On the evening of March 26, two security researchers were doing what security researchers do: poking at things that should not be publicly accessible. Roy Paz of LayerX Security and Alexandre Pauwels of the University of Cambridge had found an unsecured data cache connected to Anthropic's content management system. Inside were nearly 3,000 unpublished assets, including a draft blog post that was never meant to see daylight.
The draft described a model called Claude Mythos, part of a new tier Anthropic internally calls "Capybara." It was, according to the company's own words, "by far the most powerful AI model we've ever developed."
Fortune broke the story that evening. By the time Anthropic removed public access to the cache, the damage was done.
Four Days from Misconfiguration to Global Market Impact
The Model Anthropic Was Not Ready to Announce
The leaked documents describe Capybara as a new tier of model sitting above Opus, Anthropic's current flagship line. Compared to Claude Opus 4.6, Mythos achieves what Anthropic called "dramatically higher scores on tests of software coding, academic reasoning, and cybersecurity, among others."
An Anthropic spokesperson, responding to Fortune's inquiry, confirmed the model's existence. "We're developing a general purpose model with meaningful advances in reasoning, coding, and cybersecurity," the spokesperson said. "Given the strength of its capabilities, we're being deliberate about how we release it. We consider this model a step change and the most capable we've built to date."
The key phrase in the leaked draft was more specific: Mythos is "currently far ahead of any other AI model in cyber capabilities" and "presages an upcoming wave of models that can exploit vulnerabilities in ways that far outpace the efforts of defenders."
That sentence, once public, set off a chain reaction that Anthropic could not have intended.
Wall Street Panicked Before Anthropic Could Explain
On the morning of March 27, cybersecurity stocks opened sharply lower and kept falling. What followed was one of the sector's worst single-day sell-offs in recent memory.
| Company | Ticker | Decline |
|---|---|---|
| CrowdStrike | CRWD | 7.5% |
| Palo Alto Networks | PANW | 6%+ |
| Zscaler | ZS | ~4.5% |
| Okta | OKTA | ~3% |
| Microsoft | MSFT | 3% |
| iShares Cybersecurity ETF | IHAK | ~4% |
The logic was blunt: if the next generation of AI models can find and exploit software vulnerabilities faster than human defenders can patch them, then every cybersecurity company's value proposition just weakened. Billions in market capitalization vanished in a single trading session.
The sell-off was not just about Anthropic. It was about a category. If Mythos can do this, the market reasoned, so can whatever OpenAI, Google DeepMind, and Meta build next.
The Irony Anthropic Cannot Escape
The company building what it calls the most capable cybersecurity AI model in the world exposed it through a basic infrastructure mistake. The root cause was a misconfigured content management system where uploaded files defaulted to public access unless a user explicitly changed the setting. Anthropic attributed it to human error in its CMS configuration, saying the exposed files were draft content that had not been cleared for publication.
The irony was not lost on the security community. Futurism ran a headline calling it "the most ironic way possible" for a cybersecurity-focused AI to be revealed. A company promoting its model's ability to find software vulnerabilities had just demonstrated that it could not secure its own CMS.
This is not Anthropic's first brush with security embarrassment. In late 2025, Chinese state-sponsored hacking groups created 24,000 fake accounts to steal Claude's intelligence, infiltrating roughly 30 organizations before detection. That incident centered on external adversaries. This one was self-inflicted.
Anthropic Told the Government Before It Told the Public
According to Axios reporting on March 29, Anthropic has been privately warning top government officials about Mythos for weeks. The briefings, which predated the leak, communicated a stark message: large-scale cyberattacks become far more likely once models at Mythos's capability level reach wide distribution.
The specific concern centers on agentic AI. Unlike traditional chatbots that respond to prompts, AI agents can operate autonomously, chaining together actions without human oversight. A Dark Reading poll found that 48% of cybersecurity professionals now rank agentic AI as the number one attack vector for 2026, above deepfakes, above social engineering, above everything else.
The leaked draft outlined Anthropic's intended release strategy: give the model to "cyber defenders" first, providing them "a head start in improving the robustness of their codebases" before broader availability. The company acknowledged Mythos is "very expensive for us to serve, and will be very expensive for our customers to use," and said it was working to improve efficiency "before any general release."
That plan assumed Anthropic would control the timing. The leak destroyed that assumption.
The Competitive Pressure Behind the Curtain
Anthropic is not developing Mythos in a vacuum. In February 2026, OpenAI released GPT-5.3 Codex, classified as "high capability" for cybersecurity tasks and the first model explicitly trained to identify vulnerabilities. Google DeepMind's Gemini 3.1 Pro, released the same month, pushed hard on coding and reasoning benchmarks.
The race to build AI that can find and fix security flaws is also, unavoidably, a race to build AI that can find and exploit them. Every major lab faces this dual-use tension. Anthropic's approach has been to lean into the tension publicly, framing its work as defensive while acknowledging the offensive potential. The Mythos leak undercuts that framing by stripping away the controlled narrative.
The competitive dynamic also explains why Anthropic was developing Mythos quietly. In AI, announcing a model before it is ready invites benchmarking, scrutiny, and competitor response. Anthropic CEO Dario Amodei was scheduled to attend an invite-only retreat for European CEOs when the leak broke. The company now faces questions it planned to answer on its own terms, at its own pace.
The Dual-Use Problem Has No Clean Answer
The leaked Mythos documents describe a model that can hunt vulnerabilities autonomously, at machine speed. The cybersecurity industry has spent decades building defenses on the assumption that attackers are human, with human limitations on speed, scale, and attention. An AI that can probe thousands of codebases simultaneously, around the clock, without fatigue, changes the math.
Anthropic's answer, at least as described in the draft, is to give defenders the tool first. That strategy has historical precedent: responsible disclosure in security research works because the defender gets a head start. But the analogy breaks down in one critical way. A vulnerability disclosure tells one vendor about one bug. A general-purpose cybersecurity AI, once released, is a capability multiplier for anyone who uses it.
The LiteLLM supply chain attack that unfolded just days earlier demonstrated how fast sophisticated actors can weaponize trusted infrastructure. If a model like Mythos makes vulnerability discovery trivially easy, the supply chain attacks of 2026 will look quaint by comparison.
The Bottom Line
Anthropic built a model it describes as the most capable AI for cybersecurity ever created. It lost control of the announcement through the kind of infrastructure misconfiguration its own model is designed to find. Cybersecurity stocks lost billions in a single morning. Government officials are being briefed on threats the public has not yet seen.
The model is not available yet. When it arrives, Anthropic says defenders will get it first. The question is whether "first" means anything when the leak has already told every attacker in the world exactly what to prepare for.
As the leaked draft itself warned: Mythos "presages an upcoming wave of models that can exploit vulnerabilities in ways that far outpace the efforts of defenders." That wave is no longer theoretical. It is in testing.
Sources
- Anthropic Says Testing 'Mythos' Powerful New AI Model After Data Leak — Fortune (March 26, 2026)
- Anthropic Just Leaked Upcoming Model With "Unprecedented Cybersecurity Risks" — Futurism (March 27, 2026)
- Anthropic Leak Reveals New Model "Claude Mythos" — The Decoder (March 28, 2026)
- The Mythos Meltdown: Anthropic's New AI Giant Sends Cybersecurity Stocks Into a Tailspin — FinancialContent (March 27, 2026)
- What is Anthropic's Mythos? The Leaked AI Model That Poses 'Unprecedented' Cybersecurity Risks — Euronews (March 30, 2026)
- Everyone's Worried That AI's Newest Models Are a Hacker's Dream Weapon — Axios (March 29, 2026)
- Here's What Next as Anthropic's Most Powerful AI Model Leaked — CoinDesk (March 28, 2026)