It's the whole story (that your article references/links to via other reposts).

1. Rogue discord users got access by guessing a URL

> The group of users made an educated guess about the model’s online location based on knowledge about the format Anthropic has used for other models

2. Oh wait, they had valid credentials from a third party (presumably former 3rd party now)

> Crucially, the person also has permission to access Anthropic models and software related to evaluating the technology for the startup. They gained this access from a company for which they have performed contract work evaluating Anthropic’s AI models.

https://archive.is/9Oxlr

> https://archive.is/9Oxlr

Thanks, this article is really interesting too, I have uploaded it to archive.org too in case someone else wants to read it (https://web.archive.org/web/20260507015350/http://serjaimela...)

> 2. Oh wait, they had valid credentials from a third party (presumably former 3rd party now)

I find it interesting but how many other software have a similar achilles heel? recently vercel had something similar happen where all their env's which sometimes included really sensitive information like database passwords got leaked because an AI company that they used got compromised because an employe e at that company got compromised because of using an roblox cheat software iirc.

Are there any reports on who the third party is exactly, It doesn't inspire confidence that an third party used by Anthropic got compromised enough to leak access to mythos but also wouldn't more companies also rely on the said third party who could've also gotten compromised or (maybe already might've?)

Do you know how the story got to bloomberg as well? I mean I wonder how anyone outside of that group and perhaps maybe Anthropic's logs came to know about all of this/the discord group.