Mythos model slips into the wild through vendor backdoor

Don't miss my latest CSO piece, which examines how Anthropic is recommending the Exploit Prediction Scoring System (EPSS) for cyber defenders to deal with the coming onslaught of bug reports.

Metacurity is the only daily cybersecurity briefing built for clarity, not agendas—no vendor spin, no echo chamber, just sharp, original aggregation and analysis of what actually matters to security leaders.

If you rely on Metacurity to cut through the noise on policy, industry shifts, and security research, consider supporting us with a paid subscription. Independent coverage like this only exists because readers decide it’s worth it.

A small group of unauthorized users accessed Anthropic PBC’s new Mythos AI model, a technology that the company says is so powerful it can enable dangerous cyberattacks, according to a person familiar with the matter and documentation.

A handful of users in Discord forum gained access to Mythos on the same day that Anthropic first announced a plan to release the model to a limited number of companies for testing purposes, said the person, who asked not to be named for fear of reprisal. The group has been using Mythos regularly since then, though not for cybersecurity purposes, said the person, who corroborated the account with screenshots and a live demonstration of the model.

The users relied on a mix of tactics to get into Mythos. These included using access the person had as a worker at a third-party contractor for Anthropic and trying commonly used internet sleuthing tools often employed by cybersecurity researchers, the person said. The users are part of a private Discord channel that focuses on hunting for information about unreleased models, including by using bots to scour for details that Anthropic and others have posted on unsecured websites such as GitHub.

The unauthorized access highlights the challenge Anthropic faces in fully preventing its most powerful — and potentially dangerous — technology from spreading beyond approved partners. It also raises questions about whether anyone else may be using Mythos without permission, and for what purpose.

“We’re investigating a report claiming unauthorized access to Claude Mythos Preview through one of our third-party vendor environments,” a spokesperson for Anthropic said in a statement. (Rachel Metz / Bloomberg)

Related: The Guardian, Bloomberg Television, The Verge, Engadget, TechCrunch, Reuters, The Verge, PCMag, Business Today, MediaNama, Yahoo Finance, TechRadar, The Indian Express, Silicon Republic, The Next Web, Gizmodo, Cyber Security News, Digit, Seoul Economic Daily, Australian Financial Review, The Information, Financial Times, Reuters, Axios

Amid a raging debate over the impact that new AI models will have on cybersecurity, Mozilla said that its Firefox 150 browser release this week includes protections for 271 vulnerabilities identified using early access to Anthropic's Mythos Preview.

The Firefox team says that it has taken resources and discipline to adjust to the firehose of bugs that new AI tools can uncover, but that this big lift is necessary for the security of Mozilla’s users, given that the capabilities will inevitably be in attackers’ hands soon.

Mozilla's experience, at least in the short term, shows that AI tools like Mythos Preview could have a profound impact on vulnerability hunters.

“Our belief is that the tools have changed things dramatically, because now we have automated techniques that can cover, as far as we can tell, the full space of vulnerability-inducing bugs,” says Bobby Holley, Firefox's chief technology officer. (Lily Hay Newman / Wired)

Related: Mozilla, Ars Technica, BeInCrypto, The Register, Decrypt, Engadget, r/Anthropic, r/firefox, Slashdot, Allan Friedman on LinkedIn, Thurrott, r/InterstellarKinetics, r/technology, Dataconomy

Australia and New Zealand’s central banks are monitoring developments around Anthropic PBC’s new Mythos AI model, which the company says is powerful enough to enable sophisticated cyberattacks, according to separate statements.

The Reserve Bank of Australia is “engaging with peer regulators, government and regulated entities,” it said in a statement. “The RBA, along with peer regulators and government agencies will continue to assess the implications of these technological advancements to ensure the ongoing safety and resilience of the financial system.”

The RBA chairs Australia’s Council of Financial Regulators, which includes the corporate watchdog, the prudential regulator, and the Treasury. Its engagement comes as regulators around the world step up discussions with financial firms on how they are managing cybersecurity risks linked to Mythos.

The Reserve Bank of New Zealand, too, is “monitoring the developing risk that Anthropic’s Mythos model may cause in the New Zealand financial sector and our regulated entities,” it said in a statement. “We are engaging with other domestic agencies and our Trans-Tasman colleagues to ensure we remain aligned on the risks and our response.”

Separately, Japan’s Finance Minister Satsuki Katayama said she will meet the country’s biggest banks to discuss Anthropic PBC’s latest AI model, Mythos, on Friday, as authorities around the world express concerns about the technology.

She is set to talk with a group including the country’s biggest lenders, Mitsubishi UFJ Financial Group Inc., Sumitomo Mitsui Financial Group Inc., and Mizuho Financial Group Inc. Bank of Japan Governor Kazuo Ueda and Japan Exchange Group Inc. Chief Executive Officer Hiromi Yamaji are also likely to attend, people familiar with the matter said earlier.

“We intend to begin by sharing our assessment of the situation and exchanging views, including issues that have been raised in the US and concerns being pointed out across the international financial community,” Katayama told reporters on Wednesday. (Swati Pandey and Ainsley Thomson / Bloomberg and Taiga Uranaka, Hideki Suzuki, and Sumio Ito / Bloomberg)

Related: Reuters

The UK could face “hacktivist attacks at scale” if it becomes embroiled in a conflict and the impact could be similar to recent high-profile ransomware incidents, according to the head of the country’s online security agency, the National Cyber Security Centre (NCSC).

NCSC CEO Richard Horne warned that nation states now account for the most significant incidents the NCSC deals with.

“Were we to be in, or near, a conflict situation, the UK would likely face hacktivist attacks at scale. With similar effects and sophistication to the ransomware attacks we see today. But … no option to pay a ransom to help recover,” the NCSC chief said in a speech opening the annual CyberUK conference in Glasgow.

Every public and private sector organization needs to focus on cybersecurity in the face of such a threat, said Horne, whose agency is part of GCHQ.

“Defending against that means every organization embedding cybersecurity into their corporate mission,” he said.

“Ensuring they understand the full extent of risk they face, build defence in depth so that initial footholds by an attacker don’t result in catastrophic impact.”

Horne also said hostile states, including China, Iran, and Russia, are responsible for the majority of nationally significant cyber attacks targeting Britain, cautioning that the UK could face attacks "at scale" in a "perfect storm" should it become embroiled in an international conflict. (Dan Milmo / The Guardian and Margaret Davis / The Independent)

Related: NCSC, Associated Press, The Record

The "Say Something Anonymous Reporting System,” the group formed by parents of children who died in the Sandy Hook shootings, one of the US’s most horrific school shootings, exposed details about potential school shooters and bullies, as well as the people who informed on them, due to a recent hack of P3 Global Intel, the company that collects reports for Crime Stoppers programs, the military and more than 35,000 schools across the country.

The hack of P3 has raised serious concerns among many in the education space, given the exposure of personal information linked to tipsters and those being reported.

To make matters worse, the hacker group behind the breach, known as the Internet Yiff Machine, is now offering to sell the data cache on a cybercrime forum for $10,000. The group had previously provided the stolen tip information only to SAN and the nonprofit leak archiver DDosSecrets for reporting purposes.

And with uncertainty around how and whether victims in the breach will be warned, the identities of teachers, students, and parents could soon fall into the hands of the highest bidder.

Sandy Hook Promise said it is treating reports of the breach “with the utmost seriousness and believes that confidentiality, trust, and privacy of our community are paramount.” (Mikael Thalen / Straight Arrow News)

Cynthia Kaiser, a former FBI cyber chief, is calling for the US government to consider applying terrorism designations to ransomware actors who target hospitals and other critical, life-safety infrastructure, arguing a Bush-era terror financing authority could be applied beyond its traditional uses.

In testimony before the House Homeland Security Committee, Cynthia Kaiser — who served as deputy assistant director in the FBI’s Cyber Division from 2022 to 2025 and is now a senior vice president at Halcyon’s Ransomware Research Center — also urged officials to examine whether prosecutors could pursue homicide charges under federal felony murder standards in cases where ransomware attacks on health facilities result in documented patient deaths. (David DiMolfetta / NextGov/FCW)

Related: Homeland Security Committee, MeriTalk

Insurers are introducing new caps on payouts for cyber losses and regulatory fines related to AI use, as the industry rushes to reduce its exposure to the rapidly advancing technology.

QBE and Beazley are among the groups that have proposed language for cyber insurance policies limiting payouts on AI losses, according to brokers and documents.

Australian insurer QBE is applying “sublimits”, which cap the payout on a specific kind of loss, to so-called LLMjacking events, where cyber criminals hack into large language models being used by businesses in order to avoid paying usage fees.
Under wording introduced by QBE, a cyber insurance policy covering up to $5mn in losses would pay out only up to around $250,000 on losses caused by LLMjacking.

Cyber specialist insurer Beazley has also proposed contractual language limiting its exposure to AI-linked losses related to regulatory breaches. (Lee Harris / Financial Times)

Related: Silicon Angle, Intelligent Insurer, CIO

According to a report from crypto exchange Coinbase, proof-of-stake blockchains could face greater exposure to future quantum computing attacks because the validator signatures used to secure those networks rely on cryptography that a powerful enough quantum computer could eventually break.

Released by Coinbase’s Independent Advisory Board on Quantum Computing and Blockchain, the report examines how advances in quantum computing could affect digital asset security.

“The right time to prepare for a cryptographic transition is before it becomes urgent,” a Coinbase Advisory Board spokesperson said. “Our view is that customer assets are safe today, but the industry should not confuse ‘not imminent’ with ‘not important.’” (Jason Nelson / Decrypt)

Related: Coinbase, CoinDesk, CoinPedia, DL News, Cryptopolitan, Crypto News, crypto.news, CryptoRank

Volo Protocol, a Sui-based liquid staking platform, said that it has suffered an exploit that drained roughly $3.5 million in assets.

In a post on social media platform X, Volo stated that the attack affected assets in the protocol's WBTC, XAUm, and USDC vaults. The protocol wrote that it immediately notified the Sui Foundation and ecosystem partners and froze the vaults to limit the impact.

Volo noted that all vaults will remain frozen pending a full post-mortem and remediation, and that other vaults do not carry the same vulnerability and are safe.

"The ~$28M in TVL across all other Volo vaults is safe," the statement said. "We want to be clear: Volo is prepared to absorb this loss. We will do our best not to pass this to our users."

Less than 30 minutes after the initial announcement, Volo said that it had successfully frozen $500,000 in assets that were exploited. (Danny Park / The Block)

Related: CoinDesk, BeInCrypto, Startup Fortune, crypto.news, Crypto Rank, Coin Central, Bitget,

The wallet addresses tied to the $292 million Kelp DAO bridge exploit began a laundering operation on April 21, moving approximately 75,701 ETH worth roughly $175 million across three transactions into freshly created addresses on the Ethereum mainnet, according to blockchain analytics firm Arkham Intelligence. 

The movements signal the start of a systematic exit strategy by the suspected North Korean Lazarus Group actors, who may have accelerated their timeline after Arbitrum’s Security Council froze $71 million in stolen ETH on Arbitrum One the night before.

Arkham said 50,700 ETH, worth approximately $117 million, moved to two newly created wallet addresses, while a separate 25,000 ETH, worth roughly $58 million, went to a third. Blockchain investigator ZachXBT reported in a Telegram post that some of the stolen funds had already begun crossing chains, flagging three THORChain transactions totaling roughly $1.5 million and a separate $78,000 routed through the privacy protocol Umbra. (Unchained)

Related: crypto.news, Crypto News, Intellectia, Coinpedia

Meta is installing new tracking software on US-based employees’ computers to capture mouse movements, clicks, and ​keystrokes for use in training its artificial intelligence models, part of a broad initiative to build AI agents that can perform work tasks autonomously, the company told staffers in ‌internal memos.

The tool, called Model Capability Initiative (MCI), will run on work-related apps and websites and will also take occasional snapshots of the content on employees’ screens, according to one of the memos, posted by a staff AI research scientist on Tuesday in a channel for the company's model-building Meta SuperIntelligence Labs team.

The purpose, according to the memo, was to improve the company's AI models in areas where they struggle to replicate how humans interact with computers, like choosing from dropdown menus ​and using keyboard shortcuts.

Meta CTO Andrew Bosworth told employees ⁠in a separate memo shared on Monday that the company would step up internal data collection as part of those "AI for Work" efforts, now re-branded as Agent Transformation Accelerator (ATA). (Katie Paul and Jeff Horwitz / Reuters)

Related: TechCrunch, Fortune, Business Insider, Ars Technica, Mint, Inc, Associated Press, Computerworld, PCMag, TechCrunch, Digit, crypto.news, City A.M., Fortune, iTnews, Business Today, Forbes, Inc.com, BMI, People Matters, Trak.in, Pixel Envy, Futurism, BBC, The American Bazaar, PC Gamer, Gizmodo, International Business Times

Future Energy Capital, a financial services company that allegedly had $2.6 million (€2.2 million) emptied from its bank account in a cyber attack, is blaming the security lapse on its corporate services provider. 

Future Energy is suing Vistra Corporate Services (Ireland) Ltd, claiming the company must indemnify it from all losses arising from a series of transfers out of its account last October. The business, which provides a platform for people and entities that invest in, produce, and buy sustainable aviation fuel (SAF), claims its contract with Vistra is null and void. (Francesca Comyn / The Currency)

Related: The Independent

Australian online rental platform  2Apply, operated by InspectRealEstate, has been urged to stop collecting users’ personal information after the Australian privacy commissioner found the gathering of “excessive” data compounded the vulnerability of tenants amid the housing crisis.

In a first-of-its-kind determination against one of the platforms, p the privacy commissioner, Carly Kind, found that 2Apply had unfairly collected excessive personal information.

Kind found that 2Apply did not need to collect gender information, details on dependents, student status, bankruptcy status, retirement status, previous living history, current ownership of property, applications for other properties, bond/rent assistance application status, and citizenship status or visa expiry.

Kind also found that 2Apply could collect less information on emergency contacts, vehicle details, certain ID documents, proof of income documents, and employment details.

The privacy commissioner found that 2Apply’s application system exhibited what is dubbed “confirmshaming” – an online tactic that uses guilt to discourage a user from opting out of something.

The form noted that providing information would “help speed up your application process” and not providing it may “affect whether you are considered as a suitable tenant for the property." (Josh Taylor / The Guardian)

Related: Office of the Australian Information Commissioner, Australian Cyber Security Magazine

Microsoft has released out-of-band (OOB) security updates to patch a critical ASP.NET Core privilege escalation vulnerability.

The security flaw (tracked as CVE-2026-40372) was found in the ASP.NET Core Data Protection cryptographic APIs, and it could allow unauthenticated attackers to gain SYSTEM privileges on affected devices by forging authentication cookies.

Microsoft discovered the flaw following user reports that decryption was failing in their applications after installing the .NET 10.0.6 update release during this month's Patch Tuesday. (Sergiu Gatlan / Bleeping Computer)

Related: Microsoft, Neowin, Cyber Press, GBHackers

Researchers at Kaspersky discovered a previously undocumented data-wiping malware dubbed Lotus was used last year in targeted attacks against energy and utilities organizations in Venezuela.

It was uploaded to a publicly available platform in mid-December from a machine in Venezuela and has been analyzed by researchers at Kaspersky.

Before the cripling stage, the attacker relies on two batch scripts that prepare the system for the final payload by weakening defenses and obstructing normal operations.

According to the researchers, the Lotus data-wiping malware is designed to destroy compromised systems by overwriting physical drives and eliminating recovery options.

Given the timing, the observed activity aligns with geopolitical tensions in the region, which culminated this year on January 3 with the capture of Venezuela’s then-president, Nicolás Maduro.

Around mid-December 2025, the state-owned oil company Petróleos de Venezuela (PDVSA) suffered a cyberattack that disabled its delivery systems. The organization blamed the United States for the incident.

It should be noted that there is no public evidence indicating that PDVSA's systems were wiped in the attack or details about the nature of the attack. (Bill Toulas / Bleeping Computer)

Related: Securelist, Security Affairs

Over 1,300 Microsoft SharePoint servers exposed online remain unpatched against a spoofing vulnerability that was exploited as a zero-day and is still being abused in ongoing attacks.

The security flaw, tracked as CVE-2026-32201, affects SharePoint Enterprise Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition (the latest on-premises version, which uses a "continuous update" model).

As Microsoft explained when it patched this security issue as part of the April 2026 Patch Tuesday, successful exploitation allows threat actors without privileges to perform network spoofing by taking advantage of an improper input validation weakness in low-complexity attacks that don't require user interaction.

While Microsoft flagged the vulnerability as a zero-day, it has yet to disclose how it was exploited in attacks or link this malicious activity to a specific threat actor or hacking group.

On Tuesday, Internet security watchdog group Shadowserver warned that over 1,300 unpatched Microsoft SharePoint servers exposed online are still waiting to be secured, with fewer than 200 systems patched since Microsoft released CVE-2026-32201 security updates last week. (Sergiu Gatlan / Bleeping Computer)

Related: Microsoft

Australia's eSafety Commissioner said it had issued legally enforceable transparency notices to Roblox, Minecraft, Epic Games' Fortnite and Valve's Steam, seeking details on their safety systems, staffing and measures ​aligned with cybersecurity protocols.

Companies must respond to the notices, with failure to comply exposing them to ​up to penalties of up to A$825,000 ($590,783) a day. They usually have 30 days to ⁠respond to compliance notices from Australian regulators.

eSafety Commissioner Julie Inman Grant said gaming-related services, including encrypted ​messaging, can become the first point of contact between children and offenders involved in grooming, sexual extortion and ​radicalisation.

"What we often see after these offenders make contact with children in online game environments, they then move children to private messaging services," Inman Grant said in a statement. (Renju Jose / Reuters)

Related: eSafety Commissioner, PC Gamer, Telecompaper

Best Thing of the Day: Let's Roll Back the Clock for Our Children

The Los Angeles Unified School District’s board voted to restrict students’ use of laptops and tablets in class and encourage pen-and-paper assignments instead, making it the first major American school system to do so.

Worst Thing of the Day: Please Leave Our Museums Alone

The website for France's National Inventory of Natural Heritage, which provides reference information on species and habitats, remains inaccessible nine months after a cyberattack hit the National Museum of Natural History.

Bonus Worst Thing of the Day: Please Leave Our Great Cities Alone

(MPS) has survived a legal challenge that attempted to curb its rollout of live facial recognition (LFR) technology across the capital.

Closing Thought