Discord Users Crack Anthropic’s Restricted Mythos AI Model
Key Points
- Discord community members accessed Anthropic’s Mythos Preview AI model.
- The group used data from a breach at AI‑training startup Mercur to locate the model.
- Existing permissions from a contracting role allowed broader access to unreleased Anthropic models.
- Researchers limited use to building simple websites to avoid detection.
- Anthropic has not released an official statement regarding the incident.
- The breach highlights vulnerabilities in AI model distribution and contractor access controls.
A group of Discord community members accessed Anthropic’s tightly guarded Mythos Preview AI model after exploiting a breach at AI‑training startup Mercur and leveraging existing permissions from a contracting role. The researchers used the model only to create simple websites, avoiding detection, but their actions expose gaps in Anthropic’s access controls and raise concerns about the security of advanced AI tools.
Anthropic’s Mythos Preview, touted as a powerful AI model for uncovering software vulnerabilities, was supposed to be available only to a select group of partners. Instead, a loosely organized team of Discord users managed to break into the system, gaining unauthorized access not only to Mythos but also to several other unreleased Anthropic models.
The break-in began with data from a recent breach at Mercur, an AI‑training startup that collaborates with developers. By sifting through the leaked information, the Discord sleuths pieced together clues about the format Anthropic uses for its model URLs. Their educated guess led them to the online location of Mythos, which they accessed without triggering the company’s safeguards.
One participant in the effort already held permissions to Anthropic’s internal resources through a contracting firm that services the AI lab. That foothold allowed the group to expand their reach beyond Mythos, pulling down additional unreleased models that had not yet been publicly announced.
Despite the high‑profile nature of the tools they uncovered, the group’s activity appears deliberately low‑key. According to Bloomberg, the participants have so far used Mythos only to build simple websites—an approach designed to stay under Anthropic’s radar rather than launch large‑scale attacks. Their restraint suggests a focus on exploration rather than exploitation, yet the incident highlights a critical weakness in Anthropic’s model‑distribution architecture.
Anthropic has not commented publicly on the breach, and the company’s official channels remain silent about any remediation steps. Industry observers note that the episode underscores the challenges AI developers face when trying to balance rapid innovation with robust security. As AI models become more capable of identifying vulnerabilities in other software, protecting the models themselves becomes an increasingly complex task.
Security experts warn that the incident could set a precedent for other AI labs. If a relatively small group of hobbyist researchers can locate and access a restricted model by piecing together publicly available breach data, larger threats may emerge. The episode also raises questions about the vetting processes for contractors who gain internal access to sensitive AI assets.
For now, Anthropic’s Mythos remains out of the public eye, but the Discord breach serves as a reminder that even the most guarded AI tools are vulnerable to determined actors with the right combination of technical know‑how and opportunistic data.