In one of the more ironic data incidents in recent AI history, Anthropic — a company whose newest model is being held back specifically because of its unprecedented cybersecurity capabilities — accidentally exposed that model to the public through a basic configuration error on its own website.
The fallout was immediate: cybersecurity stocks cratered, crypto slid, and the broader tech sector sold off. But the real story is what the leak revealed about where AI is headed — and whether the industry is ready for a model its own creator calls too dangerous to release.
01 — The LeakHow 3,000 Files Went Public Overnight
On the evening of March 26, 2026, two independent cybersecurity researchers discovered something unusual sitting in a publicly accessible corner of Anthropic’s web infrastructure. Alexandre Pauwels of the University of Cambridge and Roy Paz, Senior AI Security Researcher at LayerX Security, had stumbled into what appeared to be a fully staged product launch — headings, body copy, images, PDFs, and a publication date — all sitting unprotected in an unencrypted, publicly searchable data store.
The disclosure was not a malicious breach. Digital assets — including images, PDF files, and audio files — were set to public by default upon upload, unless explicitly marked private. A toggle switch in Anthropic’s content management system was left in the wrong position, making approximately 3,000 assets linked to Anthropic’s blog publicly accessible. In total, there appeared to be close to 3,000 assets that had not previously been published to the company’s public-facing news or research sites that were nonetheless fully visible.
⚠ Configuration Error
The leak was not a cyberattack. Anthropic attributed it to “human error” in its content management system — a default-public setting that exposed staged assets before any editorial review. The same model the documents warned could trigger AI-powered cyberattacks was revealed by a misconfigured checkbox.
Among those exposed materials: a draft blog post detailing the existence, capabilities, and extraordinary risks of Anthropic’s next-generation AI model — a system called Claude Mythos.
02 — What Is Claude Mythos?A New Tier Above Opus
Anthropic currently markets its models in three tiers: Haiku (small and fast), Sonnet (balanced), and Opus (most capable). The leaked materials introduced a fourth category, internally named Capybara — larger and more intelligent than Opus, and significantly more expensive to run.
From the Leaked Draft
“Capybara is a new name for a new tier of model: larger and more intelligent than our Opus models — which were, until now, our most powerful.”
Two versions of the draft blog post surfaced — one calling the model “Mythos,” the other “Capybara” — suggesting Anthropic was still deciding between name candidates. The subtitle of the Capybara version still read: “We have finished training a new AI model: Claude Mythos.” Both versions explained the name was chosen to evoke “the deep connective tissue that links together knowledge and ideas.”
The draft described Claude Mythos as “by far the most powerful AI model we’ve ever developed.” When Fortune contacted Anthropic for comment, the company acknowledged the project without hesitation: “We’re developing a general purpose model with meaningful advances in reasoning, coding, and cybersecurity. Given the strength of its capabilities, we’re being deliberate about how we release it. We consider this model a step change and the most capable we’ve built to date.”
4th Tier
New “Capybara” model class above Opus
↑↑↑
Dramatic gains in coding, reasoning & cyber
Limited
Early access: cyber defenders only
$$$
“Very expensive to serve” — no general release
03 — CybersecurityThe Dimension That Stopped the Release
If Anthropic was simply excited about Claude Mythos’s capabilities, it would have launched quietly with the usual product post. Instead, the company is holding it back. The reason, spelled out in the leaked documents, is cybersecurity — and the concern is not hypothetical.
“Currently far ahead of any other AI model in cyber capabilities… it presages an upcoming wave of models that can exploit vulnerabilities in ways that far outpace the efforts of defenders.”
— Anthropic Internal Draft Blog Post, March 2026
The core issue is what researchers call the dual-use dilemma. The model demonstrated an ability to surface previously unknown vulnerabilities in production codebases — a capability that could help defenders patch flaws just as easily as it helps attackers find and exploit them. The same model that could harden a bank’s infrastructure could be the tool that breaks into it.
⬡ Frontier Red Team Finding — February 2026
Anthropic’s own Frontier Red Team documented that Claude Opus 4.6 — already publicly available — discovered over 500 high-severity zero-day vulnerabilities in production open-source codebases. Some of these bugs had been present for decades despite expert review and millions of hours of accumulated fuzzer CPU time. One vulnerability required conceptual understanding of the LZW compression algorithm — a class of reasoning no fuzzer can replicate. That was the model before Mythos.
The already-public Opus 4.6 raised serious enough flags. Anthropic simultaneously confirmed that hacking groups, including those linked to the Chinese government, had attempted to exploit Claude in real-world cyberattacks. In one documented case, a Chinese state-sponsored group ran a coordinated campaign using Claude Code to infiltrate roughly 30 organizations — including tech companies, financial institutions, and government agencies — before the company detected it. AI handled an estimated 80–90% of the operation.
“In preparing to release Claude Capybara, we want to act with extra caution and understand the risks it poses — even beyond what we learn in our own testing. In particular, we want to understand the model’s potential near-term risks in the realm of cybersecurity — and share the results to help cyber defenders prepare.” — Anthropic Internal Document
For Mythos specifically, Anthropic’s Responsible Scaling Policy (RSP) looms large. The policy defines AI Safety Levels: ASL-3 was activated in May 2025 for models that “substantially increase the risk of catastrophic misuse.” ASL-4, not yet formally triggered, applies when AI models become “the primary source of national security risk in a major area such as cyberattacks or biological weapons.” Based on the language in the leaked drafts, Mythos may be approaching that threshold.
If Mythos truly represents a step change in cyber capabilities, patch cycles that once had days or weeks of breathing room could compress to hours. The cyber arms race, already accelerating, could become asymmetric in a new and dangerous direction — with attackers using AI to discover vulnerabilities faster than human defenders can respond.
04 — Market ImpactStocks, Crypto, and the Selloff
Within hours of Fortune’s reporting, markets reacted sharply. The concerns weren’t irrational: if an AI model can autonomously discover and exploit zero-day vulnerabilities at scale, it threatens the core value proposition of every legacy cybersecurity vendor whose defenses are built on known signatures and historical threat intelligence.
| Company |
Ticker |
Drop (Mar 27) |
Sector |
| CrowdStrike |
CRWD |
−7.0% |
Endpoint Security |
| Palo Alto Networks |
PANW |
−6.0% |
Network Security |
| Zscaler |
ZS |
−4.5% |
Cloud Security |
| Okta |
OKTA |
−3.0% |
Identity & Access |
| SentinelOne |
S |
−3.0% |
AI-Powered Security |
| Fortinet |
FTNT |
−3.0% |
Network Security |
| iShares Tech-Software ETF |
IGV |
−3.0% |
Broad Tech |
| Bitcoin |
BTC |
↓ $66K |
Crypto / Risk-Off |
Raymond James analyst Adam Tindle outlined several risks: compression of traditional defensive advantages, higher attack complexity and cost to defend, and potential shifts in security architecture and spending. Defensive approaches based on known signatures, vulnerability databases, or prior threat intelligence telemetry could be pressured as AI enables continuous discovery of novel attack surfaces.
“We read this as having the potential to become the ultimate hacking tool — one that can elevate any ordinary hacker into a nation-state adversary.”
— Analyst Note, March 27, 2026
Paradoxically, however, not every analyst read the Mythos news as a pure negative for cybersecurity. The same analyst argued that announcements like this should continue elevating cybersecurity as a top IT priority, driving spend towards modernizing cyber defenses and away from legacy tools. If AI-powered attacks are coming, companies will need AI-powered defenses — and that is a significant market opportunity.
05 — The Deliberate RolloutDefenders Get a Head Start
Anthropic’s planned release strategy for Mythos was unlike anything the company had done before. Rather than a broad API launch, the rollout was designed to be defensive-first: early access would go exclusively to cybersecurity organizations, giving them a window to harden their systems before the model — or its inevitable imitators — reached bad actors.
Phase 1 — Now
Small cohort of early-access customers, focused on cybersecurity defense. Evaluating model behavior and risks in controlled environments.
Phase 2 — TBD
Expanded Claude API access, after efficiency improvements bring down cost. Model currently described as “very expensive to serve.”
Phase 3 — No Date Set
General release, contingent on safety evaluation outcomes and cost reduction milestones. Timeline entirely open-ended.
The irony of the situation is layered. Anthropic wanted to give cyber defenders a head start — to publish benchmarks showing Mythos’s offensive potential, allow security teams to study its techniques, and harden defenses accordingly. Instead, the existence of the model, its capabilities, and Anthropic’s own alarming internal risk assessment landed in public simultaneously, with no safety preparation, no controlled disclosure, and no ability to brief the security community in advance.
06 — The IronyThe Most Cybersecurity-Aware Leak in History
The Punchline
A company warning the world about AI-powered cyberattacks was undone by a checkbox. The model described as posing “unprecedented cybersecurity risks” was revealed through a default-public CMS configuration — not by a sophisticated nation-state, not by a zero-day exploit, but by a toggle left in the wrong position.
The tech community was quick to note the absurdity. In an enormously ironic twist, the draft blog obtained by Fortune — which was “available in an unsecured and publicly-searchable data store” — was the very document claiming the new model poses unprecedented cybersecurity risks. As one observer put it: let’s hope the new model wasn’t responsible for the security of Anthropic’s company blog.
It is a test for the company, which has received significant media attention for its Claude Code and Claude Cowork tools. The successes of those products have rattled competitors. The Mythos leak adds a different kind of pressure — one rooted not in capability rivalry but in questions about Anthropic’s own operational security posture at the exact moment it is asking the world to trust its judgment on frontier AI safety.
07 — What Comes NextIPOs, Lawsuits, and Open Questions
The Mythos story does not exist in a vacuum. Anthropic is simultaneously navigating a federal lawsuit against the Pentagon over a supply-chain risk designation rooted in its refusal to remove safety guardrails from Claude. Reports also surfaced this week that the company has been discussing a Q4 2026 IPO. The revelation that Anthropic is sitting on a model it considers potentially too dangerous for general release adds new dimensions to both of those threads.
For the Pentagon dispute, it provides ammunition to critics who argue Anthropic selectively applies its safety principles. For investors and IPO watchers, it raises questions about when and how Mythos revenue appears on a balance sheet — and whether regulators might weigh in before a general release is possible.
For the broader cybersecurity industry, the implications are structural. If Mythos — and the wave of similar models it is expected to inspire — can discover zero-day vulnerabilities faster than human analysts and patch systems can respond, the entire architecture of defensive cybersecurity shifts. Signature-based detection, historical threat intelligence, and human-speed incident response all face obsolescence. The question is whether the defenders, now armed with early access to Mythos itself, can adapt faster than the attackers who will inevitably get access to similar capabilities.
⬡ The Core Risk Equation
Anthropic’s own framing: give cyber defenders a head start with Mythos → they harden systems → when similar models reach bad actors, defenses are already stronger. The flaw in that plan: the deliberate head start was eliminated the moment the leak happened. Defenders and the public now know simultaneously.
For now, Mythos remains behind closed doors — tested quietly, released carefully, and very much on the world’s radar after a week nobody at Anthropic planned for. The name was chosen to evoke the deep connective tissue that links knowledge and ideas. Instead, it became the story of how a single misconfigured setting linked a company’s most sensitive secrets to anyone with a search engine.
Primary Sources
Fortune (Bea Nolan) · Investing.com · CoinDesk
Security Boulevard · The Decoder · Techzine Global
Awesome Agents · NeuralTrust · Raymond James Research
Published
March 28, 2026
Updated: 12:00 PM CT
