Anthropic Mythos Leak Reveals 'Step-Change' AI Model

A misconfigured content management system just exposed Anthropic's biggest secret. Nearly 3,000 files leaked into a public data lake, revealing Claude Mythos — the company's most powerful AI model yet. This isn't just another incremental upgrade. Anthropic calls it a "step change" in capabilities, designed for a world where AI can exploit cybersecurity vulnerabilities faster than defenders can patch them.

🔐 From Human Error to Global Headlines

The leak started with a simple mistake. Anthropic's CMS defaulted to public URLs for uploads unless someone manually switched them to private. Classic human error, as the company admitted to Fortune. Result? Nearly 3,000 assets — draft blog posts, PDFs, internal employee documents — became accessible to anyone who knew where to look. Among the treasure hunters, Roy Paz from LayerX Security and Alexandre Pauwels from Cambridge University struck gold: a fully structured draft announcing Claude Mythos. The irony cuts deep. A model designed to tackle "unprecedented cybersecurity risks" got exposed through basic cybersecurity negligence.

If you needed proof that even the most advanced AI companies have human problems, here it is. An AI model built to counter cyber threats leaked because of cyber carelessness.

⚡ Claude Mythos: The 'Step Change' Model

According to the leaked draft, Claude Mythos is "by far the most powerful AI model we have ever developed." That's not marketing speak. Anthropic later confirmed it represents a "step change" in AI performance and is "the most capable we have built to date."

🏗️ The New Tier: Capybara

Here's where things get interesting. Mythos doesn't just improve on existing Claude models — it creates an entirely new category called Capybara. Until now, Anthropic offered three tiers: - **Opus**: Most powerful and expensive - **Sonnet**: Faster and cheaper, but less capable - **Haiku**: Smallest, cheapest, and fastest Capybara sits *above* Opus — more powerful, more expensive. "Compared to our previous best model, Claude Opus 4.6, Capybara achieves dramatically higher scores on software coding, academic reasoning, and cybersecurity tests," the leaked post states.

3,000 Files leaked

4 tiers Claude models (with Capybara)

🧪 Early Access Phase

The model isn't ready for general release. It's in trial phase with "a small group of early access customers," as an Anthropic spokesperson confirmed. This careful approach isn't accidental — it stems from serious risks the company has identified.

🚨 The Risks That Worry Anthropic

This is where the story gets genuinely concerning. The leaked document describes Mythos as "currently far ahead of any other AI model on cyber capabilities." That's not necessarily good news. "It heralds an incoming wave of models that can exploit vulnerabilities in ways that far outpace defender efforts," Anthropic warns. Translation: hackers are about to get tools that make their job much easier.

🎯 The Release Strategy

Instead of presenting Mythos as another milestone, Anthropic plans to offer it first to cyber defenders. "We want to understand the potential risks of the model in the cybersecurity realm — and share the results to help cyber defenders prepare." It's a rare case where an AI company admits upfront that its product could be weaponized — and tries to give the "good guys" a head start.

We're providing early access to organizations, offering them a head start in improving their codebase resilience against the incoming wave of AI-driven exploits.
Anthropic draft blog post

🌍 The Broader Context

Mythos isn't unique in raising these concerns. In February 2026, OpenAI released GPT-5.3-Codex — the first model it categorized as "high capability" for cybersecurity tasks in its Preparedness Framework. Anthropic had similar experiences with Opus 4.6, released the same week. The model showed ability to discover unknown vulnerabilities in production codebases — a dual-use capability that helps both hackers and defenders.

📊 Real Threats, Not Theories

The concerns aren't hypothetical. Anthropic has reported that hacking groups, including those linked to the Chinese government, have attempted to exploit Claude in real cyberattacks. In one documented case, the company discovered a Chinese state-sponsored group was already running a coordinated campaign using Claude Code to infiltrate about 30 organizations — tech companies, financial institutions, government agencies — before the company caught them.

Defense-First Approach

Anthropic gives cyber defenders first access to prepare for AI-driven exploits.

Vulnerability Discovery

The model can discover unknown security holes in production code.

💼 The 'Exclusive' Leak

The leak didn't just contain technical details. Among the 3,000 assets was a PDF describing an upcoming, invite-only retreat for European company CEOs in the UK, featuring Dario Amodei, Anthropic's CEO. The retreat is described as an "intimate gathering" for "thoughtful conversation" at an 18th-century manor converted to a hotel-and-spa in the English countryside. Participants will hear from lawmakers and policymakers about how businesses adopt AI and will experience unreleased Claude capabilities.

📈 Market Impact & Reactions

The market didn't stay indifferent. Cybersecurity stocks tumbled the Friday following the leak — a clear sign that investors are taking Anthropic's warnings about the "incoming wave of AI-driven exploits" seriously. The announcement comes during a period when the AI industry continues to burn billions of dollars running massively resource-hungry models, passing only a fraction of the cost to consumers and enterprise customers.

🤔 The Reality Check

Of course, the fact that a frontier AI company is working on something it claims is "the next big thing" isn't exactly unprecedented. Whether Claude Mythos will actually represent a significant "step change" in practice, outside a carefully curated testing environment, is uncertain. Case in point: OpenAI's much-anticipated GPT-5 was a major disappointment when it launched in August, falling short of the company's lofty promises.

🎯 Frequently Asked Questions

What is Claude Mythos and when will it be released?

Claude Mythos is Anthropic's new, most powerful AI model described as a "step change" in AI capabilities. It's currently in early access phase with selected customers. The company hasn't announced an official general release date.

Why is Anthropic worried about cybersecurity risks?

According to the leaked information, Mythos is "far ahead of any other AI model on cyber capabilities" and can exploit vulnerabilities faster than defenders can respond. The company wants to give cyber defenders a head start before making it widely available.

What is the Capybara tier and how does it differ from Opus?

Capybara is a new model category that sits above the current Opus tier. It will be larger, more "intelligent," and more expensive than existing Opus models, with dramatically higher scores on software coding, academic reasoning, and cybersecurity tests. The Claude Mythos story isn't just another AI announcement that leaked earlier than scheduled. It's an example of how technological progress can bring both opportunities and risks — and how even the most advanced companies can lose control of their information through a simple configuration error. If Mythos lives up to its promises, the next few years will be quite interesting — for both developers and hackers.

Anthropic Claude Mythos AI leak data breach AI security machine learning tech news cybersecurity

Sources:

Major Data Breach Exposes Anthropic's Secret Claude Mythos AI Model with Revolutionary Capabilities