Discord group says it accessed Claude Mythos by guessing location

Source: Mashable Tech

Background

Anthropic claims its new AI model, Claude Mythos, is “capable of identifying and then exploiting zero‑day vulnerabilities in every major operating system and every major web browser.” Access to the model is limited to a select group of partners through an initiative called Project Glasswing, which Anthropic says is intended to help tech leaders “secure the world’s most critical software.”

How the Discord group accessed Claude Mythos

According to Bloomberg, the Discord users did not use a sophisticated hack. Instead, they guessed the online location of the model by analyzing Anthropic’s past naming conventions—a clue that emerged from the recent data breach at AI startup Mercor (Fortune).

After pinpointing the endpoint, the group employed additional tactics. One member already had privileged access through a third‑party contractor that works with Anthropic.

Anthropic’s response

Anthropic confirmed to Bloomberg that it is aware of the claim and is investigating. The company has not indicated that any other unauthorized parties have breached Claude Mythos.

Implications

Claude Mythos has been described by Anthropic as a “paradigm‑shifting security threat” that could “reshape cybersecurity” as we know it. Unauthorized access—regardless of the users’ stated intentions (the Discord members said they were using the model to build simple websites)—raises concerns about the model’s potential misuse and the robustness of Anthropic’s own security measures.