惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

B
Blog RSS Feed
Spread Privacy
Spread Privacy
T
Threatpost
C
Cisco Blogs
P
Palo Alto Networks Blog
AI
AI
Cyberwarzone
Cyberwarzone
NISL@THU
NISL@THU
P
Privacy & Cybersecurity Law Blog
G
GRAHAM CLULEY
Simon Willison's Weblog
Simon Willison's Weblog
T
Tor Project blog
Latest news
Latest news
AWS News Blog
AWS News Blog
D
Docker
S
SegmentFault 最新的问题
博客园 - 聂微东
WordPress大学
WordPress大学
Vercel News
Vercel News
S
Securelist
爱范儿
爱范儿
J
Java Code Geeks
Know Your Adversary
Know Your Adversary
S
Schneier on Security
Hugging Face - Blog
Hugging Face - Blog
F
Fortinet All Blogs
Last Week in AI
Last Week in AI
D
DataBreaches.Net
宝玉的分享
宝玉的分享
D
Darknet – Hacking Tools, Hacker News & Cyber Security
MongoDB | Blog
MongoDB | Blog
Engineering at Meta
Engineering at Meta
K
Kaspersky official blog
美团技术团队
博客园 - 叶小钗
阮一峰的网络日志
阮一峰的网络日志
量子位
博客园_首页
Attack and Defense Labs
Attack and Defense Labs
S
Secure Thoughts
Google Online Security Blog
Google Online Security Blog
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
腾讯CDC
T
Threat Research - Cisco Blogs
雷峰网
雷峰网
有赞技术团队
有赞技术团队
www.infosecurity-magazine.com
www.infosecurity-magazine.com
P
Privacy International News Feed
S
Security Affairs

The Verge

The Verge The Verge The Verge The Verge The Verge The Verge The Verge The Verge The Verge The Verge The Verge Govee’s multicolor ceiling light doubles as a low-res screen Spotify is partnering with Peloton for guided workouts The plan to quietly kill Coyote v. Acme blew up in David Zaslav’s face AirPods, Touch Bars, and the rest of Tim Cook’s legacy I don’t think Gwyneth Paltrow knows what a peptide is Brendan Carr’s war on wokeness targets inclusive children’s television Ikea’s new inflatable chair doesn’t look like an inflatable chair Inside Microsoft’s wave of executive departures Netflix can’t seem to follow-up its biggest shows The Iranian women Trump ‘saved’ from execution are simultaneously real and AI-manipulated Elon Musk admits that millions of Tesla vehicles won’t get unsupervised FSD Tesla’s revenue rises again as it prepares for more AI and robotics Former MrBeast exec sues over ‘years’ of alleged harassment Watch Sony’s elite ping-pong robot beat top-ranked players Anthropic’s Mythos rollout has missed America’s cybersecurity agency Will a new CEO realize Apple’s smart home potential? It’s amazing how good Alienware’s $350 OLED monitor is Call of Duty never made much sense for Xbox Game Pass BMW’s flagship 7 Series gets its ‘Neue Klasse’ upgrade The year’s weirdest game is hard to explain and even harder to put down Behind the unraveling of Dan Crenshaw First vacuums — then the world SpaceX cuts a deal to maybe buy Cursor for $60 billion We translated the Palantir manifesto for actual human beings ISS astronauts are getting new laptops Tim Cook was an innovator — just not the Jobs kind AI backlash is coming for elections OpenAI’s updated image generator can now pull information from the web Framework’s Laptop 13 Pro launch event X makes it 1,900 percent more expensive to post links Framework announces Laptop 13 Pro, ‘the MacBook Pro for Linux users’ Framework’s first eGPUs turn its laptop into a desktop PC Blue Origin successfully reused its New Glenn rocket Cloud development platform Vercel was hacked The RAM shortage could last years Judge rules Trump administration violated the First Amendment in fight against ICE-tracking Cheap stuff that doesn’t suck, take 3 Dyson’s handheld fan is more powerful and louder than I expected There’s nothing like an RPG over vacation The AI apps are coming for your PC The best budget smartphones you can buy Dairy Queen is putting an AI chatbot in its drive-thrus The AirPods Pro 3 are $50 off right now, nearly matching their best-ever price Ghost orchid in the machine The South Korean president is doing quote-post diplomacy Peloton, stay in your lane The ‘AI is inevitable’ trap The creative software industry has declared war on Adobe Gucci-branded Google smart glasses are coming next year Ballmer gives $80 million to NPR, with strings attached Netflix embraces vertical video with major mobile app update Netflix cofounder Reed Hastings is officially leaving the company Live Nation says it will fight monopoly suit loss Ozlo’s comfy Sleepbuds are nearly 30 percent off in the run-up to Mother’s Day Teenage Engineering might be getting into instrument amps next The only way to fight deepfakes is by making deepfakes Casely has reannounced a power bank recall from 2025 following a fatality How Netflix made us fall in love with K-dramas It’s slushy season, and Ninja’s frozen drink machine is nearly half off Roku hits a major milestone with 100 million households Age verification is a mess but we’re doing it anyway Ronan Farrow on Sam Altman’s “unconstrained” relationship with the truth Character.AI’s new Books mode turns reading into roleplay The Cybertruck of e-bikes is here to replace your car Moft adds a tracker and shutter button to its magnetic tripod wallet Canva’s AI 2.0 update goes all in on prompt-powered design tools Meta blames RAM shortage for $100 Quest 3 price hike Intel’s cheaper Panther Lake chips are for budget-friendly laptops DJI’s Osmo Pocket 4 camera is better at capturing slo-mo footage and photos Govee’s new LED Lightwall comes with its own self-standing frame Spotify just won $322 million from music pirates it can’t find YouTube now lets you turn off Shorts Ford’s EV and software chief Doug Field is leaving the company Trump’s posting even more AI-generated Trump-Jesus fan art Ticketmaster is an illegal monopoly, jury finds FTC pushes ad agencies into dropping brand safety rules Ikea’s smart donut lamp is a sweet treat Google launches a Gemini AI app on Mac Microsoft counters the MacBook Neo with freebies for students Best Buy’s Ultimate Upgrade Sale features deals on dozens of our favorite gadgets The Senate is voting to save free IRS Direct File today The Verge The Verge The Verge You can grab a refurbished 2021 Kindle Paperwhite starting at just $49.99 The Hisense UR9 is a great first shot against OLED’s bow How AT&T created the most iconic phone ever The AI code wars are heating up Allow me to explain why I love this camera that can’t shoot color
Anthropic’s Mythos breach was humiliating
Robert Hart · 2026-04-24 · via The Verge

Anthropic’s tightly controlled rollout of Claude Mythos has taken an awkward turn. After spending weeks insisting the AI model is so capable at cybersecurity that it is too dangerous to release publicly, it appears the model fell into the wrong hands anyway.

According to Bloomberg, a “small group of unauthorized users” has had access to Mythos — whose existence was first revealed in a leak — since the day Anthropic announced plans to offer it to a select group of companies for testing. Anthropic says it is investigating. That’s a rough look for a company that has built its brand on taking AI safety seriously while touting the cybersecurity prowess of its latest model.

From a technological standpoint, the Mythos breach is embarrassingly unsophisticated. Bloomberg reports the group accessed Mythos by making “an educated guess about the model’s online location,” using information about Anthropic’s other models exposed in the breach of Mercor — a company that makes AI training data — along with access one member had through contract work evaluating Anthropic models. The group got unauthorized access to Mythos through a combination of insider knowledge and a lucky guess, not some sophisticated technological exploit or wholesale theft of the model.

Security vulnerabilities are inevitable, and it was Mercor, not Anthropic, that revealed the information the hackers used to guess Mythos’ location. Pia Hüsch, a research fellow at the British think tank Royal United Services Institute (RUSI), told me that no company is ever completely secure and humans are often the weakest link, though it “does initially seem a bit lucky” that there were no serious consequences.

Anthropic failed to anticipate an ‘entirely imaginable’ kind of failure

But it’s not entirely bad luck. These kinds of educated guesses are a very standard hacking technique, and the Mercor breach was already known before Mythos’ release. Security researcher Lukasz Olejnik described it to me as an “entirely imaginable” kind of failure that the cybersecurity industry has been routinely dealing with for the last 20 years. So Anthropic should have anticipated it and should have prepared accordingly, particularly knowing that its information had been compromised.

Anthropic also appears to have had the means to spot the breach. The company is able to “log and track model use,” Olejnik said, which should make it possible to stop unauthorized or malicious access, especially since the Mythos rollout was supposed to be highly limited. Evidently, Anthropic wasn’t monitoring closely enough — and given how dangerous it says the model is, it’s reasonable to ask why.

By Bloomberg’s account, the group was not using Mythos for cybersecurity tasks, partly because they just wanted to mess around with the new model and partly because doing so could have tipped Anthropic off. If Anthropic’s messaging surrounding Mythos is to be taken seriously, that is a lucky break. The company has framed Mythos as a “watershed moment for security,” claiming it found vulnerabilities in “​​every major operating system and web browser,” and said its release must be coordinated to allow time to “reinforce the world’s cyber defenses.”

Anthropic has a habit of using dramatic, alarming-sounding language that can be tough to interrogate cleanly, including flirting with the idea that its Claude model might be conscious. Even so, early reports from parties with access suggest Mythos is particularly adept in cybersecurity. Mozilla CTO Bobby Holley said it found hundreds of bugs in Firefox 150 and may finally give defenders a chance at complete victory over attackers. Unsurprisingly, governments and financial institutions around the world have been eager to get their hands on it. The NSA and other US agencies reportedly have access despite Anthropic’s designation as a supply chain risk, though the rollout appears to have bypassed the US cybersecurity agency, CISA, so far.

“Anthropic claims to be at the absolute forefront of all these technologies, but also positions itself as the responsible actor in all of this.”

The fact that the breach was uncovered by a reporter rather than Anthropic also raises the obvious question of whether it is an isolated incident. It “really illustrates how wide the circle of people who may be able to do this is, even if they don’t have super technically sophisticated means,” Hüsch said. Anthropic will likely comb through its supply chain to see how this happened and plug gaps, but she said there is a wide range of actors who would want access to a model like this, some of them with a great deal of money behind them. There is no reason to assume anyone else who gained access would be as restrained as the group Bloomberg reported on.

Anthropic has, to some extent, shot itself in its own foot. The company has built its identity around taking AI safety more seriously than its rivals, creating sky-high expectations for model security that jar with its apparent carelessness; the fact that Mythos was exposed through such a basic and predictable failure only underscores that. Worse still, by hyping Mythos as an unusually powerful tool too dangerous for public release, Anthropic turned it into an obvious target, whether for malicious actors or hackers simply looking for a challenge.

This isn’t even the first awkward security incident around Mythos. The model’s existence was accidentally revealed before release through an “unsecured data trove” on a central system containing content for its website. Now, that model has been secretly accessed via a wholly predictable vulnerability Anthropic didn’t think to patch. Perfection is impossible, but for a company that has anointed itself the vanguard of AI safety, such a basic misstep is hard to justify, even with some of the bad luck it’s had.

To Hüsch, the whole episode can be summed up in one word: humiliation. “Anthropic claims to be at the absolute forefront of all these technologies, but also positions itself as the responsible actor in all of this,” she said. “The fact that this has now been accessed through unauthorized means so quickly, and through such an unsophisticated attempt, is really a humiliation for them.”

Follow topics and authors from this story to see more like this in your personalized homepage feed and to receive email updates.