Claude Mythos: What We Actually Know (and What We Don’t)

On March 26, 2026, Fortune broke a story that Anthropic had accidentally exposed details of an unreleased AI model through a misconfigured content management system.1 The model is called Claude Mythos. Anthropic confirmed it exists, called it a “step change” in capabilities, and said it’s already being tested by early access customers.2

Within 48 hours, the cybersecurity sector shed billions in market cap, unverified claims about 10 trillion parameters were circulating on social media, and half the AI commentary space was writing eulogies for the cybersecurity industry. The actual verified reporting tells a more interesting story than the hype cycle.

How the Leak Happened

The leak came from Anthropic’s own content management system. Digital assets uploaded through the CMS were set to public by default unless someone explicitly changed the setting to private. Nearly 3,000 assets that had never been published to Anthropic’s website were sitting in a publicly searchable data store, accessible to anyone with the technical knowledge to query it.1

The discovery was made independently by Roy Paz, a senior AI security researcher at LayerX Security, and Alexandre Pauwels, a cybersecurity researcher at the University of Cambridge. Fortune confirmed and reviewed the material before publishing.1

Among the exposed documents was a draft blog post announcing Claude Mythos. The post was structured as a web page with headings and a publication date, suggesting it was part of a planned product launch. After Fortune contacted Anthropic, the company secured the data store and acknowledged the leak was caused by “human error in the CMS configuration.”3

There’s real irony here. A company that builds AI models it says pose “unprecedented cybersecurity risks” got caught leaving internal documents in an unsecured public data store because someone forgot to flip a toggle. Anthropic was quick to clarify that Claude, Cowork, and their other AI tools were not involved in the configuration error.3

What the Draft Blog Post Actually Says

The leaked draft describes Claude Mythos as “by far the most powerful AI model we’ve ever developed.” It introduces a new tier of Claude models called Capybara, positioned above Opus in Anthropic’s existing lineup of Opus, Sonnet, and Haiku.2

Two versions of the draft blog post surfaced online, identical except for the model name: one uses “Mythos,” the other uses “Capybara.” Both versions use the same subtitle (“We have finished training a new AI model: Claude Mythos”) and the same justification for the name, saying it was chosen to evoke “the deep connective tissue that links together knowledge and ideas.”4 Anthropic appears to have been deciding between the two names.

The key claims from the draft:

  • Training is complete. The model is being trialed by early access customers.
  • Performance is described as “dramatically higher scores on tests of software coding, academic reasoning, and cybersecurity, among others” compared to Claude Opus 4.6.2
  • The model is “very expensive for us to serve, and will be very expensive for our customers to use.” Anthropic says it needs to make it “much more efficient before any general release.”4
  • The rollout will start with cybersecurity-focused early access customers, with API access expanding gradually.4

Anthropic’s official statement to Fortune: “We’re developing a general purpose model with meaningful advances in reasoning, coding, and cybersecurity. Given the strength of its capabilities, we’re being deliberate about how we release it. As is standard practice across the industry, we’re working with a small group of early access customers to test the model. We consider this model a step change and the most capable we’ve built to date.”2

The Cybersecurity Angle

This is where the story gets interesting for anyone in security.

The leaked draft describes Mythos as “currently far ahead of any other AI model in cyber capabilities.” It warns that the model “presages an upcoming wave of models that can exploit vulnerabilities in ways that far outpace the efforts of defenders.”2

Anthropic’s plan, according to the draft, is to give defenders a head start: “We’re releasing it in early access to organizations, giving them a head start in improving the robustness of their codebases against the impending wave of AI-driven exploits.”2

This is not coming out of nowhere. Anthropic has been building toward this capability in public for months.

In February 2026, Anthropic launched Claude Code Security, a tool built into Claude Code that scans codebases for vulnerabilities and suggests patches for human review. Unlike traditional static analysis tools that match code against known vulnerability patterns, Claude Code Security reads and reasons about code the way a human security researcher would, tracing data flows and catching complex flaws that rule-based tools miss.5

The same month, Anthropic’s Frontier Red Team published research showing that Claude Opus 4.6 had found over 500 high-severity vulnerabilities in production open-source codebases. These were bugs that had gone undetected for decades despite years of expert review and millions of hours of automated fuzzing.6 One example: Claude found a memory corruption vulnerability in GhostScript by reading the Git commit history, identifying a security-relevant patch, and then finding an unpatched code path where the same class of bug still existed.6

And in November 2025, Anthropic disclosed that it had detected and disrupted what it called the first documented large-scale AI-orchestrated cyber espionage campaign. A Chinese state-sponsored group had manipulated Claude Code into attempting infiltration of roughly thirty global targets, including tech companies, financial institutions, and government agencies. The AI performed 80 to 90 percent of the campaign, with human intervention required at only four to six critical decision points.7

If Mythos represents a real improvement over Opus 4.6 in these capabilities, both sides of the security equation just shifted.

The Market Reaction

Cybersecurity stocks took a beating on Friday, March 27. The iShares Cybersecurity ETF dropped 4.5%. CrowdStrike, Palo Alto Networks, and Zscaler each fell about 6%. SentinelOne dropped 6%. Okta and Netskope fell over 7%. Tenable plummeted 9%.8

This wasn’t the first time. Cybersecurity stocks had already dipped in February when Anthropic launched Claude Code Security.8 The sector has been under persistent pressure from the growing narrative that AI models will automate vulnerability discovery faster than security vendors can keep up.

Some analysts pushed back on the panic. Borg at a financial research firm argued that the news should actually be bullish for cybersecurity spend long-term, since companies will need to accelerate adoption of AI-infused security tools to respond to AI-powered attacks at machine speed.9

The short-term read from the market was simpler: if an AI model can find exploits faster than your security product, your security product has a problem.

What We Don’t Know

Here’s where the verified reporting ends and the speculation begins.

Parameter count: Claims of 10 trillion parameters have been circulating widely. This number does not appear in Fortune’s reporting or in Anthropic’s official statements. As one Substack writer noted, “new and unconfirmed details, ten trillion parameters, ten billion dollars to train, were circulating alongside claims that came directly from Fortune’s reporting” within hours of the original story.10 Treat it as unverified.

Benchmarks: We have Anthropic’s claim of “dramatically higher scores” over Opus 4.6 in coding, reasoning, and cybersecurity. We do not have specific benchmark numbers, leaderboard rankings, or third-party evaluations.

Release timeline: The draft describes early access testing and acknowledges the model needs to become more efficient before general release. No date has been given.

Final naming: Whether the model ships as Mythos, Capybara, or something else entirely is still undecided, based on the existence of two draft versions.4

Whether the hype is warranted: Remember GPT-5. OpenAI made similar claims about a transformative leap in capabilities. The actual release was widely considered a disappointment that fell short of the company’s promises.11 Frontier model announcements and frontier model performance in the real world are not the same thing.

The Competitive Context

Anthropic is not the only company pushing the frontier right now. OpenAI has reportedly finished pretraining a new model codenamed “Spud,” with CEO Sam Altman internally claiming it can “really accelerate the economy.”12 Both companies are expected to time their strongest model releases ahead of planned IPOs later this year.4

The pattern is familiar. Each lab announces a step change, each release comes with safety caveats and controlled rollouts, and each time the actual impact takes months to assess once the models are in the hands of real users.

What makes the Mythos leak different from the usual release cycle is the cybersecurity dimension. Anthropic did not choose to reveal this model. And the information that leaked was not marketing copy optimized for launch day. It was internal planning documents that included frank assessments of the risks.

What This Means for Defenders

If you work in cybersecurity, the takeaway is not “AI is going to replace your job.” It’s “the tools available to attackers just got substantially better, and the tools available to you did too.”

Anthropic’s decision to give cybersecurity organizations early access to Mythos is a signal about where they think the model’s impact will be felt first. Their own track record with Opus 4.6 supports that: 500+ zero-days found in hardened open-source projects, a documented state-sponsored campaign disrupted, and a vulnerability scanning tool that reasons about code instead of pattern-matching against known signatures.

The models are getting better at finding bugs. The question is whether defenders adopt these capabilities faster than attackers do. That’s always been the question in security. The tools just got a lot more powerful on both sides.

Footnotes

  1. Jeremy Kahn, “Exclusive: Anthropic Left Details of Unreleased AI Model, Exclusive CEO Event, in Unsecured Database,” Fortune, March 26, 2026, https://fortune.com/2026/03/26/anthropic-leaked-unreleased-model-exclusive-event-security-issues-cybersecurity-unsecured-data-store/. 2 3

  2. Jeremy Kahn, “Exclusive: Anthropic ‘Mythos’ AI Model Representing ‘Step Change’ in Power Revealed in Data Leak,” Fortune, March 26, 2026, https://fortune.com/2026/03/26/anthropic-says-testing-mythos-powerful-new-ai-model-after-data-leak-reveals-its-existence-step-change-in-capabilities/. 2 3 4 5 6

  3. Kahn, “Exclusive: Anthropic Left Details.” 2

  4. Matthias Bastian, “Anthropic Leak Reveals New Model ‘Claude Mythos’ with ‘Dramatically Higher Scores on Tests’ Than Any Previous Model,” The Decoder, March 27, 2026, https://the-decoder.com/anthropic-leak-reveals-new-model-claude-mythos-with-dramatically-higher-scores-on-tests-than-any-previous-model/. 2 3 4 5

  5. Anthropic, “Making Frontier Cybersecurity Capabilities Available to Defenders,” Anthropic News, February 20, 2026, https://www.anthropic.com/news/claude-code-security.

  6. Nicholas Carlini et al., “0-Days,” Anthropic Frontier Red Team, February 5, 2026, https://red.anthropic.com/2026/zero-days/. 2

  7. Anthropic, “Disrupting the First Reported AI-Orchestrated Cyber Espionage Campaign,” Anthropic News, November 2025, https://www.anthropic.com/news/disrupting-AI-espionage.

  8. Jordan Novet, “Cybersecurity Stocks Fall on Report Anthropic Is Testing a Powerful New Model,” CNBC, March 27, 2026, https://www.cnbc.com/2026/03/27/anthropic-cybersecurity-stocks-ai-mythos.html. 2

  9. “Cybersecurity Stocks Plunge as Anthropic’s ‘Claude Mythos’ Leak Sparks AI Fear,” Investing.com, March 28, 2026, https://www.investing.com/news/stock-market-news/cybersecurity-stocks-plunge-as-anthropics-claude-mythos-leak-sparks-ai-fear-4584897.

  10. Stephen Fitzpatrick, “What the Heck Is Mythos?” Substack, March 30, 2026, https://fitzyhistory.substack.com/p/what-the-heck-is-mythos.

  11. “GPT-5 Turned Out to Be a Major Letdown,” Futurism, accessed March 30, 2026, https://futurism.com/gpt-5-disaster.

  12. “OpenAI CEO Sam Altman Reportedly Teases a ‘Very Strong’ Model Internally That Can ‘Really Accelerate the Economy,’” The Decoder, accessed March 30, 2026, https://the-decoder.com/openai-ceo-sam-altman-reportedly-teases-a-very-strong-model-internally-that-can-really-accelerate-the-economy/.