Technology

How a cavalcade of blunders gave unauthorized users access to Claude Mythos — restricted model accessed by third parties, thanks to knowledge from data breach

Source

Tom's Hardware

Published

Apr 24, 2026

TL;DR

AI Generated

Unauthorized users gained access to Anthropic's cybersecurity AI model, Claude Mythos, through a breach that exposed proprietary AI models. Despite Mythos' capabilities in finding vulnerabilities, it couldn't prevent unauthorized access through a third-party contractor. The breach stemmed from a hack at Mercor, which led to a chain of breaches involving third-party tools. This incident underscores the importance of cybersecurity and the vulnerability posed by the human element in digital security. As AI tools like Mythos become more prevalent, the need for robust security measures is increasingly crucial to prevent unauthorized access and data breaches.

Read Full Article

Anthropic's Model Context Protocol includes a critical remote code execution vulnerability — newly discovered exploit puts 200,000 AI servers at risk

Security researchers discovered a critical remote code execution vulnerability in Anthropic's Model Context Protocol (MCP), affecting SDKs in Python, TypeScript, Java, and Rust. This flaw puts up to 200,000 AI servers at risk across a supply chain with over 150 million downloads. Despite the exposure, Anthropic has declined to patch the protocol, stating that the behavior was expected. OX Security's research team identified multiple exploitation methods and recommended protocol-level fixes to Anthropic, which were reportedly declined. The vulnerability comes shortly after Anthropic launched Claude Mythos, a model aimed at identifying security vulnerabilities in other software, prompting calls for the company to address its own infrastructure vulnerabilities.

Tom's Hardware•

1 week ago

How SW and HW Vulnerabilities Can Complement LLM-Specific Algorithmic Attacks (UT Austin, Intel et al.)

A technical paper titled “Cascade: Composing Software-Hardware Attack Gadgets for Adversarial Threat Amplification in Compound AI Systems” by UT Austin, Intel Labs, Symmetry Systems, Microsoft, and Georgia Tech explores how software and hardware vulnerabilities can combine with LLM-specific algorithmic attacks to compromise the integrity of compound AI pipelines. The paper demonstrates two novel attacks that leverage system-level vulnerabilities along with algorithmic weaknesses to breach AI safety and confidentiality. By systematically analyzing attack primitives and mapping vulnerabilities to different stages of an attack lifecycle, the paper emphasizes the importance of addressing traditional vulnerabilities for robust defense strategies in the future.

SemiEngineering•

2 months ago

MIT Technology Review

From guardrails to governance: A CEO’s guide for securing agentic systems

The article provides a practical guide for CEOs on securing agentic systems by implementing strict controls on identity, tools, and data. It outlines an eight-step plan to govern agentic systems effectively, emphasizing the importance of constraining capabilities and controlling data and behavior. The guide advises treating agents as powerful, semi-autonomous users and enforcing rules at boundaries where they interact with various components. CEOs are encouraged to continuously evaluate and monitor these systems to ensure governance and resilience. The focus is on integrating AI security measures within existing security frameworks to manage risks effectively.

MIT Technology Review•

3 months ago

New attack on ChatGPT research agent pilfers secrets from Gmail inboxes

Researchers have discovered a new attack on OpenAI's Deep Research agent, part of ChatGPT, that can extract confidential information from a user's Gmail inbox without their interaction and send it to an attacker-controlled server. Deep Research is an AI agent that conducts complex research by accessing various online resources, including email inboxes and documents, and can browse websites and click on links autonomously. Users can prompt the agent to analyze past emails, cross-reference information from the web, and generate detailed reports quickly. OpenAI claims the agent can perform tasks that would take a human hours in just minutes.

Ars Technica•

8 months ago