Skip to main content
Emerging Threats

Discord Group Exploits Claude's Secret AI Model

Multiple laptop screens and peripherals on a minimalist desk, with code and Discord interface visible.

"a step up over previous frontier models," the AI Security Institute in Great Britain said of Anthropic's Mythos, a characterization that now sits at the center of a fresh access-control controversy.

Anthropic's Mythos and Project Glasswing partners

Anthropic announced the Mythos Preview model and immediately limited access to a select group of companies under a program called Project Glasswing. Bloomberg’s reporting, cited by GovInfoSecurity, lists Nvidia, Apple, Amazon and Cisco as members of that cohort. Anthropic framed the arrangement as a way for trusted partners to use the model to find and fix security vulnerabilities before malicious actors could exploit similarly capable technology.

Private Discord channel and the path to access

Bloomberg reported that an unauthorized group of users, operating in a private Discord channel dedicated to unreleased models, gained access to the Mythos Preview and have "regularly used it" since Anthropic revealed the model's existence. A source told Bloomberg the Discord group used a mix of tactics, including leveraging access that the source holds as a third‑party contractor for Anthropic and "made an educated guess about the model’s online location based on knowledge about the format Anthropic has used for other models."

The reporting ties those methods to data leaked in a recent breach at AI startup Mercor, referencing the Mercor breach linked to a LiteLLM supply‑chain attack. The story says the Discord channel also has access to other unreleased Anthropic models.

What the Discord group says it did — and did not — do

An apparent member of the private Discord group told Bloomberg that users have not used Mythos to hunt for new exploits. Anthropic has publicly emphasized the model’s vulnerability‑finding properties in its outreach, a claim that received external validation when the AI Security Institute described Mythos as "a step up over previous frontier models."

Those two lines — Anthropic's promotion of Mythos as a tool for vulnerability discovery and a Discord member's denial that the model was used to hunt for new exploits — frame the immediate factual claims on usage.

Anthropic's investigation and the current evidentiary picture

An Anthropic spokesperson told Bloomberg the company is investigating the matter but stated it has "no evidence of unauthorized Mythos use beyond the third party's IT environment." That comment, as reported, confines the firm's current public finding: investigators have not, to Anthropic's knowledge, observed activity outside the contractor's internal systems.

Bloomberg's reporting includes on‑the‑ground reporting assistance from ISMG's David Perera in Northern Virginia.

How Project Glasswing partners, Anthropic, and security teams are positioned

  • Project Glasswing partners (Nvidia, Apple, Amazon and Cisco): These named companies were the intended, limited recipients of Mythos access. The reported unauthorized availability to others complicates the partners' risk calculus around early access programs and shared testing environments.
  • Anthropic: The company has launched an investigation and publicly reported no evidence of use beyond a contractor's IT environment. Anthropic also aims to position Mythos as a tool for proactive vulnerability discovery, an approach now tested by the reported leak and subsequent scrutiny.
  • Security researchers and validators: Independent validators have given Mythos technical praise — the AI Security Institute called it "a step up over previous frontier models." At the same time, the appearance of the model in private channels and its alleged linkage to leaked Mercor data underscores the intersection of model capability assessments and information‑security hygiene.

OpenAI's near‑contemporaneous move is also relevant to the broader marketplace: days after Anthropic's Mythos announcement, OpenAI released GPT‑5.4‑Cyber with the stated intention of making it "as widely available as possible," saying it would rely on user identity verification and "trust signals" to prevent misuse.

For now, the record in reporting is compact but consequential: an advanced, selectively released model has been accessed by an unauthorized community; the group says it has not used the model for exploit discovery; Anthropic is investigating and reports no evidence of use beyond a contractor's systems; and public validators have judged the model technically notable. The incident sharpens immediate questions about how sensitive models are stored, how third‑party contractor access is controlled, and whether promotional claims about a model’s defensive capabilities alter adversaries’ incentives.

Anthropic's next disclosures from its investigation and any further reporting from Bloomberg will determine whether this episode is primarily a supplier‑security failure tied to leaked Mercor data or a broader gap in how frontier models are provisioned and policed. Until then, the facts recorded so far leave one clear task: confirm whether usage extended beyond a contractor's IT environment — or whether the leak was limited to credentials and files inside a private circle.

Original story at GovInfoSecurity (source: Bloomberg, reporting with ISMG's David Perera)