On March 26, 2026, two cybersecurity researchers stumbled across something Anthropic never meant to show: roughly 3,000 internal assets exposed publicly on the company’s blog, including draft posts revealing the existence of an AI model that outperforms anything Anthropic has ever released.
The model is called Claude Mythos.
The tier that defines it is called Capybara.
And the irony is hard to miss: the company that markets itself as the guardian of responsible AI just suffered a data breach caused by a simple CMS misconfiguration.
Key takeaways:
- The March 26, 2026 leak exposed the existence of Claude Mythos through a Sanity CMS misconfiguration: ~3,000 files publicly accessible
- Mythos is the model, Capybara is the new tier above Opus in the Claude hierarchy (4 levels: Haiku, Sonnet, Opus, Capybara)
- Scores on Terminal-Bench are described as “dramatically higher” than Opus 4.6: a qualitative leap with no confirmed public figures
- Anthropic is deploying with extreme caution: the model excels at exploiting cyber vulnerabilities, a concern heightened by the Claude Code Chinese espionage incident (Sept. 2025)
- The cyber stock market impact was immediate: CrowdStrike -7%, Palo Alto -6%, Tenable -9% after the leak
- Suspicious timing: the leak comes as Anthropic prepares its Nasdaq IPO in October 2026 at a valuation exceeding $300B
What we know about Claude Mythos
How the leak happened
The credit goes to Alexandre Pauwels (researcher at the University of Cambridge) and Roy Paz (LayerX Security), who identified a publicly accessible data store linked to Anthropic’s blog.
The cause: a Sanity CMS misconfiguration. The content management system Anthropic uses for its blog left thousands of files accessible without authentication or encryption.
Among those files were draft blog posts, internal preparatory documents, and unpublished assets describing in detail the capabilities of a model no one was supposed to know about.
Fortune and journalist Jeremy Kahn were the first to report the story, pushing Anthropic to break its silence.
Anthropic’s official response was measured: these were “preliminary drafts” exposed by human error.
An Anthropic spokesperson confirmed the model’s existence as “the most capable we have ever built,” describing the leak as simple human error linked to a CMS misconfiguration.
It was a well-crafted statement: neither a denial nor a celebration, just vague enough to let the excitement build on its own.
Mythos vs Capybara: understanding the names
The confusion between these two names is understandable: both appear in the leaked documents, sometimes used interchangeably.
Claude Mythos refers to the model itself, the AI system trained by Anthropic.
Capybara is the performance tier, meaning the level within the commercial hierarchy of Claude models, positioned above Opus.
The leaked drafts show two versions of the same document: a first with “Mythos” (v1), a second with “Capybara” (v2). Anthropic was apparently testing both names for the same product, with the subtitle always reading “Claude Mythos” in both cases.
The name “Mythos” was reportedly chosen to evoke “the deep connective tissue linking knowledge and ideas”: a promise of superior coherence and depth compared to existing models.
In practice, when the product becomes available, you will likely see “Claude Capybara” in interfaces, just as you see “Claude Opus” or “Claude Sonnet” today.
Capybara: the new tier above Opus
The complete Claude model hierarchy
Anthropic’s segmentation strategy is moving toward four distinct tiers instead of the current three.
| Tier | Profile | Typical use |
|---|---|---|
| Haiku | Lightweight, ultra-fast | Simple tasks, high volume |
| Sonnet | Balanced performance/cost | Daily use, standard API |
| Opus | Current high performance | Complex analysis, finance, legal |
| Capybara | New performance ceiling | Cybersecurity, advanced reasoning |
This four-tier structure is reminiscent of the premium automotive market: if Opus is the S-Class, Capybara is the Maybach.
The analogy goes beyond style: Capybara’s operational cost will be “significantly higher” than current models, according to available information.
Mythos is the first model in the Capybara tier, described in internal drafts as a “step change” in reasoning, coding, and cybersecurity capabilities.
Announced performance vs. Opus 4.6
The leaked documents indicate scores “dramatically higher” than Claude Opus 4.6 across several benchmarks, including Terminal-Bench, which measures coding and reasoning capabilities in terminal environments.
No precise figures have been made public: the drafts describe the qualitative leap without quantifying it, which fuels both excitement and skepticism.
For context: if you already use Claude Opus 4.6 for complex tasks in finance or legal work, Capybara’s promise is an additional layer of consistency and precision in domains that demand absolute rigor.
A comparison with OpenAI Spud, the supposed competing OpenAI model in development, remains impossible: no reliable source confirms its actual performance.
The cybersecurity question that has Anthropic on guard
Why Anthropic is holding back
This is the most interesting part of the leak, and the least discussed outside France.
Anthropic’s drafts warn explicitly: “as we prepare for the release of Claude Capybara, we are proceeding with extra caution to understand risks beyond our current testing.”
The concrete reason: Mythos excels at identifying and exploiting system vulnerabilities faster than defense teams can patch them.
This isn’t a secondary capability. It’s one of the model’s core purposes: offensive and defensive cybersecurity capabilities are central to its Capybara positioning.
Initial access is restricted to a small group of organizations specializing in cyber-defense, before any broad release, in line with Anthropic’s Responsible Scaling Policy.
That cautious rollout is precisely what caused cybersecurity stocks to drop: investors understood that if Mythos delivers on its promises, current defense tools become partly obsolete.
Result: CrowdStrike -7%, Palo Alto Networks -6%, Tenable -9% in the hours following Fortune’s article.
The Claude Code incident and the Chinese state-sponsored attacks
To understand why Anthropic is acting with such caution, you have to go back to September 2025.
Anthropic researchers detected what is now considered “the first large-scale cyberattack fully orchestrated by an AI with minimal human involvement“: a Chinese state-sponsored group had hijacked Claude Code to infiltrate around thirty organizations worldwide.
The model handled 80 to 90% of the operation autonomously: system reconnaissance, vulnerability identification, exploit code writing, credential harvesting, sensitive data exfiltration.
The attackers bypassed Anthropic’s safeguards by claiming the operations were legitimate security tests.
Anthropic cut off access and alerted authorities, but the signal was clear: a model even more powerful than Claude Code, in the wrong hands, represents a threat of a different magnitude.
The irony is almost poetic: Anthropic finds itself having to delay the release of its most powerful model precisely because of the cyber risks that model embodies.
For a full overview of Anthropic’s latest Claude updates, check out our roundup of Claude’s March 2026 features.
Pricing and availability
On both fronts, the silence is almost total.
No pricing has been announced, but available information points to training and inference costs significantly higher than current models.
With Anthropic’s annualized revenue jumping from $1B in early 2025 to $19B, the company has the capacity to absorb those costs, but Capybara’s pricing will likely be positioned as a premium enterprise product, far from consumer-grade rates.
The availability window remains vague: the leaked drafts mention a timeline between February and October 2026, with absolute priority given to cyber-defense partners in early access.
A consumer release before summer 2026 seems unlikely given the precautions described in the internal documents.
What Mythos changes in the AI race
This leak arrives at a moment of peak tension in the frontier AI model race.
OpenAI is preparing its own IPO at a valuation exceeding $500B and already has models like GPT-5.4 with Computer Use available on the market.
Google is pushing Gemini 2.5 Ultra into enterprise segments.
In this context, the Mythos announcement positions Anthropic as potentially holding the most advanced model on the market, just ahead of its Nasdaq IPO planned for October 2026 at an estimated valuation between $200B and $400B.
The timing coincidence is striking enough that analysts have commented on it explicitly.
For developers and technical teams who rely on the Claude suite daily, the practical question is different: will Claude Dispatch, Claude access via SMS, phone, and email, ever be powered by Mythos rather than Opus or Sonnet?
The answer is probably no for consumer use cases in the near term: Capybara’s inference costs make it suited to high-value enterprise workloads.
If Mythos delivers on its promises, Anthropic will hold the most advanced frontier model in the world, right as it seeks to raise funds on public markets.
The timing is remarkable.
Is this all a marketing stunt?
The question deserves to be asked plainly.
The case for a genuine accident is solid: a basic CMS misconfiguration, 3,000 files exposed (including several describing a private CEO summit), an official “human error” acknowledgment from Anthropic, and the profile of the discoverers (two independent security researchers, not briefed journalists).
The case for skepticism is equally real: the pre-IPO timing, the perfect announcement effect (“the most powerful model Anthropic has ever built”), and an official confirmation that amplified media coverage rather than containing it.
The most likely truth: this was an embarrassing blunder that Anthropic skilfully reframed as a positive market signal after the fact, turning a security incident into a pre-IPO teaser.
The fundamental irony remains: the company that built Claude as a cyber-defense tool let its most advanced model leak through a basic human error.
No sophisticated exploit, no nation-state attack: just a misconfigured CMS.
It’s exactly the kind of detail Anthropic’s competitors have certainly taken note of.
While we wait for the official Capybara release, the #QuitGPT movement and the mass migration from ChatGPT to Claude that began in early 2026 gives Anthropic an engaged user base ready to be sold, when the time comes, its most ambitious model.
The groundwork is laid.
What remains to be seen is whether Mythos will live up to its drafts.
FAQ
What is Claude Mythos?
Claude Mythos is the name of the new AI model developed by Anthropic, revealed through a leak on March 26, 2026.
It is the first model in the Capybara tier, the highest level in the Claude model hierarchy.
What is the Capybara tier?
Capybara is the new performance level in the Claude model commercial hierarchy, positioned above Opus 4.6.
The complete hierarchy now has four tiers: Haiku, Sonnet, Opus, and Capybara.
How did the leak happen?
A misconfiguration of the Sanity CMS used by Anthropic for its blog publicly exposed roughly 3,000 internal assets, including draft posts describing Claude Mythos.
The vulnerability was discovered by Alexandre Pauwels (Cambridge) and Roy Paz (LayerX Security) on March 26, 2026.
How does Mythos compare to Opus 4.6?
The leaked documents describe scores “dramatically higher” on Terminal-Bench (coding and reasoning) and an overall qualitative “step change.”
No precise figures have been made public.
Why is Anthropic taking so long to release Capybara?
Anthropic is proceeding with extreme caution because of cybersecurity risks: Claude Mythos excels at identifying and exploiting system vulnerabilities faster than defense teams can respond.
That level of performance makes it a potentially dangerous tool if the model falls into the wrong hands.
What was the Claude Code incident with the Chinese hackers?
In September 2025, a Chinese state-sponsored group hijacked Claude Code to conduct the first documented cyberattack almost entirely orchestrated by an AI, targeting around thirty organizations worldwide.
80 to 90% of the actions were automated with minimal human involvement.
What will Claude Capybara cost?
No pricing has been announced at this stage.
Operational costs are described as significantly higher than current models, suggesting a premium enterprise positioning, likely out of reach for general consumers initially.
What was the stock market impact of the leak?
Major cybersecurity company stocks fell after the revelation: CrowdStrike -7%, Palo Alto Networks -6%, Tenable -9%.
Investors anticipate that a model this capable on the offensive side could weaken existing defense tools.
What is the connection to Anthropic’s IPO?
Anthropic is preparing to go public on the Nasdaq, likely in October 2026, at a valuation estimated above $300B.
The leak comes just months before this deadline, fueling speculation about whether the timing was intentional or at least adeptly managed after the fact.
Was this leak a disguised marketing move?
The technical evidence points to a genuine accident: basic CMS error, 3,000 files exposed, “human error” confirmed by Anthropic.
The most likely explanation remains an embarrassing blunder whose post-incident communication was handled skilfully to maximize marketing impact ahead of the IPO.
Related Articles
Reddit blocks AI scraping: what it means for LLMs and open source
On March 25, 2026, Reddit sent shockwaves through the AI community: the platform is shutting its doors to automated scrapers, requiring biometric verification for suspicious accounts, and removing 100,000 bot…
Jensen Huang declares AGI achieved: analysis of a divisive announcement
On March 22, 2026, at 1:55 AM on episode 494 of the Lex Fridman podcast, Jensen Huang said five words that shook the tech world. Jensen Huang, CEO of Nvidia,…