Anthropic Mythos Leaked: A Step-Change Model Above Opus

30-Second Summary

On 27 March 2026, a misconfiguration in Anthropic's content management system exposed nearly 3,000 internal documents to the public internet, including a draft blog post revealing the existence of a new AI model called Claude Mythos. The model, also referred to internally under the codename "Capybara," is described as a new tier above Opus, with dramatically higher scores in coding, academic reasoning, and cybersecurity. Anthropic has confirmed the model exists and acknowledged that it poses unprecedented cybersecurity risks, with internal documents warning that it is "currently far ahead of any other AI model in cyber capabilities." Early access is being restricted to cyber defence organisations while Anthropic works to reduce the model's compute costs before a general release.

At a Glance

• Topic: AI Security
• Company: Anthropic
• Date: 27 March 2026
• Announcement: Internal documents leaked via a misconfigured content management system revealing a new model called Claude Mythos
• What Changed: A new model tier above Opus has been confirmed, with capabilities that Anthropic itself describes as posing unprecedented cybersecurity risks
• Why It Matters: The most capable AI model yet disclosed carries dual-use cybersecurity capabilities that will affect both attackers and defenders across every industry
• Who Should Care: Business operators, IT and security teams, technology procurement decision-makers, and any organisation running systems connected to the internet

Key Facts

• Company: Anthropic
• Leak Date: 27 March 2026
• What Changed: A new model called Claude Mythos (codename Capybara) was revealed, positioned as a tier above the existing Opus models
• Who It Affects: Any organisation operating in a threat environment where AI-assisted cyberattacks are a risk, which is to say virtually every business
• Primary Sources: Fortune (March 26), Axios (March 29), CSO Online (March 30), Euronews (March 30)

What Happened

On 27 March 2026, independent security researchers discovered that Anthropic's content management system had been misconfigured, leaving close to 3,000 unpublished internal assets publicly accessible on the open internet. The exposed material included a draft blog post intended to announce a new AI model called Claude Mythos, referred to internally under the codename "Capybara."

The draft blog described Mythos as "by far the most powerful AI model we've ever developed" and framed it as a new tier of model, larger and more capable than the existing Opus range. According to the leaked document, "Compared to our previous best model, Claude Opus 4.6, Capybara gets dramatically higher scores on tests of software coding, academic reasoning, and cybersecurity, among others."

Anthropic quickly locked down access after being notified, and a company spokesperson confirmed the situation to Fortune: "We're developing a general purpose model with meaningful advances in reasoning, coding, and cybersecurity. Given the strength of its capabilities, we're being deliberate about how we release it." The company attributed the exposure to human error in the configuration of its systems.

The leaked documents did not stop at capability benchmarks. They also disclosed that Mythos has a feature described as "recursive self-fixing," referring to an ability to autonomously identify and patch vulnerabilities in its own code. Internal documents warned that the model "presages an upcoming wave of models that can exploit vulnerabilities in ways that far outpace the efforts of defenders." Anthropic has reportedly been privately briefing government officials that Mythos makes large-scale cyberattacks more likely in 2026.

Why It Matters

• A new AI model tier has been confirmed above Opus, which will eventually raise the capability ceiling for every task that AI is used for, including coding, reasoning, and security analysis
• The model's cybersecurity capabilities are dual-use: they can help defenders find and close vulnerabilities faster, but they can equally help attackers exploit them at speed and scale
• Recursive self-fixing suggests that the gap between AI and human software engineering capability in security contexts is narrowing faster than most organisations have planned for
• Cybersecurity stocks including CrowdStrike, Palo Alto Networks, Zscaler, and Fortinet fell on the news, reflecting market uncertainty about how frontier AI models affect the existing security vendor landscape
• 48% of cybersecurity professionals now rank agentic AI as the number one attack vector for 2026, according to a Dark Reading poll conducted in the same week as the leak
• The fact that this model was disclosed through a security breach at Anthropic itself adds a layer of practical significance: AI companies are not immune to the risks they are building tools to address

The David and Goliath View

The Mythos leak is a preview of a shift that was already underway. Frontier AI models have been growing more capable in cybersecurity contexts for two years. What the leaked documents confirm is that the pace of that development has accelerated significantly, and that Anthropic is far enough ahead of the public narrative that it felt necessary to restrict early access entirely.

For operators, the immediate question is not whether to adopt Mythos. It is not available to most organisations and will be expensive when it is. The question is what a world with Mythos-level capabilities means for the security posture of businesses that cannot afford enterprise-grade defence tools. Attackers do not need general availability. They need access, and access to powerful models will find its way to bad actors well before it reaches most small and mid-sized businesses through official channels.

The practical recommendation is straightforward: treat this as a signal to review your security fundamentals now, before more capable attack tools are in wider circulation. Patch your systems. Audit your vendor access. Understand where your most sensitive data lives. And when Mythos or models like it do become available to defenders, get there early. In this particular race, the organisations that move first on defence will have a meaningful advantage.

Where This Fits in the AI Stack

Secure AI Brain: The arrival of a model with advanced cybersecurity capabilities reinforces why building a governed, secure AI environment is not optional. Mythos and models like it will eventually be accessible to security teams, but the prerequisite for using them effectively is having a clear picture of what data your organisation holds and where it is exposed.

Employee Amplification Systems: As AI tools become more capable in coding and reasoning, the teams that will benefit most are those already using AI-augmented workflows. Security teams using AI-assisted vulnerability analysis will be better positioned to use the defensive capabilities of models like Mythos when access opens.

Questions Operators Are Asking

Should we be worried about Mythos being used against us? The model is not yet widely available and Anthropic is restricting early access to cyber defence organisations. However, the underlying point is valid: more capable AI models will eventually make certain categories of cyberattack easier to execute. The right response is to improve your baseline security posture now, not to wait for a specific threat to materialise.

What is "recursive self-fixing" and why does it matter? Recursive self-fixing refers to a model's ability to autonomously identify and patch vulnerabilities in its own code or, by extension, in code it is analysing. For defenders, this means AI that can scan codebases and fix problems without human intervention at each step. For attackers, it means a tool that can probe systems and adapt its approach when it hits a barrier. It is a significant capability shift in either direction.

Will this affect AI pricing? Yes, almost certainly. Mythos is described as compute-intensive and expensive to serve. Expect a premium pricing tier when it becomes available, similar to how Opus commands higher prices than Sonnet. If your organisation is currently planning AI spend at current Opus-level pricing, build in headroom for a higher tier.

Is Anthropic still trustworthy after this leak? The exposure was caused by a configuration error in a content management system, not a breach of the model itself or customer data. Anthropic responded quickly after being notified. That said, the incident is a reminder that every technology vendor, including AI providers, has its own operational security posture that warrants scrutiny. Ask your AI vendors about their security practices.

When will Mythos be generally available? Anthropic has not confirmed a release date. The company stated it is working to reduce the model's compute costs before a general release. Based on the phased rollout described in the leaked documents, general availability is likely months away at minimum.

Citable Summary

What happened: On 27 March 2026, a misconfiguration in Anthropic's content management system exposed internal documents revealing a new AI model called Claude Mythos, positioned as a new tier above Opus with advanced cybersecurity, coding, and reasoning capabilities.

Why it matters: Mythos carries dual-use cybersecurity capabilities that Anthropic itself describes as unprecedented, including recursive self-fixing and the ability to discover and exploit vulnerabilities at speeds that outpace human defenders. Its arrival confirms that the AI capability ceiling is rising faster than most organisations have planned for.

David and Goliath view: Operators should treat this as a signal to review their security fundamentals now. More capable attack tools will precede broad defensive access. The businesses that invest in baseline security hygiene today will be better positioned when frontier models become available to their defence teams.

Offer relevance:

• Secure AI Brain: understanding and governing your organisation's AI and data environment is the prerequisite for using advanced security-focused AI effectively
• Employee Amplification Systems: teams already using AI-augmented workflows will be fastest to leverage defensive AI capabilities as access expands