Anthropic restricted 'risky' AI's release. Now its access is breached
What's the story
A group of unauthorized users has reportedly gained access to Mythos, a cybersecurity tool recently unveiled by Anthropic. The incident was reported by Bloomberg, which said that the breach occurred through a third-party vendor. "We're investigating a report claiming unauthorized access to Claude Mythos Preview through one of our third-party vendor environments," an Anthropic spokesperson told TechCrunch.
Access methods
Hackers used credentials of a 3rd-party vendor
The unauthorized group has tried several ways to gain access to Mythos, including using the credentials of a person who works at a third-party contractor for Anthropic. The members of this group are part of a Discord channel that seeks information about unreleased AI models. They have been using Mythos regularly since gaining access and provided evidence to Bloomberg in the form of screenshots and a live demonstration of the software.
Tool features
Mythos can be used for hacking
Mythos is an AI product designed for enterprise security, but Anthropic has warned that it could also be used as a hacking tool if it falls into the wrong hands. The company had initially released the tool to a select number of vendors, including Apple, Google, NVIDIA, and Microsoft, as part of an initiative called Project Glasswing. This was done to ensure that these companies would test and secure their own systems against potential cyber threats.
Tool features
Unauthorized group not using Mythos for cybersecurity prompts
When Anthropic first unveiled Mythos, it said the tool could identify and exploit vulnerabilities "in every major operating system and every major web browser when directed by a user to do so." The unauthorized group that gained access to the tool has not run cybersecurity-related prompts on it. They are only experimenting with new models, not causing any harm, as per the report.
Security implications
Incident raises concerns about security measures
The unauthorized access to Mythos has raised questions about the difficulties AI companies face in keeping their most powerful and potentially dangerous technology from spreading beyond approved partners. It also raises concerns about whether anyone else may be using Mythos without permission, and for what purpose. The incident highlights the need for stricter security measures in the development and distribution of advanced AI tools.