Anthropic Launches Investigation into Unauthorized Access to Cyber-Threat AI Model Mythos
The artificial intelligence developer Anthropic has officially confirmed it is investigating a concerning report that unauthorized individuals have gained access to its Mythos model. This advanced AI system has not been released to the public due to its significant capabilities in enabling cyber-attacks, raising alarms about potential security breaches.
Report Details Unauthorized Access Through Third-Party Vendor
According to a Bloomberg report published on Wednesday, a small group of users managed to access the Mythos model through a private online forum. Anthropic responded by stating, "We're investigating a report claiming unauthorised access to Claude Mythos Preview through one of our third-party vendor environments." The company emphasized that this incident occurred despite the model being restricted to a limited number of corporate partners for testing purposes.
Bloomberg's investigation revealed that a "handful" of individuals gained access to Mythos on the very same day Anthropic announced its release to select companies, including Apple and Goldman Sachs. The unauthorized access was reportedly achieved through an employee at a third-party contractor working with Anthropic, who utilized methods commonly employed by cybersecurity researchers to breach the system.
Limited Immediate Threat but Significant Concerns Raised
While the group has not executed any cybersecurity prompts on the model and appears more interested in "playing around" with the technology than causing deliberate harm, the potential breach has sparked serious concerns. Bloomberg corroborated these claims through screenshots and a live demonstration of the model's accessibility, confirming the validity of the report.
This incident is particularly alarming given Mythos's demonstrated capabilities. The UK's AI Security Institute (AISI), the world's leading safety authority for AI technology, recently warned that Mythos represents a "step up" from previous models in terms of cyber-threat potential. AISI confirmed that Mythos can carry out complex multi-step attacks and autonomously discover vulnerabilities in IT systems—tasks that typically require human professionals days to complete.
Government and Security Experts Express Grave Concerns
Kanishka Narayan, the UK's AI minister, has publicly stated that UK businesses "should be worried" about Mythos's ability to identify flaws in IT systems that hackers could exploit. The model's proficiency was demonstrated when it became the first AI to successfully complete a 32-step simulation of a cyber-attack designed by AISI, solving the challenge in three out of ten attempts.
The news of this potential security breach highlights critical questions about how dangerous AI technologies can be safeguarded from falling into the wrong hands. Authorities and cybersecurity experts are now closely monitoring the situation, as the unauthorized access to Mythos underscores the vulnerabilities in current AI security protocols and the urgent need for enhanced protective measures.
Anthropic's investigation continues as the company works to determine the full extent of the breach and implement stronger security controls to prevent future incidents involving its high-risk AI models.
