Key Facts
Model name
Claude Mythos (also referenced as "Capybara" in a later draft — same model, name under revision)
How it leaked
Misconfigured content management system left ~3,000 internal assets in an unencrypted, publicly searchable database
What Anthropic confirmed
"A step change" in capabilities; "the most capable we've built to date"; early access testing underway with select customers
Claimed performance
"Dramatically higher scores" on coding, academic reasoning, and cybersecurity vs. Claude Opus 4.6
Cybersecurity concern
"Currently far ahead of any other AI model in cyber capabilities" — early access limited to defensive-focused organizations
New tier
"Capybara" — described as larger and more capable than Opus, positioned above it in the model lineup
Release timeline
Not specified. Described as not yet ready for general availability.

The coverage of the Anthropic leak led mostly with the irony: a company building a model it describes as posing “unprecedented cybersecurity risks” exposed that model’s existence through a basic operational security failure. A misconfigured CMS left approximately 3,000 internal documents — including a draft announcement — in a publicly searchable database. Fortune found it. Anthropic confirmed it.

The irony is real. It’s also a distraction from what the leaked material actually contains, which is a more interesting story about where frontier AI capability is heading and why Anthropic is being deliberate about who gets access first.

What Was in the Database

The leaked material included a draft blog post announcing a model referred to as Claude Mythos, with a later draft swapping the name to Capybara. Anthropic’s explanation for the naming is characteristically earnest — “Mythos” evokes “the deep connective tissue that links together knowledge and ideas,” while Capybara appears to be a codename that surfaced later in the drafting process. The name isn’t settled. The model is the same either way.

The draft described the model as achieving “dramatically higher scores on tests of software coding, academic reasoning, and cybersecurity” compared to Claude Opus 4.6 — the current top of Anthropic’s lineup. No specific benchmark numbers were included in the leaked materials. The claim is qualitative: a step change rather than an incremental improvement.

The model is described as expensive to serve, which is consistent with its positioning as a new tier above Opus. Anthropic’s existing lineup runs from Haiku (fast, cheap) through Sonnet (balanced) to Opus (highest capability). Mythos/Capybara would sit above Opus — a tier the leaked draft names “Capybara” as a category, not just a model name.

The Cybersecurity Framing

The part of the leak that moved markets — cybersecurity stocks fell on the news — was the explicit claim that the model is “currently far ahead of any other AI model in cyber capabilities” and that this creates risks that “presage an upcoming wave of models that can exploit vulnerabilities in ways that far outpace the efforts of defenders.”

That framing is unusual for a product announcement. Most AI capability claims emphasize what the model enables. This one leads with what it might break. Anthropic says early access is being limited to organizations focused on defensive security applications — the intent is to get the model into the hands of people building detection and defense tools before it’s available to everyone else.

"Currently far ahead of any other AI model in cyber capabilities... presages an upcoming wave of models that can exploit vulnerabilities in ways that far outpace the efforts of defenders." — Leaked draft announcement, Claude Mythos, March 2026

This is a meaningful stance. The implicit argument is that the capability gap between offense and defense in cybersecurity is about to widen dramatically, and that the responsible deployment strategy is to arm defenders first. Whether that sequencing holds in practice depends on how tight the early access controls are and how long they stay in place before general availability.

It’s also worth noting what “far ahead of any other AI model” means in practice. AI-assisted cyberattacks are not theoretical — they’re already in use for phishing, social engineering, and vulnerability scanning. The concern with a significant capability jump isn’t that attacks become possible that weren’t before. It’s that attacks become faster, cheaper, and more automated at a scale that changes the economics of defense.

What “Step Change” Usually Means

Anthropic uses the phrase carefully. Prior Claude releases were described as improvements — better reasoning, faster inference, expanded context. “Step change” in Anthropic’s internal vocabulary implies a qualitative shift in what the model can do, not just how well it does existing tasks.

Sourcing note: The leaked materials were draft documents, not final announcements. Claims about benchmark performance and capabilities were written for a promotional context and have not been independently verified. Anthropic confirmed the model's existence and the "step change" characterization but has not released benchmark data. Treat specific capability claims as Anthropic's own framing until third-party evaluations are available.

The claimed gains in academic reasoning and coding are plausible extrapolations from the current scaling trajectory — both are benchmark categories where more compute and better training data produce consistent improvements. The cybersecurity capability claim is the more specific and more consequential one, and it’s the claim most in need of independent verification once the model reaches broader availability.

Why Anthropic Is Talking About This at All

Anthropic didn’t choose the timing of this disclosure. The database misconfiguration forced their hand — once Fortune had the draft documents, the options were to confirm, deny, or stay silent. Denial would have been false. Silence would have looked like denial. Confirmation let Anthropic control at least some of the narrative around a story that was publishing regardless.

The result is an unusual public moment: a company explicitly acknowledging that a product it’s building represents a potential national-security-adjacent risk, while simultaneously arguing it has a deployment strategy that mitigates that risk. That argument will be tested by what actually happens when the model reaches broader access — specifically whether the defensive-first rollout provides meaningful lead time, or whether it’s a PR posture that erodes quickly under commercial pressure.

Bottom Line

The leak tells us three things with reasonable confidence: Anthropic has a model significantly more capable than Opus 4.6, it performs particularly well on cybersecurity tasks in ways the company itself finds concerning, and Anthropic is being more cautious than usual about who gets access first.

What it doesn't tell us: actual benchmark numbers, a release timeline, or whether the "unprecedented cybersecurity risks" framing reflects a genuine capability leap or aggressive marketing copy that survived into the draft. Independent evaluation will answer that when the model ships.

The irony of the leak — a company worried about AI security risks exposing sensitive information through basic ops-sec failure — is worth one sentence, not the whole story. The real question is whether the defensive-first deployment strategy is a meaningful intervention or a gesture. That answer won't come from a leaked draft.