When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works .
Unfortunately, as capable as any AI model is at finding code bugs that raise security concerns, it can't do much to prevent bugs in third-party provider tools that haven't been vetted by Mythos, nor account for social engineering, which has arguably always been the weakest link in digital security.
Anthropic disrupted major institutions with the internal unveiling of Mythos, which it claimed had found thousands of critical exploits in every major browser and operating system. Although there was a lot of marketing hype buried within the 200+ page mission statement Anthropic released, venerating its own model, some have found success using it to sniff out new bugs. For instance, Mozilla announced that it had used Mythos to find and patch over 270 vulnerabilities in its Firefox browser.
You may like Anthropic's Claude Mythos might be the best overall AI model for cybersecurity but cheaper models can attain similar results, research shows Anthropic's latest AI model identifies 'thousands of zero-day vulnerabilities' in 'every major operating system and every major web browser' Anthropic's Claude Mythos isn't a sentient super-hacker, it's a sales pitch — claims of 'thousands' of severe zero-days rely on just 198 manual reviews Although it has been proven that some older models can find many of the same bugs, they can't do so as quickly, or possibly as well. This new model is genuinely faster at coding and finding vulnerabilities than Claude Opus 4.6, and possibly other models from other developers, too. But it's also good at exploiting those vulnerabilities, which is allegedly why Anthropic limited access to a select number of companies and non-profits.
Because of that, banks and software developers aren't the only parties keen to get an early look at Mythos. A worker at a third-party contractor for Anthropic used their unique access to the company's services to breach Mythos' protected environment and gain access to the model, allegedly using standard internet sleuthing tools used by cybersecurity researchers.
This worker was then able to open up the model to their colleagues, with a small group of unauthorized users now said to have accessed Mythos. Although the group has reportedly not run any cybersecurity-related prompts through Mythos just yet, and has instead only asked it to perform simple tasks like creating websites. This is designed to stop Anthropic catching on to who is using Mythos, thereby making it possible to shut down the group's access.
The group that now has access to Mythos was able to gain such privileged permissions by guessing the model's online location based on knowledge of Anthropic's file systems and the naming formats it used for previous models. They garnered this information from a recent hack of an AI feedback recruitment company, Mercor, which is now facing several class action lawsuits for revealing personal information about users. It's also losing major business since the breach, most notably, Meta has paused its contracts with the company.
The irony is that Mercor was hacked via a third-party open source tool called LiteLLM . Where that hack was perpetuated by a group known as TeamPCP, however, the group that targeted Mercor was known as Lapsus$. While it used the LiteLLM compromise to infiltrate Mercor, it had targeted the AI recruitment company deliberately.
Allegedly, around 4TB of data was stolen in the breach. That included sensitive information of its recruitment candidates, including their profiles and personal information. However, Mercor also handles data from model companies, which is why some are reconsidering their contracts with Mercor. Model data is some of the most sensitive information in the world, worth billions. Anthropic's Mythos? Perhaps even more so.
Anthropic nukes a company's access to Claude, stopping 60 employees dead in their tracks
Anthropic's Model Context Protocol includes a critical remote code execution vulnerability
Claude-powered AI coding agent deletes entire company database in 9 seconds
Key considerations
- Investor positioning can change fast
- Volatility remains possible near catalysts
- Macro rates and liquidity can dominate flows
Reference reading
- https://www.tomshardware.com/tech-industry/cyber-security/SPONSORED_LINK_URL
- https://www.tomshardware.com/tech-industry/cyber-security/how-a-cavalcade-of-blunders-gave-unauthorized-users-access-to-claude-mythos-restricted-model-accessed-by-third-parties-thanks-to-knowledge-from-data-breach#main
- https://www.tomshardware.com
- From RTX to Spark: NVIDIA Accelerates Gemma 4 for Local Agentic AI
- New Adobe Premiere Color Grading Mode Accelerated on NVIDIA GPUs
- Commodore backs down over FPGA firmware lockdown — firm stops trying to block third-party firmware installs but will stand firm against bricked modded units
- No Need for Space Gear — Capcom’s ‘PRAGMATA’ Joins GeForce NOW on Launch Day
- Xbox outlines broad plan to revitalize brand with a back-to-basics approach that focuses on console — New Xbox strategy reprioritizes console, while bolstering
Informational only. No financial advice. Do your own research.