Anthropic’s next AI model wasn’t supposed to be public yet. A misconfigured content management system changed that.

On March 26, Fortune discovered that nearly 3,000 unpublished assets — including a draft blog post announcing a new model called Claude Mythos — were sitting in a publicly accessible, searchable data store. Anthropic removed access after being notified, attributing the exposure to “human error.”

What the documents reveal is significant: Anthropic has trained what it describes as “by far the most powerful AI model we’ve ever developed” — and it believes the model poses unprecedented cybersecurity risks.

What We Know About Claude Mythos

From the leaked draft blog post:

  • Claude Mythos is the internal name. The public-facing brand will be Capybara — a new model tier above Opus, making it Anthropic’s largest and most capable offering.
  • Anthropic describes it as “a step change” in AI performance, with “dramatically higher scores on tests of software coding, academic reasoning, and cybersecurity” compared to Claude Opus 4.6.
  • Training is complete. The model is being tested with “a small group of early access customers.”
  • It’s expensive to run and not yet ready for general release.

In its statement to Fortune, Anthropic confirmed: “We’re developing a general purpose model with meaningful advances in reasoning, coding, and cybersecurity. Given the strength of its capabilities, we’re being deliberate about how we release it.”

The Cybersecurity Problem

This is where it gets serious. The leaked document states that Claude Mythos is “currently far ahead of any other AI model in cyber capabilities” and that “it presages an upcoming wave of models that can exploit vulnerabilities in ways that far outpace the efforts of defenders.”

Anthropic’s planned rollout strategy reflects this concern: the initial release will prioritize cyber defense organizations, giving them “a head start in improving the robustness of their codebases against the impending wave of AI-driven exploits.”

This follows an established pattern. When OpenAI released GPT-5.3-Codex in February, it was the first model classified as “high capability” for cybersecurity under OpenAI’s Preparedness Framework. Anthropic’s own Opus 4.6, released the same week, demonstrated the ability to surface previously unknown vulnerabilities in production codebases.

But Mythos apparently goes further. And Anthropic knows it.

The company has direct experience with adversarial use of Claude: it previously documented that a Chinese state-sponsored group used Claude Code to infiltrate roughly 30 organizations — including tech companies, financial institutions, and government agencies — before Anthropic detected and disrupted the campaign.

Market Reaction

The leak triggered measurable market impact:

  • CrowdStrike and Palo Alto Networks stock dropped approximately 7%
  • Tenable fell 11%

The logic: if Anthropic’s own assessment is that Mythos will enable attacks that “far outpace defenders,” the cybersecurity industry faces an escalating arms race.

A New Model Tier

Beyond the security implications, the leak confirms a structural change to Anthropic’s product lineup. Currently, Claude models come in three tiers: Haiku (smallest/cheapest), Sonnet (balanced), and Opus (largest/most capable).

Capybara sits above Opus as a fourth tier — larger, more capable, and more expensive. This suggests Anthropic is preparing for a market where frontier capabilities command premium pricing, separate from the more accessible Opus/Sonnet/Haiku tiers.

The Irony

An AI company that warns about unprecedented cybersecurity risks accidentally left its most sensitive product plans on the open internet. The leak wasn’t a sophisticated attack — it was a content management misconfiguration that two independent security researchers identified.

As Claude itself might note: the biggest security vulnerabilities are usually the most mundane.

What This Means for OpenClaw Users

If Claude Mythos / Capybara lives up to its leaked benchmarks, it will likely become available as a model option in OpenClaw and similar agent frameworks. The implications are dual:

  1. For defenders: More powerful code analysis, vulnerability detection, and automated security auditing through OpenClaw-powered agents.
  2. For attackers: The same capabilities weaponized. Anthropic’s own assessment is that this model enables exploit development that outpaces current defenses.

The broader trend is clear: every frontier model release now comes with a cybersecurity disclosure. We’ve moved from “this model can write code” to “this model can find and exploit vulnerabilities faster than humans can patch them.”

The question isn’t whether these capabilities will proliferate — it’s whether the defense ecosystem can keep up.

Sources: Fortune exclusive, Fortune follow-up, IronScales analysis