A group of unauthorised users has gained access to Anthropic PBC’s Mythos AI model – a system the company has described as capable of enabling cyberattacks – through a combination of contractor access and internet research tools, according to a person familiar with the matter and documentation viewed by Bloomberg.
The users, who are part of a private online forum, obtained access to Mythos on the same day Anthropic announced plans to release the model to a limited number of companies for testing.
The person, who spoke on condition of anonymity, corroborated the account with screenshots and a live demonstration of the model, the report said.
How a private Discord group got into Anthropic’s most restricted AI model
Anthropic said in a statement: “We’re investigating a report claiming unauthorised access to Claude Mythos Preview through one of our third-party vendor environments.” The company added it currently has no evidence that the access went beyond a third-party vendor’s environment or that it is affecting any of Anthropic’s systems.
Anthropic has stated that Mythos is capable of identifying and exploiting vulnerabilities “in every major operating system and every major web browser when directed by a user to do so.”
As a result, the company has made the model available only to a select group of software providers through an initiative called Project Glasswing, designed to allow those firms to test and protect their own systems against cyberattacks.
Approved testers include Apple Inc., Amazon.com Inc. and Cisco Systems Inc., among dozens of other organisations. Amazon, a key Anthropic partner and investor, also offers Mythos through its Bedrock platform to a limited list of approved organisations.
In recent days, a growing number of financial institutions and government agencies on both sides of the Atlantic have sought to be added to the list of early testers.
The users employed a combination of methods to enter Mythos. One member of the group had access through contract work they performed for a company evaluating Anthropic’s AI models on behalf of a third-party contractor. Bloomberg has not named the company for security reasons.
The group also used internet tools of the kind typically used by cybersecurity researchers. They made an educated guess about the model’s location online based on their knowledge of the format Anthropic has used for other models – details that were reportedly revealed in a recent data breach at Mercor, an AI training start-up that works with a number of developers.
The users are members of a private Discord channel focused on finding information about unreleased models, including through bots that scan for details posted on unsecured websites such as GitHub.
According to the person familiar with the matter, the group has been using Mythos on a regular basis since gaining access, though not for cybersecurity purposes.
“The group is interested in playing around with new models, not wreaking havoc with them,” the person said. Users have instead been running tasks such as building simple websites, in what the person described as an attempt to avoid detection by Anthropic.
The person added that the group also claims to have access to a range of other unreleased Anthropic AI models.
The incident highlights the difficulties Anthropic faces in preventing its most powerful technology from reaching those outside its approved partner network. It also raises questions about whether other individuals may be using Mythos without permission, and for what purpose.
