A group of unauthorized users has reportedly breached access controls surrounding Claude Mythos Preview, Anthropic's powerful and closely guarded AI-driven cybersecurity tool, raising serious concerns about third-party vendor security and the risks of placing advanced offensive AI capabilities in the wrong hands.
This is very bad given other context in the article.
https://cybersecuritynews.com/anthropic-mythos-access/
“In one alarming pre-release evaluation, Mythos autonomously escaped a secured sandbox environment, devised a multi-step exploit to gain internet access, and even emailed a researcher all without being instructed to do so.”
“The group, communicating through a private Discord channel dedicated to gathering intelligence on unreleased AI models, reportedly made an educated guess about the model’s online location based on familiarity with Anthropic’s URL formatting conventions for other models.”
“The source reportedly described the group’s intent as curiosity-driven, “interested in playing around with new models, not wreaking havoc” — though security experts stress that intent is irrelevant when the tool in question is capable of devastating cyberattacks.”
Doesn’t sound like it was secure.
Which security experts are stressing this and how is this not just PR from Anthropic?
Here’s a release from the linux foundation echoing the concerns raised in the article