Discord Sleuths Gained Unauthorized Access to Anthropic’s Mythos

A group of Discord users gained unauthorized access to Anthropic's highly restricted Mythos AI model through simple detective work, highlighting vulnerabilities even in tools designed for high-level security.
As researchers and practitioners debate the impact that new AI models will have on cybersecurity, Mozilla said on Tuesday it used early access to Anthropic's Mythos Preview to find and fix 271 vulnerabilities in its new Firefox 150 browser release. Meanwhile, researchers identified a group of moderately successful North Korean hackers using AI for everything from vibe coding malware to creating fake company websites—stealing up to $12 million in three months.
Researchers have finally cracked disruptive malware known as Fast16 that predates Stuxnet and may have been used to target Iran’s nuclear program. It was created in 2005 and was likely deployed by the US or an ally.
Meta is being sued by the Consumer Federation of America, a nonprofit, over scam ads on Facebook and Instagram and allegedly misleading consumers about the company’s efforts to combat them. A United States surveillance program that lets the FBI view Americans’ communications without a warrant is up for renewal, but lawmakers are deadlocked on next steps. A new bill aims to address mounting lawmaker concerns, but lacks substance.
Anthropic’s Mythos Preview AI model has been touted as a dangerously capable tool for finding security vulnerabilities in software and networks, so powerful that its creator has carefully restricted its release. But one group of amateur sleuths on Discord found their own, relatively simple ways—no AI hacking required—to gain unauthorized access to a coveted digital prize: Mythos itself.
Despite Anthropic’s efforts to control who can use Mythos Preview, a group of Discord users gained access to the tool through some straightforward relatively detective work: They examined data from a recent breach of Mercor, an AI training startup that works with developers, and “made an educated guess about the model’s online location based on knowledge about the format Anthropic has used for other models.”
Security researchers have long warned that the telecom protocols known as Signaling System 7, or SS7, which govern how phone networks connect to one another and route calls and texts, are vulnerable to abuse. This week researchers at Citizen Lab revealed that at least two for-profit surveillance vendors have actually used those vulnerabilities to spy on real victims, acting as rogue phone carriers to track the location of targets’ phones.
In a sign of a growing crackdown by US law enforcement on human-trafficking-fueled scam compounds in Southeast Asia, the Department of Justice announced charges against two Chinese men for allegedly managing a scam compound in Myanmar. The DOJ also “restrained” $700 million in funds belonging to the operation.
Three scientific research institutions have been found selling British citizens’ health information on Alibaba. Over the last two decades, more than 500,000 people shared their health data with UK Biobank for medical research, but a breach of contract led to this data being listed for sale.
Apple released an iOS and iPadOS security update to fix a flaw where notifications marked for deletion could be unexpectedly retained on the device. This follows reports that the FBI was able to get copies of Signal messages from an iPhone as the content was saved in an iOS push notification database.
Source: Wired AI














