Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
Imustaskforhelp 12 hours ago

Oh alright, thanks for linking this! I didn't know a discussion had happened already. Although that being said as the discussion has been >14 days, the comments are now restricted so perhaps its might be worth another discussion.

Also I disliked how most said unauthorized users/rogue users, although that is correct but I find it a bit more informational to also say that it was found within a discord group as to not consider these to be institutional hackers that is

Edit: and also how the way that they gained access was via guessing rather than what being accessed might mean to many people and the image it might generate in general.

gnabgib 12 hours ago | parent [-]

It's the whole story (that your article references/links to via other reposts).

1. Rogue discord users got access by guessing a URL

> The group of users made an educated guess about the model’s online location based on knowledge about the format Anthropic has used for other models

2. Oh wait, they had valid credentials from a third party (presumably former 3rd party now)

> Crucially, the person also has permission to access Anthropic models and software related to evaluating the technology for the startup. They gained this access from a company for which they have performed contract work evaluating Anthropic’s AI models.

https://archive.is/9Oxlr

Imustaskforhelp 11 hours ago | parent [-]

> https://archive.is/9Oxlr

Thanks, this article is really interesting too, I have uploaded it to archive.org too in case someone else wants to read it (https://web.archive.org/web/20260507015350/http://serjaimela...)

> 2. Oh wait, they had valid credentials from a third party (presumably former 3rd party now)

I find it interesting but how many other software have a similar achilles heel? recently vercel had something similar happen where all their env's which sometimes included really sensitive information like database passwords got leaked because an AI company that they used got compromised because an employe e at that company got compromised because of using an roblox cheat software iirc.

Are there any reports on who the third party is exactly, It doesn't inspire confidence that an third party used by Anthropic got compromised enough to leak access to mythos but also wouldn't more companies also rely on the said third party who could've also gotten compromised or (maybe already might've?)

Do you know how the story got to bloomberg as well? I mean I wonder how anyone outside of that group and perhaps maybe Anthropic's logs came to know about all of this/the discord group.