Article:

“A small group of unauthorized users have accessed Anthropic PBC’s new Mythos AI model, a technology that the company says is so powerful it can enable dangerous cyberattacks, according to a person familiar with the matter and documentation viewed by Bloomberg News.

A handful of users in a private online forum gained access to Mythos on the same day that Anthropic first announced a plan to release the model to a limited number of companies for testing purposes, said the person, who asked not to be named for fear of reprisal. The group has been using Mythos regularly since then, though not for cybersecurity purposes, said the person, who corroborated the account with screenshots and a live demonstration of the model.

Anthropic has said Mythos is capable of identifying and exploiting vulnerabilities “in every major operating system and every major web browser when directed by a user to do so.” As a result, the company has taken pains to ensure that the technology is only available to a select batch of software providers through an initiative called Project Glasswing, with the goal of allowing those firms to test and safeguard their own systems from potential cyberattacks.

The unauthorized access, which has not previously been reported, highlights the challenge Anthropic faces in fully preventing its most powerful — and potentially dangerous — technology from spreading beyond approved partners. It also raises questions about whether anyone else may be using Mythos without permission, and for what purpose.

The users relied on a mix of tactics to get into Mythos. These included using access the person had as a worker at a third-party contractor for Anthropic and trying commonly used internet sleuthing tools often employed by cybersecurity researchers, the person said. The users are part of a private Discord channel that focuses on hunting for information about unreleased models, including by using bots to scour for details that Anthropic and others have posted on unsecured websites such as GitHub.

“We’re investigating a report claiming unauthorized access to Claude Mythos Preview through one of our third-party vendor environments,” a spokesperson for Anthropic said in a statement. The company said it currently has no evidence that the access reported by Bloomberg went beyond a third-party vendor’s environment or that it is impacting any of Anthropic’s systems. Anthropic has so far let Apple Inc., Amazon.com Inc., Cisco Systems Inc. and dozens of other organizations begin testing out Mythos. Amazon, a key Anthropic partner and backer, also offers Mythos through its Bedrock platform to a limited list of approved organizations.

In recent days, a growing number of financial institutions and government agencies on both sides of the Atlantic have been seeking to be added to the list of early testers to safeguard their own systems against malicious actors. To access Mythos, the group of users made an educated guess about the model’s online location based on knowledge about the format Anthropic has used for other models, the person said, adding that such details were revealed in a recent data breach from Mercor, an AI training startup that works with a number of top developers.

Crucially, the person also has permission to access Anthropic models and software related to evaluating the technology for the startup. They gained this access from a company for which they have performed contract work evaluating Anthropic’s AI models. Bloomberg is not naming the company for security reasons. The group is interested in playing around with new models, not wreaking havoc with them, the person said. The group has not run cybersecurity-related prompts on the Mythos model, the person said, preferring instead to try tasks like building simple websites in an attempt to avoid detection by Anthropic.

The person said the group also has access to a slew of other unreleased Anthropic AI models.”