Anthropic didn’t announce Claude Mythos. The internet found it first.
- What Is Claude Mythos?
- How It Leaked: A Very Ironic Misconfiguration
- Claude Mythos vs. Capybara: What’s the Difference?
- What Can Claude Mythos Actually Do?
- Why Cybersecurity Teams Are Both Excited and Worried
- The Market Reacted Immediately
- Context: Anthropic Has Already Dealt With Misuse at Scale
- What Anthropic Has Officially Confirmed
- FAQ
- Bottom Line
Last week, a misconfiguration in Anthropic’s content management system left nearly 3,000 internal documents sitting in a publicly searchable data store — including a draft blog post for a model the company wasn’t ready to talk about. Security researchers found it. Fortune reviewed it. And within hours, cybersecurity stocks were tumbling and governments were getting private briefings.
This is the full story of Claude Mythos: what it is, what it can do, and why even Anthropic is nervous about it.
What Is Claude Mythos?
Claude Mythos is Anthropic’s next-generation AI model — trained, confirmed, and already being tested with a small group of enterprise customers. Anthropic describes Mythos as “the most powerful AI model we’ve ever developed,” choosing the name to “evoke the deep connective tissues that link together knowledge and ideas.”
But naming philosophy aside, what the leaked documents actually describe is something more significant: a model that doesn’t just improve on what came before — it introduces an entirely new tier in Anthropic’s model lineup.
Anthropic currently offers models in three tiers: Opus (most capable), Sonnet (faster and cheaper), and Haiku (smallest and fastest). Capybara — the internal codename linked to Mythos — would add a fourth, pricier tier above all three.
So where previous announcements said “this is our best Opus yet,” Anthropic is effectively saying this model is in a different category altogether.
How It Leaked: A Very Ironic Misconfiguration
The leak itself is almost too on-the-nose to be real.
A configuration error in Anthropic’s content management system made nearly 3,000 unpublished assets publicly searchable. Security researchers Roy Paz of LayerX Security and Alexandre Pauwels of the University of Cambridge discovered the exposed data store, which contained a draft blog post describing the model in detail. Fortune reviewed the documents and alerted Anthropic, after which the company restricted public access.
Ironically, a company that regularly discusses security frameworks, risk levels, and authorized approvals had the existence of a new flagship model revealed not through a planned announcement, but due to a configuration error in its own release process.
And here’s the part that writes itself: the leaked draft claimed that the new model “poses unprecedented cybersecurity risks.” In other words, a company accidentally exposed its own secrets through a basic infrastructure mistake — while announcing a model designed to find exactly those kinds of mistakes.
Claude Mythos vs. Capybara: What’s the Difference?
The naming here gets a bit confusing, so let’s clear it up.
Anthropic’s documents label Mythos as version one of the new model, and describe version two internally as “Capybara,” which the company also positioned above its current top-tier Opus models. The two names appear to refer to the same underlying model family — with Mythos being the first release of what Capybara represents as a tier.
Anthropic hasn’t made it clear what the final name of the model will be. For now, most reporting uses Mythos and Capybara interchangeably, though technically they seem to be successive versions of the same breakthrough architecture.
What Can Claude Mythos Actually Do?
The leaked draft is specific about performance. Compared to Claude Opus 4.6, Capybara gets dramatically higher scores on tests of software coding, academic reasoning, and cybersecurity, among others. And Opus 4.6 is already no slouch — it recently topped Terminal-Bench 2.0 at 65.4%, surpassing GPT-5.2-Codex.
But it’s the cybersecurity angle that’s generating the most attention.
The draft describes the model as “currently far ahead of any other AI model in cyber capabilities” and warns it “presages an upcoming wave of models that can exploit vulnerabilities in ways that far outpace the efforts of defenders.”
That’s Anthropic — not a critic, not a regulator — writing in its own draft blog post that its model could outrun the people trying to protect against it.
Anthropic is also privately warning top government officials that Mythos makes large-scale cyberattacks much more likely in 2026. That’s a remarkable posture: a company essentially issuing a threat advisory about its own product before it’s even publicly released.
There’s also a practical constraint worth noting. Mythos is extremely compute-intensive and expensive to run, and Anthropic said it is working on making it much more efficient before any general release. So even if you wanted access today, the infrastructure isn’t ready for it at scale.
Why Cybersecurity Teams Are Both Excited and Worried
The dual-use nature of a tool this capable is exactly what makes Mythos so contentious.
Anthropic wants to seed Mythos across enterprise security teams first and has already been testing the model’s cybersecurity capabilities with a small number of early access customers. The rationale seems straightforward: if today’s models can already identify and even help exploit software vulnerabilities, a more capable system like Mythos could significantly accelerate both discovery and misuse — raising the stakes for defenders and attackers alike.
The plan, then, is to give defenders a head start. Anthropic will be slowly expanding access to Claude Mythos to more customers using the Claude API over the coming weeks, with a particular focus on cybersecurity uses.
It’s a responsible-disclosure logic applied to an entire AI model — give the good guys the tool before the bad guys figure out how to replicate it. The problem with that analogy, as some analysts have pointed out, is that a vulnerability disclosure patches one bug for one vendor. A general-purpose cybersecurity AI is a capability multiplier for whoever gets access to it.
On March 6, Anthropic released details about its collaboration with Mozilla and reported that Claude Opus 4.6 had found 22 vulnerabilities in Firefox in February — more than in any single month of 2025. That was the previous best model. The implications of what Mythos might find — or enable others to find — aren’t small.
The Market Reacted Immediately
News of the leak hit financial markets fast.
Shares of several cybersecurity firms dropped after the reports surfaced, including Palo Alto Networks, which fell about 7%, and CrowdStrike, which dropped roughly 6.4%. Zscaler declined around 5.8%, and Fortinet slipped about 4% during Friday trading.
The sell-off logic isn’t hard to follow. If an AI model can find vulnerabilities faster than human security teams, the value proposition of certain defensive security products narrows. But not everyone agrees with that read. Some analysts see vendors increasingly embedding frontier models from Anthropic and others, rather than being replaced by them — powerful models will not replace cybersecurity platforms.
This isn’t the first time an Anthropic announcement has rattled markets. Earlier this year, the unveiling of Claude Cowork triggered a broad sell-off across software and professional-services companies.
Context: Anthropic Has Already Dealt With Misuse at Scale
The cybersecurity concern isn’t theoretical. Anthropic has documented real-world abuse of its existing models.
Hacking groups, including those linked to the Chinese government, have attempted to exploit Claude in real-world cyberattacks. In one documented case, Anthropic discovered that a Chinese state-sponsored group had already been running a coordinated campaign using Claude Code to infiltrate roughly 30 organizations — including tech companies, financial institutions, and government agencies — before the company detected it.
Over the following 10 days, Anthropic investigated the full scope of the operation, banned the accounts involved, and notified affected organizations.
That incident involved Claude Code — a version of the model that’s already publicly available. What happens when a model described as “far ahead of any other AI model in cyber capabilities” gets into the wrong hands is a question Anthropic is clearly taking seriously, even if the leak forced the conversation earlier than planned.
What Anthropic Has Officially Confirmed
Despite not planning to announce Mythos yet, Anthropic’s response after the leak was more candid than you might expect.
An Anthropic spokesperson confirmed: “We’re developing a general purpose model with meaningful advances in reasoning, coding, and cybersecurity. Given the strength of its capabilities, we’re being deliberate about how we release it. As is standard practice across the industry, we’re working with a small group of early access customers to test the model. We consider this model a step change and the most capable we’ve built to date.”
That’s a pretty clear statement for something the company didn’t intend to announce. They confirmed: the model exists, it’s being tested, it’s their most capable to date, and they’re moving carefully on release.
What they haven’t confirmed: a specific release timeline, final pricing, or what benchmarks actually look like in a controlled evaluation rather than a draft marketing document.
FAQ
What is Claude Mythos?
Claude Mythos is Anthropic’s unreleased next-generation AI model, described internally as the most powerful model the company has ever built. It sits above the existing Opus tier in a new model category, with significantly improved performance in coding, reasoning, and cybersecurity.
How did Claude Mythos leak?
A misconfiguration in Anthropic’s content management system left around 3,000 internal documents — including a draft blog post about Mythos — publicly accessible and searchable. Security researchers discovered the cache; Fortune reviewed and reported on the documents.
What is Capybara in relation to Mythos?
Capybara appears to be the internal codename for the new model tier, while Mythos is the first version of that tier. Anthropic has not confirmed a final product name.
Is Claude Mythos available to use?
Not publicly. Anthropic is currently running a limited early-access program with enterprise customers focused on cybersecurity. A wider release has no confirmed date.
Why did cybersecurity stocks fall after the leak?
Because the leaked documents described Mythos as “far ahead of any other AI model in cyber capabilities” — raising concerns that it could automate vulnerability discovery and exploitation faster than existing security tools can respond.
Is Claude Mythos dangerous?
Anthropic itself flagged the dual-use risk. The model can help defenders find vulnerabilities faster, but the same capability could be used to accelerate attacks. Anthropic is briefing government officials and restricting early access to defense-focused organizations for this reason.
Bottom Line
Claude Mythos is real, it’s trained, it’s being tested — and the world found out about it through the kind of infrastructure mistake the model is designed to detect.
That irony aside, what the leak actually reveals is a genuine step change in AI capability, one that Anthropic itself is approaching with unusual caution. The company isn’t rushing a launch. It’s briefing governments, seeding defenders first, and being deliberate about what it releases and to whom.
Whether that caution is enough — or whether “deliberate” means six weeks or six months — is still unknown. But one thing is clear: the AI arms race in cybersecurity just got a lot more complicated.
