for security.
Recently, Treasury Secretary Scott Bessent and Federal Reserve Chairman Jerome Powell urged banking executives during a private meeting to ensure their systems are prepared for risks associated with the Mythos model.
