Key Takeaways
- Anthropic accidentally leaked documents revealing a new AI model called Claude Mythos that the company says is "far ahead of any other AI model in cyber capabilities."
- Cybersecurity stocks dropped after the news broke, adding to fears that advanced AI tools could make cyberattacks easier and harder to defend against.
- Anthropic plans a cautious rollout focused on giving cybersecurity defenders early access before making the model widely available.
A data leak from AI company Anthropic has revealed the existence of a new generation of AI model called Claude Mythos. The model is reportedly already being tested by a small group of early access customers, and Anthropic itself has acknowledged that it poses serious cybersecurity risks.
The news sent cybersecurity stocks lower on Friday and reignited debate about how quickly AI capabilities are outpacing the defenses designed to contain them.
Here is what happened, what it means, and why it matters even if you have never heard of Anthropic before.
What Is Anthropic and Why Does This Matter?
Anthropic is one of the leading artificial intelligence companies in the world. It builds AI models under the brand name Claude, which compete directly with OpenAI's ChatGPT and Google's Gemini. The company was founded by former OpenAI employees and has positioned itself as a safety-focused AI lab.
Anthropic sells its AI models in three size tiers. Opus is the largest and most capable. Sonnet is a mid-range option. Haiku is the smallest and fastest. The leaked documents describe a new tier called Capybara that sits above Opus, making it the most powerful model Anthropic has ever built.
How the Leak Happened
The leak was caused by a configuration error in Anthropic's content management system, which is the software the company uses to publish its blog. Digital assets uploaded through the system were set to public by default. Unless someone manually changed the privacy setting, those files were accessible to anyone who knew where to look.
Security researchers Roy Paz from LayerX Security and Alexandre Pauwels from the University of Cambridge independently discovered nearly 3,000 unpublished assets in a publicly searchable data store. These included images, PDFs, audio files, and draft blog posts.
Among those drafts was a structured blog post announcing Claude Mythos and outlining a planned product launch. Fortune reviewed the documents and contacted Anthropic, which then removed public access to the data store. Anthropic attributed the exposure to "human error."
What the Leaked Documents Say About Claude Mythos
The draft blog post describes Claude Mythos as "by far the most powerful AI model we've ever developed." It also introduces a new model tier called Capybara, which appears to refer to the same underlying model. According to the draft, Capybara scores dramatically higher than previous Anthropic models on tests of software coding, academic reasoning, and cybersecurity tasks.
The most significant detail is the cybersecurity warning. The draft states that Claude Mythos is "currently far ahead of any other AI model in cyber capabilities." Anthropic wrote that the model "presages an upcoming wave of models that can exploit vulnerabilities in ways that far outpace the efforts of defenders."
In plain terms, Anthropic is saying this AI model is so good at finding weaknesses in software that it could be used by hackers to launch attacks faster than security teams can patch them.
Anthropic's Planned Rollout Strategy
Because of the cybersecurity risks, Anthropic outlined a careful release plan in the draft. The company said it would give early access to cybersecurity defense organizations first. The goal is to let defenders use the model to find and fix vulnerabilities in their own systems before hackers get access to similar capabilities.
An Anthropic spokesperson confirmed to Fortune that the company is "being deliberate about how we release it" and is working with a small group of early access customers to test the model.
This is not the first time Anthropic has dealt with its AI being used for malicious purposes. The company previously reported that a Chinese state-sponsored hacking group used Claude Code to infiltrate roughly 30 organizations, including tech companies, financial institutions, and government agencies. Anthropic eventually detected the campaign, banned the accounts involved, and notified the affected organizations.
How Cybersecurity Stocks Reacted
Cybersecurity stocks fell on Friday after reports about Claude Mythos spread. The sector has already been under pressure in 2026 as investors worry that increasingly capable AI tools could disrupt traditional cybersecurity companies.
The concern is straightforward. If AI models can find software vulnerabilities faster than human security teams, then companies selling legacy security tools may need to evolve quickly or risk falling behind. At the same time, these same AI tools could help defenders if deployed responsibly.
The broader software sector has also faced selling pressure this year as investors reassess which companies benefit from AI and which face new competition from it.
Elon Musk Weighs In
Elon Musk, who owns the social platform X and runs the competing AI company xAI, commented on the news by calling it "seriously troubling." The post quickly gained tens of thousands of views.
Musk has a history of publicly criticizing AI competitors. Anthropic was founded by former OpenAI employees, and Musk has been vocal about his disagreements with both OpenAI and Anthropic over their approaches to AI safety and commercialization.
Meanwhile, Musk's own AI venture xAI recently launched a new paid subscription tier called SuperGrok Lite at $10 per month, alongside its existing plans ranging from $30 to $300 per month.
What This Means for Everyday Users
If you are not in the cybersecurity industry, the immediate impact of Claude Mythos on your daily life is limited. The model is not publicly available yet and may not be for some time.
However, the broader trend matters. As AI models become more capable at finding security flaws, the software and devices you use every day, including your router, modem, and smart home equipment, could become targets of more sophisticated attacks. This makes it more important than ever to keep your firmware updated, use strong passwords, and follow basic network security practices.
What You Can Do Right Now
- Update your router and modem firmware to the latest version.
- Change default passwords on all networking equipment.
- Enable automatic security updates on all connected devices.
- Consider using a reputable VPN service for an extra layer of protection.
Frequently Asked Questions
What is Anthropic's Claude Mythos AI model?
Claude Mythos is a new, unreleased AI model developed by Anthropic. It is described as the most powerful model the company has ever built, with advanced capabilities in coding, reasoning, and cybersecurity tasks. Anthropic has confirmed the model exists and is being tested with a small group of early access customers.
How did the Anthropic data leak happen?
The leak occurred because of a configuration error in Anthropic's content management system. Files uploaded to the system were set to public by default, and someone failed to change the privacy setting. This left nearly 3,000 unpublished assets, including draft blog posts, in a publicly accessible and searchable location online.
Why are cybersecurity stocks dropping because of AI?
Cybersecurity stocks have been falling because investors are concerned that advanced AI models could make cyberattacks easier to carry out. If AI tools can find software vulnerabilities faster than human defenders can fix them, traditional cybersecurity companies may struggle to keep up. The news about Claude Mythos added to those fears.
Can AI models like Claude Mythos be used for hacking?
Yes, advanced AI models have what is called dual-use capability. That means they can be used both to defend against cyberattacks and to carry out them. Anthropic has specifically warned that Claude Mythos could exploit software vulnerabilities in ways that outpace current defense efforts, which is why the company is prioritizing access for cybersecurity defenders.
What is the difference between Claude Mythos and Capybara?
Based on the leaked documents, Claude Mythos and Capybara appear to refer to the same underlying model. Mythos is the model name, while Capybara is the name for a new model tier that sits above Anthropic's existing Opus tier. Capybara models are described as larger, more intelligent, and more expensive than Opus models.
Has Anthropic's AI been used in real cyberattacks before?
Yes. Anthropic has publicly reported that a Chinese state-sponsored hacking group used Claude Code to target roughly 30 organizations, including tech companies, financial institutions, and government agencies. The company detected the campaign, banned the accounts responsible, and notified the organizations that were affected.
How can I protect my home network from AI-powered cyber threats?
The best steps you can take right now are to keep your router and modem firmware updated, change any default passwords on your networking equipment, enable automatic security updates on all connected devices, and use strong unique passwords for your Wi-Fi network and admin panel. These basics go a long way toward reducing your risk, regardless of how attacks are generated.
