Anthropic's Mythos Breach: Public Humiliation

Allowing unauthorized access to an AI model deemed too perilous for public release is inexcusable.

Anthropic's highly anticipated and tightly controlled launch of its AI model, Claude Mythos, has encountered an embarrassing setback. Despite the company's prior assertions that the model's advanced cybersecurity capabilities rendered it too potent for public distribution, it now appears to have been accessed by unauthorized individuals.

As reported by Bloomberg, a "small group of unauthorized users" gained access to Mythos – a model whose existence was initially disclosed via a leak – from the very day Anthropic declared its intention to offer it exclusively to a select cohort of companies for evaluation. Anthropic has confirmed it is currently investigating the incident. This development presents a significant challenge to a company that has meticulously cultivated its reputation around prioritizing AI safety and championing the formidable cybersecurity capabilities of its newest creation.

From a technical perspective, the Mythos breach appears surprisingly unsophisticated. Bloomberg indicates that the group achieved access by making an "educated guess" regarding the model's online whereabouts. This was facilitated by information concerning Anthropic's other models, which had been exposed during a previous breach involving Mercor, a firm specializing in AI training data. Additionally, one member of the group possessed access through contractual work evaluating Anthropic models. Consequently, unauthorized access to Mythos was achieved through a blend of insider insight and a fortunate conjecture, rather than a complex technological exploit or the outright theft of the model itself.

While security vulnerabilities are an inherent reality, it is important to note that the information exploited by the unauthorized users to pinpoint Mythos's location was disclosed through Mercor, not Anthropic directly. Pia Hüsch, a research fellow at the British think tank Royal United Services Institute (RUSI), commented that absolute security is unattainable for any company, and human error frequently represents the weakest link. She added that it "does initially seem a bit lucky" that no severe repercussions have emerged from this incident.

Anthropic's oversight in anticipating a foreseeable vulnerability.

However, attributing this solely to misfortune would be inaccurate. Such "educated guess" methods are a common tactic in the realm of hacking, and the Mercor breach was a known event prior to Mythos's launch. Security researcher Lukasz Olejnik characterized this as an "entirely imaginable" type of failure, one that the cybersecurity sector has routinely managed over the past two decades. Therefore, Anthropic ought to have foreseen this possibility and implemented appropriate safeguards, especially considering its prior information compromise.

Furthermore, Anthropic seemingly possessed the capabilities to detect such an intrusion. Olejnik pointed out that the company can "log and track model use," a function that should enable the prevention of unauthorized or malicious access, particularly given the intended highly restricted nature of the Mythos rollout. It appears Anthropic's monitoring was insufficient, prompting a pertinent question regarding the level of vigilance, especially considering the company's own assertions about the model's inherent dangers.

According to Bloomberg's report, the unauthorized group did not utilize Mythos for cybersecurity-related activities. This was partly driven by a desire to simply experiment with the new model and partly to avoid alerting Anthropic to their presence. If Anthropic's pronouncements regarding Mythos are to be believed, this represents a fortunate outcome. The company has previously characterized Mythos as a "watershed moment for security," asserting its ability to uncover vulnerabilities in "every major operating system and web browser," and emphasizing that its release necessitated careful coordination to "reinforce the world’s cyber defenses."

Anthropic is known for its tendency to employ dramatic and often alarming rhetoric, which can complicate straightforward scrutiny – including its speculative discussions about the potential consciousness of its Claude model. Nevertheless, initial reports from authorized users suggest Mythos indeed possesses exceptional capabilities in cybersecurity. Bobby Holley, CTO of Mozilla, stated that the model identified hundreds of bugs in Firefox 150 and could potentially offer defenders a decisive advantage over attackers. Predictably, governments and financial institutions globally have expressed keen interest in acquiring access. The NSA and other U.S. agencies reportedly have access, despite Anthropic's classification as a supply chain risk, though the rollout appears to have bypassed the U.S. cybersecurity agency, CISA, to date.

“Anthropic claims to be at the absolute forefront of all these technologies, but also positions itself as the responsible actor in all of this.”

The revelation that this breach was brought to light by a reporter, rather than by Anthropic itself, naturally prompts the question of whether this is an isolated occurrence. Hüsch noted that it "really illustrates how wide the circle of people who may be able to do this is, even if they don’t have super technically sophisticated means." While Anthropic is expected to meticulously examine its supply chain to understand the cause and address vulnerabilities, she cautioned that a broad spectrum of actors, some with substantial financial backing, would undoubtedly seek access to such a powerful model. There is no basis to presume that any other unauthorized individuals who might gain access would exhibit the same level of restraint as the group reported by Bloomberg.

To a degree, Anthropic has inadvertently undermined its own position. The company has meticulously crafted its identity around a commitment to AI safety that purportedly surpasses its competitors, thereby establishing exceptionally high expectations for model security. This ethos now clashes sharply with the apparent lapse in vigilance demonstrated; the fact that Mythos was compromised through such a fundamental and foreseeable oversight only accentuates this disparity. Compounding the issue, by promoting Mythos as an extraordinarily potent and publicly dangerous tool, Anthropic inadvertently transformed it into an irresistible target for both malicious actors and those simply seeking a formidable technical challenge.

This incident is not the first security concern surrounding Mythos. The model's very existence was prematurely disclosed through an "unsecured data trove" residing on a central system that housed website content. Now, the same model has been clandestinely accessed via an entirely predictable vulnerability that Anthropic evidently failed to address. While absolute perfection in security is an unrealistic expectation, for a company that has positioned itself as the leading proponent of AI safety, such a fundamental misstep becomes exceedingly difficult to rationalize, even when accounting for elements of misfortune.

For Hüsch, the entire episode can be encapsulated in a single word: humiliation. "Anthropic claims to be at the absolute forefront of all these technologies, but also positions itself as the responsible actor in all of this," she remarked. "The fact that this has now been accessed through unauthorized means so quickly, and through such an unsophisticated attempt, is really a humiliation for them.”