惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

aimingoo的专栏
aimingoo的专栏
Google DeepMind News
Google DeepMind News
S
SegmentFault 最新的问题
Project Zero
Project Zero
D
DataBreaches.Net
I
InfoQ
L
Lohrmann on Cybersecurity
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
酷 壳 – CoolShell
酷 壳 – CoolShell
Stack Overflow Blog
Stack Overflow Blog
The Register - Security
The Register - Security
Recorded Future
Recorded Future
Vercel News
Vercel News
博客园 - 司徒正美
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
I
Intezer
The Hacker News
The Hacker News
F
Fortinet All Blogs
Microsoft Azure Blog
Microsoft Azure Blog
P
Proofpoint News Feed
Help Net Security
Help Net Security
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Scott Helme
Scott Helme
T
Threatpost
爱范儿
爱范儿
N
Netflix TechBlog - Medium
D
Docker
云风的 BLOG
云风的 BLOG
C
Cisco Blogs
K
Kaspersky official blog
H
Help Net Security
S
Secure Thoughts
T
Threat Research - Cisco Blogs
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
S
Security @ Cisco Blogs
Cyberwarzone
Cyberwarzone
N
News and Events Feed by Topic
G
Google Developers Blog
Forbes - Security
Forbes - Security
博客园 - 三生石上(FineUI控件)
博客园 - 叶小钗
B
Blog
Google DeepMind News
Google DeepMind News
Recent Announcements
Recent Announcements
Simon Willison's Weblog
Simon Willison's Weblog
S
Securelist
P
Privacy International News Feed
Spread Privacy
Spread Privacy
The Last Watchdog
The Last Watchdog

Tech

The Industry Speaks, Part 1: AI Appreciation Day 2026 Open banking expands as non-bank lenders join Consumer Data Right Telstra CEO says she is ‘deeply sorry’ for nationwide outage Army uses AI-enabled recon drones in Exercise Southern Jackaroo Telstra finds secondary outage issue impacting 000 as government notes a Telstra finds secondary outage issue impacting 000 Telstra outage: Ministers, experts, and academics respond; ACMA to conduct full investigation 000 calls and Melbourne trains impacted by Telstra outage Kinetic IT launches AI engineering division to accelerate enterprise AI deployment US government lifts access controls on Anthropic’s Claude Fable 5 and Mythos 5 WA announces data science, artificial intelligence training program with industry, UK’s Faculty Civil liberties org rails against deployment of facial recognition tech by WA Police CrowdStrike expands QuiltWorks alliance with Amazon Web Services Vodafone urgently investigating outage impacting millions of Aussies Space Centre Australia debuts ASTRIS mission artificial intelligence at Australian Space Summit Is AI profitable yet? One website seeks to answer that question Report: Australians' faith in AI is almost non-existent Monash researchers unveil breakthrough photonic chip for next-generation AI and quantum computing Report: AI-based data incidents on the rise in Australia Anthropic launches dedicated Claude Security platform to public beta Ukrainian official advocates for artificial intelligence, autonomous drones for battlefield deployment CrowdStrike launches Project QuiltWorks to tackle skyrocketing AI-discovered vulnerabilities Report: Data collection by school-backed apps in Australia is out of control and a risk to kids Kinetic IT appoints Kishore Jayaram in new chief transformation officer role Anthropic launches Claude Opus 4.7 as researchers reveal fake Claude installer spreading malware US Federal Communications Commission announces ban on foreign-made consumer routers Australian arm of clothing retailer Lululemon fined $702k over spam breaches Not on our watch: Coles, Palantir respond to GetUp anti-surveillance campaign Kinetic IT earns fifth Deloitte Best Managed Companies award Inside Genetec: How a once-hardware-centric sector has become a software battleground Rubrik reveals Agent Cloud to secure agentic AI in the enterprise Sausage watch: What are the implications of this week’s Bunnings facial recognition ruling? Kinetic IT appoints Jeremy O’Donohue to lead state government and critical infrastructure portfolio Kinetic IT awarded ICT contract with Department of Defence Send nudes: SecDef Hegseth announces Grok rollout at the Pentagon UNSW lands $3m next-gen AI defence contract ServiceNow announces acquisition of Armis Axonius denies reports of Cisco acquisition
Outsiders are already accessing Anthropic’s new AI model, but is Claude Mythos really that powerful?
David Hollingworth · 2026-04-23 · via Tech

Anthropic’s vulnerability-hunting AI wunderkind may have already been compromised, but one security expert has serious doubts about the model’s power.

When AI firm Anthropic announced its cutting-edge Claude Mythos model earlier this month, the company revealed it was so powerful and so good at finding vulnerabilities that it was giving access to only a handful of cyber security and technology companies.

Now, just weeks after Project Glasswing was revealed, a handful of unauthorised users have gained access to the model, suggesting the security-focused Mythos isn’t that secure at all.

You’re out of free articles for this month

To continue reading the rest of this article, please log in.

According to reporting by Bloomberg, a small number of people who are members of a private Discord channel dedicated to researching unreleased AI models have had unofficial access to Mythos since it was first announced.

Getting in was apparently simple, too.

“To access Mythos, the group of users made an educated guess about the model’s online location,” Bloomberg said in an article published on 21 April.

“They based this on knowledge about the format Anthropic has used for other models, the person said, adding that such formatting details were revealed in a recent data breach from Mercor, an AI training start-up that works with a number of top developers.”

Anthropic said it was aware of the access and was investigating the report.

Shane Fry, chief technology officer at RunSafe Security, said it was an example of how easily exploited AI models commonly are.

“Unauthorised users were able to access Anthropic’s Mythos model, reportedly by just changing a model name. Even if their intent is just to explore, it shows how easily these systems can be exposed,” Fry said.

“The reality is these AI capabilities are already out there, ‘hacked’ or not, and they’re going to accelerate how quickly vulnerabilities are found and exploited. Software teams will need to look at how to harden their code so those vulnerabilities can’t be used in the first place.”

Germaine Tan Shu Ting, VP for security and AI strategy and field CISO at Darktrace, expressed similar concerns.

“It shows that the frontline remains identity,” Tan Shu Ting said.

“If Anthropic itself can be accessed using traditional hacking methods (reportedly coopting existing third-party access and ‘internet sleuthing’), then it highlights how critical it is to assume the threat is already inside the walls.”

However, while analysts and industry insiders have reacted to Mythos with something like awe, the actual capabilities of the model may, in reality, fall far short of Anthropic’s claims.

Don’t believe the hype?

Doug Britton, EVP and chief strategy officer of RunSafe Security, referred to Mythos and Project Glasswing earlier in April as a “watershed moment for AI’s runaway zero-day discovery and exploitation”.

“AI is now uncovering memory safety bugs at massive scale, including vulnerabilities that have been hiding in production code for over 25 years – the problem isn’t just that these bugs exist, it’s that they’re being found faster than organisations can fix them,” Britton said.

But the question is – are they being found that fast? Davi Ottenheimer, security engineer and president of security consultancy flyingpenguin, has some serious doubts.

“The supposedly huge Anthropic ‘step change’ appears to be little more than a rounding error. The threat narrative so far appears to be ALL marketing and no real results,” Ottenheimer said in a blog post around the time Mythos and Glasswing were announced.

“The Glasswing consortium is regulatory capture dressed up poorly as restraint.”

Ottenheimer based his observations – rather caustic ones, it must be said – on Anthropic’s own Claude Mythos Preview System Card, a “whoppingly inefficient 244-page document that devotes just seven pages to the claim that the model is too dangerous to release”.

According to Ottenheimer, only seven of those pages do not mention the acronyms one might expect: CVSS, CWE or CVE.

“The flagship demonstration document turns out to be like the ending of the Wizard of Oz, a sorry disappointment about a model weaponising two bugs that a different model found, in software the vendor had already patched, in a test environment with the browser sandbox and defence-in-depth mitigations stripped out. Anthropic failed, and somehow the story was flipped into a warning about its success,” he said.

Ottenheimer has many issues with Anthropic’s – and, it must be said, the wider media’s – claims that Mythos found “thousands of zero-day vulnerabilities in every major operating system and every major web browser”, and he pulls no punches.

Referencing that claim, Ottenheimer points out that the word “thousands” is “used once, in reference to transcripts reviewed during the alignment evaluation”.

“It is never used to describe vulnerabilities. The cyber security section (Section 3, pages 47–53) contains no count of zero-days at all,” Ottenheimer said.

“With no CVE list, no CVSS distribution, no severity bucket, no disclosure timeline, no vendor-confirmed-novel table, no false-positive rate, why are you teasing us with the claims about vulnerabilities at all?”

Cyber Daily has reached out to Anthropic for comment.

Cyber DailyWant to see more stories from trusted news sources?
Make Cyber Daily a preferred news source on Google.

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.