Also I disliked how most said unauthorized users/rogue users, although that is correct but I find it a bit more informational to also say that it was found within a discord group as to not consider these to be institutional hackers that is
Edit: and also how the way that they gained access was via guessing rather than what being accessed might mean to many people and the image it might generate in general.
1. Rogue discord users got access by guessing a URL
> The group of users made an educated guess about the model’s online location based on knowledge about the format Anthropic has used for other models
2. Oh wait, they had valid credentials from a third party (presumably former 3rd party now)
> Crucially, the person also has permission to access Anthropic models and software related to evaluating the technology for the startup. They gained this access from a company for which they have performed contract work evaluating Anthropic’s AI models.
Thanks, this article is really interesting too, I have uploaded it to archive.org too in case someone else wants to read it (https://web.archive.org/web/20260507015350/http://serjaimela...)
> 2. Oh wait, they had valid credentials from a third party (presumably former 3rd party now)
I find it interesting but how many other software have a similar achilles heel? recently vercel had something similar happen where all their env's which sometimes included really sensitive information like database passwords got leaked because an AI company that they used got compromised because an employe e at that company got compromised because of using an roblox cheat software iirc.
Are there any reports on who the third party is exactly, It doesn't inspire confidence that an third party used by Anthropic got compromised enough to leak access to mythos but also wouldn't more companies also rely on the said third party who could've also gotten compromised or (maybe already might've?)
Do you know how the story got to bloomberg as well? I mean I wonder how anyone outside of that group and perhaps maybe Anthropic's logs came to know about all of this/the discord group.
Imustaskforhelp•1h ago
Edit: instead of CISA did, Its now before CISA used it. I wish to add it as before even CISA used it but its one character too long :-(