Discord Group Claims Unauthorized Access to Claude Mythos by Exploiting Weak Security

Summary

An anonymous group of Discord users claims to have gained unauthorized access to Claude Mythos Preview, Anthropic's highly restricted AI model that the company describes as capable of identifying and exploiting zero-day vulnerabilities across major operating systems and browsers. According to Bloomberg, the group did not employ sophisticated hacking techniques but instead guessed the model's online location using naming conventions discovered in a recent Mercor data breach, combined with privileged access held by one group member working at an Anthropic contractor. Anthropic confirmed it is investigating the claim and stated there is no indication that other unauthorized parties have accessed Claude Mythos. The incident raises significant security concerns given that Anthropic positioned Claude Mythos as too dangerous for public release and restricted access through an invite-only Project Glasswing initiative designed to help tech leaders secure critical infrastructure.

• Anthropic is investigating the breach, with no current evidence of exploitation for malicious purposes, though the implications for a model described as a cybersecurity threat are concerning

Editorial Opinion

This incident exemplifies a critical tension in AI safety: Anthropic's decision to restrict Claude Mythos due to its dangerous capabilities rings hollow when basic security practices fail to protect it. The fact that Discord users needed only guessing and insider access—not sophisticated exploits—suggests the company prioritized controlled distribution over robust security infrastructure. For a company pitching itself as a responsible steward of powerful AI systems, this breach undermines confidence in both its technical security and its ability to manage other restricted models.