What Is Claude Mythos and How Did It Get Leaked?

Claude Mythos Anthropic's most advanced model to date, was not announced. It was discovered.

On March 27, 2026, internal materials including draft announcements and nearly 3,000 unpublished assets were found in an unencrypted, publicly searchable database due to a misconfiguration in Anthropic's content management system. The CMS platform assigns public URLs to uploaded assets by default unless a user manually changes that setting. No one did. The result was a publicly accessible, searchable cache of Anthropic's most sensitive pre-release content.

Security researchers Roy Paz of LayerX Security and Alexandre Pauwels of the University of Cambridge independently discovered the exposed data store. Fortune reviewed the documents and informed Anthropic on Thursday, after which the company restricted public access. Anthropic attributed the incident to "human error" in CMS configuration.

In response, an Anthropic spokesperson confirmed: "We are developing a general purpose model with meaningful advances in reasoning, coding, and cybersecurity. We consider this model a step change and the most capable we have built to date."

The Capybara Tier: A Structural Change to Anthropic's Model Lineup

Understanding what Mythos represents requires understanding where it sits in Anthropic's product architecture.

Anthropic currently offers models in three tiers: Opus (most capable), Sonnet (faster and cheaper), and Haiku (smallest and fastest). Capybara would add a fourth, pricier tier above all three.

The leaked draft blog post discussed a new tier called Capybara, described as "a new name for a new tier of model that is larger and more intelligent than Opus models, which were until now Anthropic's most powerful." Mythos and Capybara appear to refer to the same underlying model, with Capybara being the internal tier name and Mythos being the specific model name within that tier.

This distinction matters. Mythos is not Claude 5 or Opus 5. It is a model in a new category entirely, one that Anthropic did not previously offer and which signals a deliberate move toward ultra-high capability frontier models that operate well above the current Opus ceiling. The draft also confirmed that training for Mythos has already been completed, meaning the model exists and is functional.

What Can Claude Mythos Actually Do?

The leaked benchmarks provide the most specific public data on Mythos performance yet available.

Leaked drafts show that the model achieves significantly higher scores than Claude Opus 4.6 in tests involving software programming, academic reasoning, and cybersecurity, with cybersecurity performance far surpassing all existing AI models.

The cybersecurity dimension is where Anthropic's own language becomes striking. In the leaked blog post, Anthropic warns that the model is "currently far ahead of any other AI model in cyber capabilities" and that it "presages an upcoming wave of models that can exploit vulnerabilities in ways that far outpace the efforts of defenders."

That is Anthropic writing about its own product. Not a critic, not an external researcher. Anthropic itself characterised its new model as capable of outpacing defensive cybersecurity efforts across the industry.

For context, Anthropic's Claude Opus 4.6, released the same week, demonstrated an ability to surface previously unknown vulnerabilities in production codebases, a capability the company acknowledged was dual-use, meaning it could both help hackers and help cybersecurity defenders find and close vulnerabilities in code. Mythos, by Anthropic's own assessment, goes considerably further.

Why Is Anthropic Being So Cautious With the Release?

The cautious rollout strategy reveals as much as the leak itself.

Anthropic's proposed rollout strategy, per the draft, centres on giving cyber defenders a head start. Early access customers would get the model first so they could harden their codebases before wider availability. The draft also notes that Mythos is expensive to run and not ready for general release.

This approach is analytically significant. Anthropic is not withholding Mythos out of commercial caution. It is withholding it because it believes the model poses risks to organisations that have not yet had the opportunity to strengthen their defences.

The model will initially be available to select clients for cybersecurity defense with no public release planned in the near future.

The misuse problem is already documented. In one documented case, Anthropic discovered that a Chinese state-sponsored group had already been running a coordinated campaign using Claude Code to infiltrate roughly 30 organisations, including tech companies, financial institutions, and government agencies, before the company detected it. Over the following ten days, Anthropic investigated the full scope of the operation, banned the accounts involved, and notified affected organisations.

If Claude Code, Anthropic's existing developer tool, was used in a coordinated campaign against 30 organisations, the risk profile of Mythos, which Anthropic itself describes as far ahead of any other AI model in cyber capabilities, is orders of magnitude more serious.

The CMS Leak: A Structural Irony

There is a pointed irony at the centre of this story. Anthropic positions itself as the safety-focused AI lab, the company that thinks carefully about risks before releasing powerful systems. Its data leak was not a sophisticated breach. It was a content management system where uploaded assets default to public unless someone remembers to flip a switch.

Anthropic stressed that AI tools, including Claude Code and Cowork, were not responsible for the misconfiguration. But as Fortune noted, AI coding tools now make it trivially easy to crawl and correlate exactly this kind of accidentally public data.

The company that is most vocal about responsible AI release accidentally published its most sensitive pre-release AI documentation in a format that any competent developer with a search tool could find. That tension between stated caution and operational execution will follow the Mythos launch narrative regardless of how the model eventually performs.

What Else Was in the Leak?

Beyond the model documentation, the leaked cache contained two other analytically relevant items.

Among the revelations were details regarding an upcoming closed-door summit in the UK for European corporate CEOs, which Anthropic CEO Dario Amodei is scheduled to attend. The document described the venue as an 18th-century English countryside manor and characterised the event as an intimate gathering where attendees would hear from policymakers and receive previews of unreleased Claude features. Anthropic described it as part of an ongoing series of events hosted over the past year.

The European CEO summit, combined with the early access structure for Mythos, reveals Anthropic's current go-to-market strategy: restricted releases to large institutional clients with direct Dario Amodei involvement, building enterprise commitment before any public launch.

What Does the Mythos Leak Mean for the AI Industry?

The Claude Mythos disclosure is the most significant accidental AI reveal since GPT-4's capabilities were leaked before OpenAI's official announcement.

Three conclusions follow from what is now publicly confirmed.

First, the capability ceiling in AI is moving faster than public disclosure timelines suggest. Anthropic's current public flagship is Opus. Its actual frontier model, already trained and in testing, is described as being in a different category entirely.

Second, the cybersecurity risk from frontier AI models is now explicitly acknowledged by the labs building them. Anthropic did not downplay the Mythos cybersecurity risk in its internal documents. It foregrounded it, structured the entire rollout around it, and described the risk to defenders in the strongest possible terms.

Third, AI infrastructure safety, including how labs store, access, and protect pre-release documentation, is a real operational risk that does not match the sophistication of the models being built.

Conclusion: Claude Mythos Anthropic Leak Changes the AI Landscape

The Claude Mythos Anthropic data leak of March 27, 2026, did not just reveal a new model. It revealed where AI capability actually is, right now, versus where the public conversation assumes it to be.

Training is complete. Benchmarks have been run. The model outperforms every existing system in cybersecurity. And it will not be available to the public anytime soon, specifically because Anthropic believes the risk of releasing it without adequate defensive preparation is too high.

The leak was an accident. What it disclosed was deliberate, documented, and already real.