Anthropic is developing Claude Mythos, a new artificial intelligence model significantly more capable than any it has released to date, after a data leak inadvertently exposed the project to the public. The company confirmed it is testing the model with early access customers and described it as "a step change" in AI performance. The leak occurred when Anthropic left draft blog posts and internal documents in an unsecured, publicly searchable data cache, revealing not only the model's existence but also the company's serious concerns about its cybersecurity implications. What Is Claude Mythos and How Does It Compare to Current Models? Claude Mythos, also referred to internally as "Capybara," represents a new tier of AI model that sits above Anthropic's current lineup. Currently, Anthropic offers three sizes of Claude models: Opus (the most capable), Sonnet (faster and cheaper but less capable), and Haiku (the smallest and fastest). According to the leaked documents, Capybara and Mythos are larger and more intelligent than Opus, making them the company's most powerful model ever built. The performance improvements are substantial. In the draft blog post discovered in the data leak, Anthropic stated that "Compared to our previous best model, Claude Opus 4.6, Capybara gets dramatically higher scores on tests of software coding, academic reasoning, and cybersecurity, among others." The company acknowledged that the model is expensive to run and not yet ready for general release, which is why it is being rolled out cautiously to a small group of early access customers. Anthropic Why Is Anthropic So Concerned About Cybersecurity Risks? The leaked documents reveal that Anthropic views Claude Mythos as posing unprecedented cybersecurity dangers. The company stated in its draft blog that the model is "currently far ahead of any other AI model in cyber capabilities" and "it presages an upcoming wave of models that can exploit vulnerabilities in ways that far outpace the efforts of defenders." In other words, Anthropic is worried that malicious actors could use the model to conduct large-scale cyberattacks with unprecedented sophistication. This concern is not theoretical. Anthropic has already documented real-world incidents where hacking groups have attempted to exploit Claude. In one documented case, the company discovered that a Chinese state-sponsored group had been running a coordinated campaign using Claude Code to infiltrate roughly 30 organizations, including tech companies, financial institutions, and government agencies, before Anthropic detected and stopped the operation. How Is Anthropic Planning to Release Claude Mythos Safely? - Early Access to Defenders: Rather than releasing the model to the general public immediately, Anthropic plans to give early access to cybersecurity organizations and defenders, allowing them a head start in improving their defenses against AI-driven exploits. - Deliberate Rollout Strategy: The company is being intentionally cautious about how it releases the model, working with a small group of early access customers to test it thoroughly before broader availability. - Risk Assessment Focus: Anthropic stated it wants to "act with extra caution and understand the risks it poses, even beyond what we learn in our own testing," particularly regarding cybersecurity implications. - Transparency with Defenders: The company plans to share results of its risk assessments to help cyber defenders prepare for the capabilities this new generation of AI models will bring. This cautious approach reflects a broader industry trend. In February, OpenAI released GPT-5.3-Codex and classified it as "high capability" for cybersecurity-related tasks under its Preparedness Framework, making it the first model the company directly trained to identify software vulnerabilities. Anthropic navigated similar risks with its Opus 4.6, released the same week, which demonstrated an ability to surface previously unknown vulnerabilities in production codebases. How Did the Data Leak Happen? The leak stemmed from a configuration error in Anthropic's content management system (CMS), the software used to publish the company's public blog. According to cybersecurity professionals who reviewed the incident, digital assets created using the CMS are set to public by default and assigned a publicly accessible URL unless users explicitly change settings to keep them private. This meant that a large cache of images, PDF files, audio files, and draft blog posts were inadvertently published to an unsecured, publicly accessible URL. In total, there appeared to be close to 3,000 assets linked to Anthropic's blog that had not been published previously but were nonetheless publicly accessible in this data cache, according to cybersecurity researchers who reviewed the material. The leaked documents included not only the draft blog post announcing Claude Mythos but also details of a planned, invite-only CEO summit in Europe that is part of the company's drive to sell its AI models to large corporate customers. "An issue with one of our external CMS tools led to draft content being accessible," Anthropic acknowledged in a statement, attributing the problem to "human error." Anthropic Spokesperson After being informed of the data leak by Fortune on Thursday, Anthropic removed the public's ability to search the data store and retrieve documents from it. The company described the unpublished material left in the unsecured data cache as "early drafts of content considered for publication". What Does This Mean for the Future of AI Development? The Claude Mythos leak highlights a critical tension in AI development: the more powerful these models become, the greater the security risks they pose. Anthropic's decision to prioritize cybersecurity defenders in the rollout of its most powerful model suggests the company recognizes that the traditional approach of releasing models broadly may no longer be appropriate for frontier AI systems. The company is essentially saying that with great capability comes great responsibility, and that means being deliberate about who gets access first. The incident also underscores the importance of operational security in AI labs. Even as companies like Anthropic invest billions in developing safer AI systems, basic infrastructure errors can expose sensitive information to the public. For organizations relying on AI models for critical work, this serves as a reminder that the security of the AI itself is only part of the equation; the systems and processes surrounding AI development matter just as much.
