Anthropic's Mythos Model Is Being Accessed by Unauthorized Users (bloomberg.com)
(Wednesday April 22, 2026 @05:00PM (BeauHD)
from the it-was-only-a-matter-of-time dept.)
- Reference: 0181869526
- News link: https://it.slashdot.org/story/26/04/22/2038241/anthropics-mythos-model-is-being-accessed-by-unauthorized-users
- Source link: https://www.bloomberg.com/news/articles/2026-04-21/anthropic-s-mythos-model-is-being-accessed-by-unauthorized-users
Bloomberg reports that a small group of unauthorized users [1]gained access to Anthropic's restricted Mythos model through a mix of contractor-linked access and online sleuthing. Anthropic says it is investigating and has no evidence the access extended beyond a third-party vendor environment or affected its own systems. From the report:
> The users relied on a mix of tactics to get into Mythos. These included using access the person had as a worker at a third-party contractor for Anthropic and trying commonly used internet sleuthing tools often employed by cybersecurity researchers, the person said. The users are part of a private Discord channel that focuses on hunting for information about unreleased models, including by using bots to scour for details that Anthropic and others have posted on unsecured websites such as GitHub. [...] To access Mythos, the group of users made an educated guess about the model's online location based on knowledge about the format Anthropic has used for other models, the person said, adding that such details were revealed in a recent data breach from Mercor, an AI training startup that works with a number of top developers.
>
> Crucially, the person also has permission to access Anthropic models and software related to evaluating the technology for the startup. They gained this access from a company for which they have performed contract work evaluating Anthropic's AI models. Bloomberg is not naming the company for security reasons. The group is interested in playing around with new models, not wreaking havoc with them, the person said. The group has not run cybersecurity-related prompts on the Mythos model, the person said, preferring instead to try tasks like building simple websites in an attempt to avoid detection by Anthropic. The person said the group also has access to a slew of other unreleased Anthropic AI models.
[1] https://www.bloomberg.com/news/articles/2026-04-21/anthropic-s-mythos-model-is-being-accessed-by-unauthorized-users
> The users relied on a mix of tactics to get into Mythos. These included using access the person had as a worker at a third-party contractor for Anthropic and trying commonly used internet sleuthing tools often employed by cybersecurity researchers, the person said. The users are part of a private Discord channel that focuses on hunting for information about unreleased models, including by using bots to scour for details that Anthropic and others have posted on unsecured websites such as GitHub. [...] To access Mythos, the group of users made an educated guess about the model's online location based on knowledge about the format Anthropic has used for other models, the person said, adding that such details were revealed in a recent data breach from Mercor, an AI training startup that works with a number of top developers.
>
> Crucially, the person also has permission to access Anthropic models and software related to evaluating the technology for the startup. They gained this access from a company for which they have performed contract work evaluating Anthropic's AI models. Bloomberg is not naming the company for security reasons. The group is interested in playing around with new models, not wreaking havoc with them, the person said. The group has not run cybersecurity-related prompts on the Mythos model, the person said, preferring instead to try tasks like building simple websites in an attempt to avoid detection by Anthropic. The person said the group also has access to a slew of other unreleased Anthropic AI models.
[1] https://www.bloomberg.com/news/articles/2026-04-21/anthropic-s-mythos-model-is-being-accessed-by-unauthorized-users
great job (Score:3)
by awwshit ( 6214476 )
Claim to make the best hacking software, then fail to secure access to it. What could go wrong?
Fun to watch (Score:2)
by Himmy32 ( 650060 )
Always fun when security tools have security incidents. This one is a little less ironic than something like the [1]recent Aqua / Trivy breach. [arstechnica.com]
[1] https://arstechnica.com/security/2026/03/widely-used-trivy-scanner-compromised-in-ongoing-supply-chain-attack/
Jesus Built My Hotrod (Score:2)
by Thud457 ( 234763 )
The Matrix was right.
Mankind did burn the sky. Not to prevent AIs* from taking over but to give birth to them.
* actually unreliable LLMs, we all know the score here on /. .
Re: (Score:2)
Because [1]it's "too good" at finding vulnerabilities [slashdot.org], so big projects need head starts. Like Mozilla is claiming that it'll eventually be able to [2]find all their defects. [mozilla.org]
[1] https://it.slashdot.org/story/26/04/07/2115208/anthropic-unveils-claude-mythos-powerful-ai-with-major-cyber-implications
[2] https://blog.mozilla.org/en/privacy-security/ai-security-zero-day-vulnerabilities/
Re: (Score:1)
Guaranteed Mozilla sweeps at least half of the discovered defects reports under the rug.
No joke, the NSA (Score:2)
Aka the government agency which is #1 in violating domestic civil liberties. They have access. Even though Anthropic is currently on the do-not-purchase list by the feds. Also the UK "intelligence" agencies. And a few dozen other organizations.
This is either because (a) Anthropic doesn't have the datacenter capacity to roll this out to the world all at once, so they are only letting the chosen few access for now or (b) because they really and truly believe it is too dangerous for the world at large to have