Nearly 3,000 unpublished Anthropic files sat exposed on a public data repository last week. Hidden inside was the company's biggest secret for 2026: Claude Mythos, an AI model that Anthropic describes as "the most powerful we've ever built."
The leak didn't just reveal the new model's existence. It exposed something more troubling: the "unprecedented cybersecurity risks" it brings with it. When an AI designed to protect systems can simultaneously destroy them, the gray areas get a lot darker.
Anthropic confirmed the leak's authenticity after Fortune reached out for comment. While the company blamed "human error" in configuring their content management system, the damage control came too late â news of Claude Mythos had already escaped.
đŹ Claude Mythos: The New "Capybara" Category
The new model carries two names for the same technology. "Claude Mythos" on one side, "Capybara" on the other â an entirely new category that sits above the familiar Opus, Sonnet, and Haiku tiers.
The leaked blog post states that Capybara "scores dramatically higher on coding, academic reasoning, and cybersecurity tests" compared to Claude Opus 4.6. That means it doesn't just write better code â it spots vulnerabilities with precision we haven't seen before.
But here's the irony: a model supposedly improving cybersecurity leaked due to... a cybersecurity problem. Anthropic left nearly 3,000 files on a public URL without protection.
⥠Cybersecurity Risks: The Dark Side of Progress
The original post doesn't hide the company's concern. "It heralds an incoming wave of models that can exploit vulnerabilities in ways that far exceed the efforts of defenders," the draft states.
Claude Mythos is "currently far ahead of any other AI model in cyber capabilities" â that's their own description. Not marketing speak, but a warning.
The release strategy appears to focus on defenders first. Instead of selling it to the general public, Anthropic plans to give it to organizations "to get a head start on improving their codebase resilience against the incoming wave of AI-driven exploits."
Sounds reasonable. But what happens when this technology reaches the wrong hands?
Previous Incidents
This isn't theoretical risk. Anthropic has already spotted a Chinese state group using Claude Code for coordinated attacks on roughly 30 organizations â from tech companies to financial institutions and government agencies. The discovery came after the breach, not before.
đ Technical Details and Benchmark Performance
Claude Mythos has completed training and is in testing phase with selected early access customers. Anthropic characterizes it as a "general purpose model with significant improvements in reasoning, coding, and cybersecurity."
How "significant"? The leaked post mentions a "step change" in performance â a term that in the AI industry means a qualitative leap, not just improvement.
Software Coding
Dramatically higher scores than Claude Opus 4.6 on programming tests
Academic Reasoning
Enhanced reasoning capabilities on academic-level problems
Cybersecurity
Advanced vulnerability detection and risk assessment
Operating costs appear to be high â likely even higher than the already expensive Opus. This doesn't surprise, considering models in this category require massive computational resources.
đą The Leak: Technical Details and Implications
How does such a leak happen at a company dealing with cybersecurity? The answer lies in the details of Anthropic's Content Management System (CMS).
Digital assets uploaded to the CMS are public by default and get accessible URLs â unless the user explicitly changes the setting to private. Simple human error. But with massive consequences.
"An issue with one of our external CMS tools led to draft content becoming accessible"
â Anthropic spokesperson
Among the leaked files were other interesting items: PDFs with details about an exclusive CEO retreat in Britain where Dario Amodei will attend, even corporate information like employee maternity leaves.
Market Reaction
The cybersecurity risks revelation had immediate impact. Cybersecurity company stocks dropped Friday after the news â the market seemed to understand the message quickly.
đŻ Comparisons with the Competitive Scene
Claude Mythos isn't the only model raising cybersecurity concerns. February 2026 brought OpenAI's GPT-5.3-Codex â the first model the company categorized as "high capability" for cybersecurity tasks in their Preparedness Framework.
Meanwhile, Claude Opus 4.6, released the same week, demonstrated ability to identify previously unknown vulnerabilities in production codebases. Dual-use capability â it can help both defenders and attackers.
The difference is that Mythos appears to be "classes ahead" of all existing models in this area. At least that's what Anthropic claims.
Of course, lofty promises aren't always reliable. Remember OpenAI's GPT-5 that proved to be a "major letdown" when it launched in August, far below expectations.
đź What It Means for AI's Future
Claude Mythos brings a fundamental contradiction to the forefront: how do we develop AI that protects against cyberattacks without simultaneously creating superweapons for the malicious?
Anthropic's approach â defenders first, general public later â is logical but problematic. What stops a hacker from posing as a legitimate security tester, like the Chinese state actors did?
And the cost? If Capybara is even more expensive than Opus, who will actually have access? Large organizations with deep pockets â or well-funded malicious actors?
The irony of the entire situation is that a cybersecurity leak revealed a cybersecurity tool. If Anthropic can't protect its own secrets, how will it protect ours?
Claude Mythos could prove to be a breakthrough â or just another overvalued development in an industry accustomed to overhype. What's certain is that the cybersecurity risks are real, and the race between offensive and defensive AI capabilities just got more interesting.