Mythos leaked: Anthropic’s “too dangerous” AI lands in Discord group days after limited release

Anthropic kept its most sensitive AI system behind closed doors, warning it was too risky for public release. Days later, it was reportedly running inside a private Discord group.

That’s the claim at the center of a new report from Bloomberg, which says a small group of researchers tracking unreleased models managed to access Anthropic’s “Mythos” system almost immediately after it went live. The model, a cybersecurity-focused AI released under a limited program called Project Glasswing, was meant for a tightly controlled set of partners. Instead, it may have slipped into a far less controlled environment.

According to the report, the group didn’t break in through a dramatic exploit. They worked off naming conventions exposed in a recent breach tied to Mercor and combined that with access tied to a contractor account. From there, they were able to locate what appears to be Anthropic’s internal deployment endpoint and start using the system.

“A small group of unauthorized users have accessed Anthropic PBC’s new Mythos AI model, a technology that the company says is so powerful it can enable dangerous cyberattacks,” Bloomberg reported, citing a person familiar with the matter and documentation viewed by the news outlet.

The result is a scenario that’s becoming harder for AI labs to avoid: the model itself may be advanced, but the weakest point is often the layer around it.

Anthropic had positioned Mythos as a system that couldn’t be widely released without risk. It was rolled out on April 10 to select partners, with the company reportedly concerned about how it could be used if it spread beyond controlled environments. Yet the first reported unauthorized use didn’t come from a rival government or a sophisticated cyber operation. It came from a Discord group.

How a Discord Group Accessed Anthropic’s Most Restricted AI Days After Launch

Members of that group told Bloomberg they are not using the system for attacks or harmful activity. They say their focus is research and exploration, and they claim to have accessed other unreleased models as well. Those claims haven’t been independently verified, but the broader issue stands: access controls are proving fragile at exactly the moment the technology is becoming more sensitive.

“A handful of users in a private online forum gained access to Mythos on the same day that Anthropic first announced a plan to release the model to a limited number of companies for testing purposes, said the person, who asked not to be named for fear of reprisal. The group has been using Mythos regularly since then, though not for cybersecurity purposes, said the person, who corroborated the account with screenshots and a live demonstration of the model,” Bloomberg notes.

A separate report from The Wall Street Journal adds another layer. The Journal reports that Anthropic is investigating possible unauthorized access linked to a third-party contractor. That points to a familiar risk pattern in modern AI deployment. The model isn’t just sitting inside one company’s walls. It’s exposed through partners, vendors, APIs, and internal tools spanning multiple organizations.

Each layer adds surface area.

This lands at a tense moment for Anthropic. The company has already been in discussions with U.S. defense agencies over how its systems should be controlled and who gets access. A potential exposure involving a cyber-focused model raises the stakes. It shifts the conversation from theoretical misuse to operational reality.

The incident, if confirmed in full, highlights a broader truth facing every major AI lab right now. Building powerful models is only part of the challenge. Controlling how they are accessed, distributed, and monitored is becoming just as critical.

Frontier model security is no longer a future concern. It’s already being tested in real time.