Unauthorised users already accessing Claude Mythos Preview

The thing everyone warned about happened even faster than expected

Image:
A source claims to have accessed Anthropic’s new AI model through a third party contractor

A “small group” of individuals have managed to access Anthropic’s Claude Mythos Preview, a new AI system that can autonomously detect security vulnerabilities.

In internal tests Claude Mythos Preview (CMP) has already identified “thousands” of critical flaws, uncovered long-overlooked security holes and even generated working exploits for previously unknown vulnerabilities.

These abilities are why regulators and security agencies are watching Mythos so closely – and now, their concerns appear justified.

A source speaking to Bloomberg News said a “small group” of users in a private Discord channel were able to access Mythos on the same day Anthropic announced Project Glasswing - an initiative to roll out CMP to a select group of companies for testing purposes.

Project Glasswing is Anthropic’s attempt to keep CMP in a sandbox of sorts – because, as the developer itself admitted, the model can exploit vulnerabilities “in every major operating system and every major web browser when directed by a user to do so.”

The source, who validated their claims with screenshots and a live demonstration, says the group has been using Mythos “regularly” since first accessing it, although not for cybersecurity purposes. Instead, they are “playing around” with the model, performing tasks like building simple websites in an attempt to avoid detection.

The group allegedly used a mix of tactics to access Mythos. Bloomberg’s source, for example, used their position at a third-party contractor for Anthropic. Others tried common tools used by security researchers.

The Discord channel the group belongs to focuses on searching for information about unreleased AI models, scouring online sources like Github using both manual searches and automation.

The source says they made an “educated guess” about Mythos’ online location based on their knowledge about the format Anthropic has used for other models - information that came to light in a breach at data contractor Mercor earlier this year. They also say they have access to other unreleased Anthropic models.

For its part, Anthropic says it is investigating the claims but has “no access” that its own systems have been affected.