Anthropic's Mythos Model Is Being Accessed by Unauthorized Users

Source: Slashdot

Background

Bloomberg reports that a small group of unauthorized users gained access to Anthropic’s restricted Mythos model through a combination of contractor‑linked access and online sleuthing.

Details of the Unauthorized Access

• The users leveraged access obtained as a worker at a third‑party contractor for Anthropic.
• They also employed commonly used internet sleuthing tools often employed by cybersecurity researchers.
• The group operated within a private Discord channel focused on hunting for information about unreleased models. They used bots to scour for details that Anthropic and others had posted on unsecured websites such as GitHub.

To locate Mythos, the group made an educated guess about the model’s online location based on the format Anthropic has used for other models. Those details were reportedly revealed in a recent data breach of Mercor, an AI‑training startup that collaborates with several top developers.

Anthropic’s Response

• Anthropic is investigating the incident.
• The company says it has no evidence that the access extended beyond the third‑party vendor environment or that its own systems were affected.
• The individual who accessed the models had permission to evaluate Anthropic’s AI technology for a startup, gained through contract work with a company that performs such evaluations (the company is not named for security reasons).

Intent and Scope

• According to the source, the group is interested in experimenting with new models rather than causing harm.
• They have not run cybersecurity‑related prompts on Mythos, opting instead for tasks like building simple websites to avoid detection.
• The same source indicated that the group also has access to a slew of other unreleased Anthropic AI models.

---

Source: Bloomberg (as referenced by Slashdot).