Anthropic's Mythos AI model, a powerful cybersecurity tool that the company said could be dangerous in the wrong hands, has been accessed by a "small group of unauthorized users," Bloomberg reports. An unnamed member of the group, identified only as "a third-party contractor for Anthropic," told the publication that members of a private online forum […]
Anthropic is investigating potential "unauthorized access" to its Claude Mythos model that has been touted for its ability to find cybersecurity flaws, the company told Bloomberg . A group gained access to the model through a third-party contractor portal and by using internet sleuthing tools, according to the report. However, the group is only interested in trying the models and not using them maliciously, according to a person familiar with the matter. "We're investigating a report claiming unauthorized access to Claude Mythos Previous through one of our third-party vendor environments," Anthropic said in a statement. The Claude Mythos Preview arrived earlier this month as part of " Project Glasswing " with significant fanfare. Anthropic limited the preview release to a small number of trusted test companies including Amazon, Microsoft, Apple and Cisco. Another was Mozilla, which said the model helped it find and patch 271 Firefox vulnerabilities . A growing number of banks and government agencies have been seeking access as well in order to safeguard their own systems. However, several unauthorized users (who reportedly have a private chat on Discord), supposedly gained access to Mythos through a developer portal and by making an educated guess as to where the model might be located. That same group may also have access to other unreleased Anthropic models, according to the report. The new Mythos model has gained notoriety of late for its supposed ability to sniff out security flaws in operating systems and internet browsers. This has prompted some skepticism among security researchers but also fear that AI-generated cyber attacks could become a "real threat," CTO of cloud security firm Edera Alex Zenla recently told Wired . Anthropic was recently designated as a " supply chain risk " by the US Department of Defense, but has been in talks with the Trump administration of late to have that label removed. This article originally appeared on Engadget at https://www.engadget.com/ai/anthropic-is-investigating-unauthorized-access-of-its-mythos-cybersecurity-tool-091017168.html?src=rss
Anthropic's buzzy announcement about using AI to improve cybersecurity earlier this month was met with plenty of skepticism. However, Mozilla shared some details that support use of the company's special Claude Mythos Preview model as a way to protect critical services. Using Mythos helped Mozilla's team find and patch 271 vulnerabilities in the latest release of the Firefox browser. "So far we’ve found no category or complexity of vulnerability that humans can find that this model can’t," the foundation said. The blog post from Mozilla feels like a positive sign for Anthropic's Project Glasswing. Obviously the AI company would want to put itself in the best possible light while presenting its own initiative, but there's something encouraging about hearing the benefits from a third party. Mozilla also noted that in its time with Claude Mythos, the AI wasn't able to turn up any bugs that a human wouldn't have been able to find, given enough time and resources, which indicates that AI isn't presently able to do more to crack cybersecurity protections than a person can. An organizaion successfully using AI for good is certainly a refreshing change of pace in tech news. And for those Firefox users who aren't personally interested in applying any generative AI in their browsing, Mozilla has given the option to turn it all off for the past several months. This article originally appeared on Engadget at https://www.engadget.com/ai/mozilla-says-it-patched-271-firefox-vulnerabilities-thanks-to-anthropics-claude-mythos-224330023.html?src=rss
