Discord has cut ties with Persona after revelations that the Peter Thiel-backed identity verification software was linked to US surveillance infrastructure.

The decision follows mounting scrutiny over how Persona's system was deployed and whether sensitive user data could have been exposed through government-connected endpoints. The controversy has reignited debate about privacy, age verification and the role of surveillance-linked technology in mainstream social platforms.

According toa report, researchers discovered thatPersona's front-end code was accessible on the open internetand hosted on a US government-authorised server. Nearly 2,500 files were reportedly sitting on a Federal Risk and Authorization Management Program endpoint, raising concerns about the software's scope.

Researchers claimed that Persona conducted facial-recognition checks against watchlists and screened users against lists of politically exposed persons. The software was also said to perform 269 distinct verification checks, including screening for 'adverse media' in categories such as terrorism and espionage.

'We didn't even have to write or perform a single exploit, the entire architecture was just on the doorstep,' researchers wrote in a blog post, adding that 53 megabytes of data were visible on a FedRAMP government endpoint that allegedly 'tags reports with codenames from active intelligence programmes'. Those findings fuelled concerns that Persona's systems may have been tied to broader US surveillance frameworks.

Discord has announced that it's cutting ties with Persona, the AI software they used for age and identity verificationvia The Vergepic.twitter.com/oYZ0uoHsXn

Discord confirmed it had severed its partnership with Persona, with both companies stating that the collaboration lasted less than a month and involved only a limited test group. Discord added that any information submitted during the trial could be stored for up to seven days before deletion, and stressed that only a small number of users were affected.

Still, the association with a Peter Thiel-backed system allegedly tied to US surveillance proved damaging.

The fallout arrives at a sensitive moment for Discord. The company had recently announced plans to default all accounts to teen-safety settings, requiring users to verify their age via Persona to access certain features—a move that drew criticism. Discord later clarified that age verification would remain optional unless users sought access to age-restricted servers and channels.

'We offer multiple privacy-forward options through trusted partners,' the company said, adding that 'facial scans never leave your device' and that Discord and its vendors do not receive biometric data. However, an archived version of Discord's FAQ appeared to contradict claims about data storage timelines, suggesting that UK users in an experimental group might have their information temporarily stored for up to seven days. This discrepancy further eroded trust at a time when Discord was already recovering from aprevious third-party data breach affecting more than 70,000 users.

Source: International Business Times UK