A Discord group guessed Anthropic's URL pattern and walked into Claude Mythos

A small group on a private Discord server has been logging into Claude Mythos since April 7, the day Anthropic billed the model as too dangerous to release publicly, according to Bloomberg’s report picked up by TechCrunch. They got in by combining a third-party contractor’s access with an educated guess at the URL where Anthropic stages preview models. Anthropic told Bloomberg it’s “investigating a report claiming unauthorized access to Claude Mythos Preview through one of our third-party vendor environments.”

What we know

• Same-day access. Mythos was announced on April 7 as a frontier cybersecurity model gated to a handful of vetted partners. The Discord group has been using it ever since, per Bloomberg.
• The vector was a contractor. One member of the group works at a third-party vendor that Anthropic gave Mythos access to, Fortune reports. That credential is what let the broader Discord group log in.
• The URL was guessed, not breached. Cybernews summarizes the group’s claim: they predicted Mythos’s preview URL by extrapolating from Anthropic’s URL conventions on past models. They didn’t find a hole in Anthropic’s network; they figured out where the door was.
• Mercor was the assist. Fortune ties the prediction to an earlier compromise of AI labeling startup Mercor, which itself was hit through the open-source litellm project. Whatever the group learned about Anthropic’s URL pattern came from that leak.
• Live demo to Bloomberg. The group provided screenshots and a live demonstration of Mythos to Bloomberg’s reporters. That’s how the story got nailed down.
• Anthropic’s framing. Anthropic says no evidence the activity extended past the third-party vendor environment, and no evidence its own systems were touched. The Verge’s headline read it the way Anthropic feared: “Anthropic’s Mythos breach was humiliating”.

What’s still unclear

• Which contractor. No outlet has named the third-party vendor. Hackread frames it as a vendor-environment breach, not an Anthropic-network breach, but the gap matters for liability and for which Glasswing partner gets a quiet phone call this week.
• Mythos’s actual capabilities. Anthropic’s Glasswing pitch was that Mythos can find vulnerabilities at elite-human-researcher level. The Discord group’s stated interest, per Bloomberg, was access for its own sake, not weaponization. Whether anything they did with Mythos shows up in the wild is the next shoe.
• The Mercor link. Fortune connects this breach to the earlier Mercor compromise via litellm. That chain implicates several open-source AI infra projects in the supply path that led to Mythos credentials being predictable. None of those projects has acknowledged a role yet.
• What changes inside Anthropic. Mythos was Anthropic’s pitch to the NSA, Mozilla, and a half-dozen Glasswing partners that it could ship a frontier cyber model under tight access controls. The pitch survives only if the vendor-environment story holds and Anthropic shows what changed.

Who reported it first

Bloomberg broke the story on April 21 with the Discord-group sourcing and live demo. TechCrunch, The Verge, Fortune, Hackread, and Cybernews picked it up over the next 48 hours. Wired’s “Discord Sleuths” piece on April 25 added the framing that has stuck: this wasn’t a hack, it was reconnaissance by people who read URL patterns for fun.

What this means for you

If you’re shipping models behind a “preview” gate, this is the bug you want to fix before it bites: predictable URL conventions plus contractor credentials plus a leaky upstream supply chain. None of those failures alone is dramatic. Together, they’re how a model labeled “too dangerous to release” leaks to a Discord on launch day.

If you’re a Glasswing partner or considering becoming one, expect access tightening. Anthropic will likely rotate URLs, force per-partner subdomains, and add per-tenant network egress filtering. Some partners will lose access for a few days while that lands. Push for an SLA in writing on incident communication; “we’re investigating” twelve days after the fact is the wrong cadence for the model that’s supposed to be hardening your products against zero-days.

My read: this is embarrassing for Anthropic, but it’s not the Mythos story that matters. The bigger one is what happens to Glasswing’s partner list, and whether the Pentagon’s existing supply-chain doubts about Anthropic just got a free assist.