Anthropic's artificial intelligence (AI) model "Claude Mythos Preview" (hereafter Mythos), which touts powerful security vulnerability detection, has been embroiled in controversy over unauthorized access and data leaks immediately after its unveiling, prompting criticism that the company exposed shortcomings in its own security management.
According to the industry on the 23rd, Anthropic has recently been in hot water over unauthorized access and a leak incident. On the 21st (local time), the company began an investigation after confirming that there had been unauthorized access to Mythos. Those who attempted access reportedly used a partner employee account and open-source information search tools. According to Bloomberg and others, the unauthorized access occurred on the 7th, when Anthropic unveiled Mythos.
Mythos is a model specialized in detecting security vulnerabilities in operating systems (OS) and web browsers. It drew attention for allowing corporations to check for vulnerabilities in advance, but concerns were also raised that criminal groups could abuse it for attacks. In response, Anthropic limited access by offering it only to select organizations such as Apple, Microsoft, and the National Security Agency (NSA) through a closed program called "Project Glasswing," instead of a public release.
However, successive security incidents are seen as shaking confidence in Anthropic's security management. On the 31st of last month, the source (blueprint) of Anthropic's Claude AI development tool "Claude Code" was leaked due to an employee mistake. Claude Code is a development tool used to integrate Claude into services.
The incident occurred while deploying Claude Code to NPM, a software package repository used by developers. A "map" file that can restore encrypted code to its original form was included, exposing the internal code structure externally.
The exposed code totaled more than 512,000 lines, with about 1,900 files. The code spread via code-sharing platforms such as GitHub, and some in the industry even said core technologies were effectively made public. At the time, Anthropic said in a statement, "This was not a security breach, but an employee mistake (human error) that occurred during deployment."
In addition, on the 25th of last month, a configuration error in the content management system exposed some not-yet-public Mythos specifications.
There is also speculation that this string of controversies could affect Anthropic's listing. Anthropic is reportedly pushing for an initial public offering (IPO) in Oct. Bloomberg reported that Anthropic recently received an investment proposal valuing the company at about $800 billion (about 1,200 trillion won).
The Wall Street Journal (WSJ) said, "The leak of the Claude Code source is a major blow to Anthropic," adding, "Beyond dealing a fatal hit to the reputation it has built on safety, there is a risk that key trade secrets important in the competition to win corporate customers could be exposed."