Overview
- Anthropic says it is investigating Bloomberg’s Wednesday report of unauthorized use of Claude Mythos, an AI built to find software vulnerabilities, and it has found no sign the activity spread beyond a third‑party provider’s systems.
- The reported access relied on an employee at an outside service partner and knowledge of how Anthropic stored prior models, with sources also pointing to searches of public code sites and data taken earlier from the training vendor Mercor.
- Members of a small private Discord group reportedly used the model for harmless tests such as simple website builds rather than cyberattacks, aiming to avoid detection.
- Financial and cyber authorities moved to limit risk, with US officials convening major banks for urgent reviews and German bodies BaFin and BSI urging firms to prepare for fast software updates as the ECB begins coordination.
- Mozilla says Mythos helped locate and fix 271 Firefox bugs, showing the tool can surface zero‑day flaws at scale and foreshadowing a near‑term surge of patches that will test organizations’ capacity to respond.