Own Your AI (Or Someone Else Does)
The current case study has company. It's not just Anthropic.
We cannot trust a company that can’t protect its own crown jewel to adequately protect another company’s sensitive data.
The whole tale of Mythos started with a leak. A CMS misconfiguration exposed its existence publicly. Then the npm code dump, feature flags and references to Mythos thrown into public speculation. Shortly after Project Glasswing started, people with no business being inside the project accessed the model anyway, by guessing URL patterns and using leaked credentials.
A company that can’t protect a model they called too dangerous to release publicly cannot be trusted with your data for 30 days. It’s worse if the government is now having them hold that data longer.
“Too dangerous to release” isn’t new language. OpenAI used the same phrase about GPT-2 in 2019, and eventually walked it back, releasing the full model. When Anthropic said it about Mythos, the skepticism was immediate and specific: the announcement landed three weeks ahead of an expected IPO filing, and analysts openly called safety framing “the new competitive moat in AI.” The phrase is industry-wide. So is the suspicion that follows it.
This should not be a surprise. I’ve written before about where Claude sits on the Stanford Foundation Model Transparency Index, below the floor of what we should expect. The Mythos leak and the Fable retention issue aren’t separate failures. They’re the same posture showing up twice, once in what went into the model, once in what happens to what you send it.
This is not just an Anthropic problem.
In early 2023, a messaging system breach leaked OpenAI’s internal design discussions. It wasn’t disclosed properly, not to the public, not to law enforcement. Later, the ChatGPT desktop app was found storing conversations in plain text, sitting in an unprotected location on disk. Neither was as large as the Mythos cascade. Both were fixed quickly once caught.
I once spoke with a red-teamer tasked with testing ChatGPT for software development. A team member opened a fresh environment, started a new program, and tab-completed proprietary code verbatim, code that had never been part of any disclosed breach. The only things he’d typed by hand were his own name and his employer’s. The rest, the model already knew.
xAI’s Grok had its own version, even worse. A sharing feature meant for forwarding a conversation instead made it public by default, and over 370,000 conversations ended up indexed on Google. Passwords, medical questions, and in some logs, instructions serious enough that they shouldn’t have existed anywhere. It got less attention than Mythos. Not because it was less severe. Because fewer people were watching.
These companies don’t handle your data identically. The stories break differently because the companies are different. But the pattern underneath is the same. A disregard for the boundary between what’s theirs and what isn’t.
“Make sure you own your AI. AI in the cloud is not aligned with you; it’s aligned with the company that owns it.”
— Mitko Vasilev
