Discord Sleuths Gained Unauthorized Access to Anthropic’s Mythos
Amateur sleuths exploited a breach and guessed a URL to access the restricted tool.
A group of amateur sleuths on Discord gained unauthorized access to Anthropic's Mythos Preview AI, a tool touted as dangerously capable for finding security vulnerabilities. The group bypassed Anthropic's restricted release by examining data from a recent breach of Mercor, an AI training startup, and making an educated guess about the model's online location—likely a web URL—based on knowledge of Anthropic's naming formats. One user also leveraged permissions they already had from working for an Anthropic contracting firm to access other unreleased models, according to Bloomberg.
Despite the potential for harm, the group reportedly used Mythos only to build simple websites, a deliberate choice to avoid detection by Anthropic. This incident highlights the challenges of securing powerful AI tools, as even basic reconnaissance can expose them. Meanwhile, other security news includes Mozilla using early access to a similar Anthropic tool to fix 271 vulnerabilities in Firefox 150, and researchers cracking the 'Fast16' malware from 2005, which predates Stuxnet and may have targeted Iran's nuclear program.
- Discord users accessed Anthropic's Mythos Preview by guessing its URL from a Mercor breach and Anthropic's naming patterns.
- One user exploited existing permissions from an Anthropic contracting firm to access multiple unreleased models.
- The group used Mythos only for simple websites to avoid detection, not for hacking, per Bloomberg.
Why It Matters
Shows how easy it is to compromise restricted AI tools, raising security concerns for developers.