Anthropic left nearly 3,000 internal documents sitting in a public database. Someone found them. Inside: their most powerful model yet, a new tier above Opus, and a warning that even they think it might be too dangerous to release.
Nobody at Anthropic planned to announce this.
On Thursday night, security researchers discovered that Anthropic had accidentally left a trove of unpublished internal documents sitting in a publicly accessible data store, unlocked, searchable, and available to anyone who looked. Fortune’s Bea Nolan found them first. Inside was a draft blog post describing a model Anthropic calls Claude Mythos. The company confirmed it’s real.
The short version: it’s the most powerful AI model Anthropic has ever built, it sits in an entirely new tier above Opus, and Anthropic themselves wrote in the leaked documents that it poses “unprecedented cybersecurity risks.”
They weren’t planning to tell you about it yet. Now they don’t have a choice.
What Got Leaked and How
The exposure came down to a basic CMS misconfiguration. Anthropic’s content management system defaults to making uploaded files publicly accessible unless someone manually changes that setting. Nobody changed it. Nearly 3,000 unpublished assets ended up sitting in a publicly searchable data store, including draft blog posts, images, PDFs, and internal documents that were never meant to see daylight.
Two cybersecurity researchers found it. Roy Paz of LayerX Security and Alexandre Pauwels of the University of Cambridge independently assessed the documents after Fortune flagged them. The story spread fast. Within hours it was one of the most discussed AI stories on X, with researchers, investors, and AI accounts breaking down what the documents meant.
Anthropic restricted access once contacted, attributed the incident to “human error,” and confirmed to Fortune that yes, Claude Mythos is real and they’re already testing it with a small group of early access customers.
The irony of a company whose entire identity is built around AI safety accidentally leaving its most sensitive internal documents wide open to the public is not lost on anyone.
What Is Claude Mythos Actually
Right now Anthropic’s model lineup goes Haiku, Sonnet, Opus. Haiku is fast and cheap. Sonnet is the everyday workhorse. Opus is the flagship, the most capable thing they publicly offer. We did a full review of Claude Pro covering what the current lineup actually delivers for regular people.
Mythos doesn’t fit in any of those tiers. It’s above all of them.
The leaked draft describes a new tier called Capybara, which appears to be the internal product name for the tier while Mythos is the specific model within it. Both names appear in two versions of the same draft blog post, the only difference being which name was swapped throughout. Anthropic told Fortune the documents were “early drafts of content being considered for publication,” which suggests they were still deciding between names. Based on the naming logic Anthropic has always used, Haiku, Sonnet, Opus, Mythos all follow the same pattern around the weight and depth of written form. Capybara does not. Mythos is almost certainly the name that ships.
What this model can do, according to the drafts: dramatically higher scores than Claude Opus 4.6 on software coding, academic reasoning, and cybersecurity. No specific benchmark numbers were included in the leaked material, but the language in the documents is not subtle. Anthropic’s spokesperson confirmed to Fortune it’s a “step change” and “the most capable we’ve built to date.”
The Cybersecurity Warning Is the Real Story
Here’s where it gets genuinely uncomfortable.
The leaked documents don’t just announce a powerful new model. They warn about it. Anthropic wrote that Mythos is “currently far ahead of any other AI model in cyber capabilities” and that it “presages an upcoming wave of models that can exploit vulnerabilities in ways that far outpace the efforts of defenders.”
That means the model can find and exploit software vulnerabilities faster than security teams can patch them. Not slightly faster. Far ahead. Those are Anthropic’s own words about their own model.
This connects to Anthropic’s internal safety framework, which assigns models AI Safety Levels from ASL-1 through ASL-4. ASL-4, which Anthropic hasn’t formally defined yet, is expected to apply when an AI model becomes “the primary source of national security risk in a major area such as cyberattacks or biological weapons.” Based on the language in the leaked drafts, Mythos may be approaching that line.
Because of all this, Anthropic is doing something unusual: a deliberately slow, security-first rollout. Early access is going to cyber defense organizations only, giving them time to harden their systems before the model is more widely available. There’s no general release date. The documents also note the model is “very expensive for us to serve, and will be very expensive for our customers to use,” and that Anthropic is working to make it more efficient before any broader launch.
The Pentagon Is Already Using This Against Them
The timing here is something.
Just one day before the Mythos leak broke, a federal judge issued a preliminary injunction blocking the Pentagon from labeling Anthropic a “supply chain risk,” calling the government’s treatment of the company “Orwellian” and “classic First Amendment retaliation.” Anthropic won that round.
Then their own CMS leaked their scariest model to the entire internet.
Emil Michael, the Under Secretary of Defense and Anthropic’s chief antagonist in the Pentagon dispute, posted on X almost immediately, writing “Umm…hello? Is it not clear yet that we have a problem here?” Michael has spent weeks publicly calling Dario Amodei a “liar” with a “god complex” who wants to “personally control the US military.” He’s now using the leak as evidence that Anthropic can’t be trusted with sensitive AI development. It’s not a good faith argument. The Pentagon’s fight with Anthropic has always been about wanting more access to Claude, not less. But the leak handed him fresh ammunition and he’s not putting it down.
OpenAI Is Racing Too
Mythos doesn’t exist in a vacuum. According to The Information, OpenAI finished pretraining its own next generation model, internally codenamed Spud, as of March 25. OpenAI CEO Sam Altman reportedly described it internally as a model that could “really accelerate the economy.” He also credited killing the Sora video app with freeing up the compute needed to push Spud forward.
Two frontier AI labs, both preparing for IPOs later in 2026, both sitting on their most powerful models ever, racing to see who blinks first on release timing. That’s the actual race happening right now.
For Anthropic, Mythos arriving accidentally and publicly in the same week as the Pentagon ruling, while an IPO is reportedly being discussed for Q4 2026, is either catastrophically bad timing or, as Gizmodo put it, a pretty good ad for Anthropic. Probably both.
What This Means for Regular People
Honestly, Mythos is not something most people will touch anytime soon. It’s expensive to run, invite-only, and aimed at cybersecurity professionals first. If you’re using Claude Pro today for writing, research, or coding, nothing changes.
What does change is the picture of where AI is going. When the company building the model feels the need to warn the world about it before it’s even announced, that’s worth paying attention to. Anthropic has always positioned itself as the safety-focused lab that moves carefully. The Mythos documents suggest they’re still doing that. They also suggest the models being built right now are operating in territory that even their creators find genuinely unsettling.
The model exists. Training is done. It’s already in the hands of a small group of testers.
It just wasn’t supposed to be in yours yet.
