Lazarus Doesn't Need AGI

This analysis argues that the unauthorized access to Anthropic’s Claude Mythos via a third-party contractor is emblematic of a broader supply-chain and third-party access problem that nation-state actors—particularly DPRK-linked groups like Lazarus/TraderTraitor—are incentivized to exploit to accelerate cryptocurrency thefts that fund weapons programs. It describes three converging attack patterns (contractor misuse, fraudulent hiring, supply-chain compromise), cites large-scale crypto heists, and recommends stronger preview infrastructure, telemetry, personnel-level vetting, and supply-chain protections.