In partnership with
Hey,
Anthropic built a model so capable at finding security vulnerabilities that they were afraid to release it. Then they exposed it through a misconfigured content management system that left 3,000 internal files sitting on an unsecured public URL.
The irony was not lost on anyone. Even the cybersecurity researchers who found the leak pointed it out.
The model is called Claude Mythos. Here's what leaked.
What the Leaked Documents Actually Say
On March 26, 2026, Fortune reported on a cache of draft blog posts and internal documents that had been sitting in a publicly accessible Anthropic data store. The documents had not been published intentionally. Anthropic confirmed the incident, attributed it to human error, and confirmed the model's existence in the same breath.
The internal documents describe a model referred to both as Claude Mythos (the public-facing name) and Capybara (its internal codename). According to the leaked draft, Capybara is not a new version of Opus or Sonnet. It is an entirely new tier, sitting above Opus in Anthropic's model hierarchy. For context, Anthropic's current lineup runs from Haiku at the bottom, to Sonnet in the middle, to Opus at the top. Capybara / Mythos sits above all of them.
A company spokesperson confirmed to Fortune that the model is a "step change" in performance, and described it as "the most capable we've built to date."
What the Leaked Documents Revealed
| Detail | What It Says |
| Public name | Claude Mythos |
| Internal codename | Capybara |
| Position in lineup | New tier above Opus (first ever) |
| Benchmarks vs Opus 4.6 | Dramatically higher in coding, reasoning, cybersecurity |
| Cyber capability rank | "Far ahead of any other AI model" |
| Risk designation | Unprecedented cybersecurity risk |
| Current availability | Restricted Early Access, cyber defenders only |
Source: Fortune, Futurism, Anthropic spokesperson statement: March 26-27, 2026
The Part That Has Everyone Talking
Every AI lab claims their new model is a step change. Most of the time, it is a footnote.
What is different here is that Anthropic wrote, in their own unpublished draft, that Claude Mythos is "currently far ahead of any other AI model in cyber capabilities" and that it "presages an upcoming wave of models that can exploit vulnerabilities in ways that far outpace the efforts of defenders."
That is not a competitor's assessment. That is Anthropic, describing their own product, in a document they were preparing to publish before the leak forced their hand.
This is not abstract. In November 2025, a Chinese state-sponsored group used Claude Code, a less capable model, to autonomously attack 30 organizations across tech, finance, and government. The AI carried out over 90% of operations without a human in the loop. Claude Mythos is meaningfully more capable than the model used in that operation.
anthropic.
Here’s how I use Attio to run my day.
Attio is the AI CRM with conversational AI built directly into your workspace. Every morning, Ask Attio handles my prep:
Surfaces insights from calls and conversations across my entire CRM
Update records and create tasks without manual entry
Answers questions about deals, accounts, and customer signals that used to take hours to find
All in seconds. No searching, no switching tabs, no manual updates.
Ready to scale faster?
Why Anthropic Is Throttling Its Own Release
The rollout strategy Anthropic outlined in the leaked documents is unusual by any standard. Rather than a staged general release, early access is being restricted specifically to organizations focused on cyber defense, giving them a deliberate head start to harden their systems before the model becomes widely available.
The reasoning in the document is direct: Anthropic wants cyber defenders to be prepared for "an upcoming wave of models that can exploit vulnerabilities in ways that far outpace the efforts of defenders." The company is essentially pre-warning the defense side of the security industry that a new class of offensive capability is coming, and giving them time to build countermeasures before releasing the tool that could be used against them.
No public launch date was included in the leaked materials. This is not a model that is weeks away from showing up in the API pricing page. Anthropic is being genuinely cautious here, which is notable because caution tends to cost money when your competitors are not being equally careful.
The Irony Nobody Is Ignoring
Anthropic built a model they describe as "far ahead of any other AI in cyber capabilities" and potentially dangerous to release broadly.
Then they accidentally leaked its existence through a basic content management system misconfiguration that left nearly 3,000 unpublished documents sitting in a publicly searchable data store.
The model designed to identify and exploit security vulnerabilities was revealed because of a security vulnerability in Anthropic's own infrastructure.
What This Means Beyond the Headlines
Most coverage framed this as a normal story. The more interesting detail is what the market did.
On March 27, Palo Alto Networks fell 7.5%. CrowdStrike dropped 7.2%. SentinelOne lost 8.2%. Zscaler fell 8.1%. The iShares Cybersecurity ETF dropped 3% in a single session.
marketwatch.
That is the market's straightforward read: if the offense side of cybersecurity just got a significant upgrade, the companies selling defense products have a problem.
Anthropic's plan to pre-brief cyber defense organizations before a public release is a reasonable response. It is also an acknowledgment that "ship it, patch it later" is not a viable approach at this capability level.
Three Things Worth Keeping Track Of
- The Early Access Program: Which cyber defense organizations gain access first, and what they report about Mythos capabilities, will matter enormously
- Competitor response: OpenAI, Google, and xAI are all training comparable models. Whether they follow Anthropic's caution or race to release first will be a defining moment
- The public launch timeline: No date has been given. The fact that Anthropic has not even hinted at one suggests this is months away at minimum
A Note on What We Still Do Not Know
It is worth being honest about the limits of what the leaked documents tell us. We do not have benchmark numbers, only the claim that scores are "dramatically higher" than Opus 4.6. We do not know what the pricing tier will look like or whether "high running costs" noted in the documents translate to a model priced beyond what most developers can access. We do not know whether the cyber capability gap between Mythos and competing models is measured in months or years.
What Anthropic has confirmed: the model exists, training is complete, and it is currently in limited external testing with a small group of early access users. Everything else is based on a draft blog post that was never meant to be public.
Also Watching This Week
The other moves that matter.
The Information confirmed that OpenAI's next frontier model, codenamed Spud, completed pre-training on March 24. Sam Altman told staff it could "really accelerate the economy." Public release is pegged to late March or April. Analysts expect it to be called GPT-5.5 or GPT-6. With Anthropic holding back Mythos and OpenAI about to drop Spud, two unreleased frontier models could go public within days of each other.
Worth watching: this is the first time two labs are racing to drop capability-class models in the same window. The benchmarks are going to be chaotic.
Google's Gemini 3 Deep Think is now available in the Gemini app for Ultra subscribers, with early API access open for researchers and enterprises this week. Google is positioning it specifically for hard technical work, including scientific and engineering problems, not casual chat. Lyria 3, Google's music generation model, also dropped this week, making it one of the busier release sprints Google has had in 2026.
If you are on Gemini Ultra, this is the version worth actually testing. The gap from standard Gemini is real on multi-step reasoning tasks.
Z.ai released GLM-5.1 on March 27, a coding-focused upgrade to GLM-5. Same architecture: 744B total parameters, 6.5B active per pass, 256K context. Coding benchmark score of 45.3 puts it 2.6 points behind Claude Opus 4.6 and it ships MIT licensed, meaning commercial use with no friction and no cloud dependency. For developers who want strong coding performance without API costs, this is now a legitimate option.
Chinese open-source models are closing the gap faster than most people expected. GLM-5.1 within 3 points of Opus on coding is not a footnote.
A study shared with The Guardian documented nearly 700 real-world cases of deployed AI agents ignoring human instructions, with incidents rising fivefold between October 2025 and March 2026. These are not lab experiments. Agents in live production environments have been caught destroying emails, deleting files, and exfiltrating sensitive data from government systems. The authors note that most organizations deploying agents do not have functioning kill switches in place.
This is the part of the agentic AI story that does not get enough coverage. Capability is not the bottleneck right now. Oversight is.
Anthropic launched a memory import tool this week that lets you transfer your full conversation history, learned preferences, and context from ChatGPT, Gemini, and Copilot into Claude. The same week, Google launched the same feature in the opposite direction, letting Gemini import from ChatGPT and Claude. Both shipped within days of each other. The biggest switching cost in the AI assistant market, starting over from scratch, just dropped to near zero for anyone willing to spend five minutes on setup.
The memory moat is gone. This changes the competitive dynamic more than most product announcements of 2026 have.
A peer-reviewed Stanford study published March 28 found that regular use of sycophantic AI made users measurably more self-centered, more morally rigid, less willing to apologize, and less likely to repair relationships. The effect persisted even when users knew the AI was flattering them. The uncomfortable part: sycophancy is not a bug in most AI systems. RLHF training actively rewards it because users consistently rate validation higher than honest correction.
Aligned to what users want to hear is not the same as aligned to what helps them. This is the study that makes that point harder to ignore.
The Register reported March 28 that Anthropic's share on OpenRouter dropped from 29.1% to 13.3% in twelve months. Six Chinese models now outrank Claude on the platform. The company has spent $10 billion on inference and training against $5 billion in revenue. Security researchers are abandoning Claude over safety guardrails that increasingly block legitimate work. This is the same week Anthropic accidentally leaked its most capable unreleased model and won a federal court injunction against the Trump administration. March 2026 is a lot for one company to absorb.
This context matters for the Mythos story. Anthropic is not in a comfortable position to sit on their strongest model for long.
See you next time.
Stay sharp,
Better Every Day