A private Discord group gained unauthorized access to Claude Mythos Preview, Anthropic's restricted cybersecurity AI model, on its launch day by guessing the model's URL based on familiarity with Anthropic's URL conventions. The model was withheld from public release due to its ability to autonomously discover zero-day vulnerabilities and write working exploits across major operating systems and browsers. Access was facilitated through a third-party vendor environment, with an insider apparently involved. Anthropic confirmed an investigation but found no evidence of impact to core systems. The breach undermines Anthropic's Project Glasswing controlled-rollout strategy, complicates its legal dispute with the Pentagon over supply chain risk designation, and highlights the gap between a company's own security controls and those of its vendors.
Sort: