What Happened
On March 26, 2026, security researchers Roy Paz from LayerX Security and Alexandre Pauwels from the University of Cambridge discovered that Anthropic had left nearly 3,000 unpublished internal files publicly accessible due to a CMS (content management system) misconfiguration.
Buried in those files were draft blog posts describing a model Anthropic had never publicly announced: Claude Mythos, internal codename Capybara.
Fortune broke the story after reviewing the documents and contacting Anthropic. Anthropic confirmed everything and restricted access to the exposed files.
This was not a hack. It was a configuration error. The kind of basic security hygiene failure that the model itself is supposedly designed to help prevent.
What Is Claude Mythos?
Claude Mythos is Anthropic's newest and most powerful AI model. Here is what the leaked documents reveal:
A new tier entirely. Mythos is not an upgrade to Opus. It sits above it. The Claude model hierarchy is now:
- ●Haiku - fast, cheap, lightweight tasks
- ●Sonnet - balanced performance and cost
- ●Opus - flagship reasoning and analysis
- ●Capybara (Mythos) - breakthrough capabilities across coding, reasoning, and cybersecurity
Training is complete. The model is not a concept or a roadmap item. It is built, trained, and currently in limited early-access testing with a small group of customers.
Anthropic's own words: In their statement to Fortune, Anthropic called Mythos "a step change" and "the most capable we've built to date." They described it as a "general purpose model with meaningful advances in reasoning, coding, and cybersecurity."
Performance: The leaked drafts say Mythos scores "dramatically higher" than Claude Opus 4.6 on benchmarks for software coding, academic reasoning, and cybersecurity tasks.
Cost: The documents describe it as "very expensive for Anthropic to serve and very expensive for customers to use." It is larger and more compute-intensive than Opus.
Design philosophy: Built to "create deep connective tissue between ideas and knowledge." This suggests stronger cross-domain reasoning, where the model connects insights from one field to solve problems in another.
The Cybersecurity Angle
This is what turned a tech leak into front-page financial news.
The leaked draft blog posts describe Mythos as "currently far ahead of any other AI model in cyber capabilities." Analysts characterized it as having "the potential to become the ultimate hacking tool, one that can elevate any ordinary hacker into a nation-state adversary."
That is not marketing language. That is a warning.
What this means in practice:
- ●Mythos can reportedly find and exploit software vulnerabilities faster and more effectively than existing tools
- ●The model "presages an upcoming wave of models that can exploit vulnerabilities in ways that far outpace the efforts of defenders"
- ●Anthropic's leaked strategy includes giving cyber defenders early access so they can use the model to harden codebases before the same capabilities become broadly available
The market reaction was immediate. On March 27, cybersecurity stocks sold off:
| Company | Drop |
|---|---|
| Tenable | -9% |
| Okta | -7%+ |
| Netskope | -7%+ |
| CrowdStrike | -6% |
| Palo Alto Networks | -6% |
| Zscaler | -6% |
| SentinelOne | -6% |
| iShares Cybersecurity ETF | -4.5% |
Evercore analysts said the reaction reflects concerns about whether LLMs could "encroach on software companies' competitive advantages." If an AI model can find vulnerabilities faster than the tools designed to protect against them, the entire security industry has a problem.
The Irony
Multiple commentators pointed out the obvious: Anthropic, a company positioning its newest model as a cybersecurity breakthrough, had its most sensitive internal documents exposed because someone misconfigured a CMS.
Get the Weekly IT + AI Roundup
What changed this week in NinjaOne, ServiceNow, CrowdStrike, and AI. One email, every Monday.
No spam, unsubscribe anytime. Privacy Policy
Not a zero-day exploit. Not a sophisticated supply chain attack. A content management system left open to the public internet.
This is the digital equivalent of a locksmith leaving their front door unlocked. Security researchers did not need to break anything. The files were just sitting there, accessible and searchable.
It is a reminder that the biggest security risks are rarely technical. They are human.
Release Strategy
Based on the leaked documents and Anthropic's confirmation:
No public launch date. The rollout timeline is tied to safety evaluation outcomes, not a fixed commercial schedule. Anthropic is "being deliberate about how we release it."
Differential access. Cyber defenders get early access first. The idea is to let security teams use Mythos to find and fix vulnerabilities before the same offensive capabilities become broadly available.
Efficiency work in progress. Anthropic says it is working to make the model "much more efficient before any general release." This suggests the current version is too expensive to serve at scale.
API access first. When Mythos does launch, it will expand gradually through the Claude API before reaching consumer products.
What This Means for Claude Users
If you are using Claude today, here is what to watch:
Pricing will matter. If Mythos is "very expensive to serve," expect premium pricing. This could mean a new subscription tier above Max ($200/month), or per-token API pricing significantly higher than Opus. The model is not going to be cheap.
Opus is not going away. Just like Sonnet did not replace Haiku, Capybara will not replace Opus. Each tier serves a different use case. Most users will stay on Sonnet or Opus for daily work and use Capybara for tasks that genuinely require breakthrough reasoning.
Cybersecurity use cases will lead. Based on the leaked strategy, expect the first public demonstrations and case studies to focus on security applications. Code auditing, vulnerability discovery, and threat analysis will be the initial selling points.
The model hierarchy matters for your workflow. If you are building with the Claude API, start thinking about which tasks justify the cost of a Capybara-tier model versus Opus or Sonnet. The right answer for most applications is: use the cheapest model that gets the job done, and only escalate to higher tiers for genuinely complex reasoning.
The Bigger Picture
Every major AI lab is racing toward the same destination: models that can act autonomously on complex, multi-step tasks. OpenAI's GPT-5.3-Codex was the first to achieve a "high capability" rating on cybersecurity benchmarks. Google's Gemini 2.5 Pro pushed the frontier on coding and reasoning. Now Anthropic says Mythos is "far ahead of any other AI model in cyber capabilities."
The competitive dynamic is accelerating. Each new model raises the bar for what AI can do. And each leak, benchmark, or demo puts pressure on every other lab to ship faster.
For users, this is good news. Better models, more competition, lower prices over time. For the cybersecurity industry, it is a wake-up call. The tools that find vulnerabilities are getting stronger faster than the tools that defend against them.
And for Anthropic, the irony of this particular leak will follow them for a long time. The company that built the most advanced cybersecurity AI in the world got caught by a misconfigured CMS.
Sources:
- ●Fortune: Anthropic 'Mythos' model revealed in data leak
- ●Fortune: Anthropic leaked AI model with unprecedented cybersecurity risks
- ●CNBC: Cybersecurity stocks fall on Anthropic Mythos report
- ●The Decoder: Anthropic leak reveals Claude Mythos
- ●Futurism: Anthropic leaked Mythos in the most ironic way possible
- ●CyberSecurity News: Anthropic's leaked drafts expose Claude Mythos
- ●CoinDesk: Claude Mythos leak reveals cybersecurity nightmare
*Want to stay ahead of AI model releases and understand which tools fit your workflow? Take the free quiz and get matched in 2 minutes.*
*For a deep dive into Claude's automation features (Cowork, Dispatch, Computer Use), check out Module 7 of our Claude Mastery course.*