A private Discord group gained unauthorized access to Claude Mythos, the restricted cybersecurity model that Anthropic deliberately withheld from public release, Bloomberg reported on April 21. The group accessed Mythos on the same day Anthropic publicly announced it, and has been using it continuously since.

The breach method was remarkably low-tech. According to Fortune, the group made an educated guess about Mythos’ online location using naming conventions from a data breach at Mercor, an AI training startup compromised earlier this year. One member of the Discord group is employed as a third-party contractor for Anthropic and used that access to reach the model, Bloomberg reported.

What Anthropic Said

“We’re investigating a report claiming unauthorized access to Claude Mythos Preview through one of our third-party vendor environments,” an Anthropic spokesperson told TechCrunch. The company said it found no evidence the activity impacted Anthropic’s own systems or extended beyond the vendor environment.

Anthropic had restricted Mythos to approximately 40 companies, including Apple, Microsoft, Google, and JP Morgan Chase, through an initiative called Project Glasswing. Goldman Sachs, Citigroup, Bank of America, and Morgan Stanley are also reportedly testing the model, according to Euronews. Treasury Secretary Scott Bessent convened a meeting of senior bankers in Washington earlier this month to encourage testing the model for vulnerability detection, Bloomberg reported.

The Discord Group

The group operates a private Discord channel focused on finding unreleased AI models, according to Mashable. Members told Bloomberg they are “interested in playing around with new models, not wreaking havoc with them.” They provided screenshots and a live demonstration as evidence. They also claimed access to additional unreleased Anthropic models beyond Mythos, Mashable reported.

The group told Bloomberg they have been using Mythos for benign tasks like building simple websites, not cyberattacks. Anthropic confirmed to Bloomberg that the unauthorized users are not linked to any cyberattacks.

Why Mythos Matters

Anthropic built Mythos as an enterprise cybersecurity model capable of identifying and exploiting zero-day vulnerabilities across major operating systems and browsers. Mozilla used a preview to identify and patch 271 vulnerabilities in Firefox, according to Wired. Anthropic also used the model to discover a 27-year-old security flaw in OpenBSD, according to Geo.tv. Mozilla’s head technology officer Bobby Holley told Geo.tv that Mythos turns an intelligent engineer into a “world-class, elite security engineer.”

David Lindner, CISO at Contrast Security and a 25-year industry veteran, told Fortune the breach was predictable. “It was bound to happen. The more they add to this elite group, the more likely it was to get released to someone who shouldn’t probably have access to it.” Lindner noted that distributing the model to 40 companies means thousands of individuals potentially had access.

Lindner also raised the possibility that adversarial nation-states have already accessed the model. “If some group, some random Discord online forum, got access to it, it’s already been breached by China,” he told Fortune.

This is not Mythos’ first security incident. Fortune was the first to report on the model’s existence in March after a security lapse exposed details about it in a publicly accessible database. A model designed to find vulnerabilities in other people’s software keeps getting exposed through vulnerabilities in Anthropic’s own supply chain. The pattern suggests that restricting a model to “trusted partners” creates a false sense of containment when the attack surface expands with every vendor relationship.