Discord cuts ties with Persona after exposed verification files found on government endpoint
Feb 24th 2026
Researchers discovered nearly 2,500 Persona frontend files publicly accessible on a U.S. government authorized endpoint, prompting Discord to end a short test of the vendor’s age verification software.
- Researchers found nearly 2,500 Persona files on a FedRAMP government endpoint, including 53 megabytes of data tagged with codenames linked to active intelligence programs.
- Persona’s system runs facial recognition, screens users against watchlists and politically exposed persons lists, and offers 269 distinct verification checks including adverse media across 14 categories.
- The exposed files were frontend source files that Persona called uncompressed source maps rather than a backend breach, while researchers said they required no exploit to access.
- Discord says the Persona pilot lasted less than a month, involved a small number of users, and any submitted information could be stored for up to seven days before deletion.
- Discord has ended its partnership with Persona and clarified age verification will remain optional except for access to age restricted servers and channels.
- Persona is partially funded by Founders Fund, serves clients including OpenAI, Lime, and Roblox, is seeking FedRAMP authorization, and denies ties to Palantir or ICE.
- The incident adds to prior vendor problems for Discord, including a 2025 breach of third party provider 5CA that exposed government IDs for more than 70,000 users.