🔍 Discorders gained unauthorized access to Mythos, Anthropic's powerful model

Illustration about cybersecurity and AI related to Anthropic Mythos

A group of users on Discord managed to gain unauthorized access to Mythos Preview, the restricted version of Anthropic's model, using basic research techniques and leaked data: they reviewed information from the recent Mercor breach and “guessed” the online location of the model based on formats Anthropic had used before. Additionally, one of those involved leveraged permissions they already had from working with an Anthropic contractor firm, which gave them access to Mythos and other unreleased models. According to reports, the intruders limited their use to creating simple websites to avoid detection.

The intrusion exposes how fragile control measures can be when there are vendor data leaks, predictable deployment patterns, and poorly managed contractual permissions — and how quickly restricted access can turn into a real risk vector.

Key points of the week

  • 📡 Telecoms vulnerable: Citizen Lab researchers found that at least two surveillance companies abused flaws in global protocols (like SS7 and its successors) to behave as mobile operators and track victims' locations by accessing three small carriers.
  • ⚖️ Charges against scam center managers: the DOJ charged two alleged managers of a scam network in Myanmar; arrested in Thailand, authorities “froze” about $700 million related to the operation.
  • 🧾 500,000 UK health records for sale: UK Biobank detected that three institutions were selling research data (medical images, genomics, histories) on Alibaba; implicated accounts have been suspended and the listings removed.
  • 🍏 Apple patches notification bug: iOS/iPadOS fixed a bug that could retain deleted notifications (allowing extraction of app content like Signal). Apple addressed the unexpected retention and improved log wording; meanwhile, it is advisable to limit what your notifications show.

Stay alert to access policies, vendor permissions, and privacy configurations: many leaks and abuses stem from operational errors rather than sophisticated exploits.

Source: WIRED

💬 ¿Necesitas ayuda?
whatsapp-logo