Anthropic, the company that built its entire brand on being the responsible AI lab, just accidentally published internal documents about its most powerful model through a misconfigured content management system. The model in question? One that Anthropic itself describes as posing "unprecedented cybersecurity risks." You genuinely cannot make this up.

What Actually Happened

Fortune broke the story last Wednesday. An unsecured, publicly searchable data cache contained roughly 3,000 unpublished assets linked to Anthropic's blog — draft posts, internal documents, even employee parental leave information. Among those drafts: a detailed announcement for a model called Claude Mythos, described internally as "a step change" in capabilities and "the most capable we've built to date."

The root cause? Their CMS defaults assets to public visibility unless someone explicitly toggles them private. Nobody toggled. This isn't some exotic zero-day or supply chain attack — it's a content management system that ships with "public" as the default state, and a team moving too fast to audit that default. Anthropic acknowledged "human error" after Fortune reached out, then scrambled to lock down the data store. By then, multiple outlets had already cached the documents.

The thing that makes this sting is the content of the leak itself. This wasn't a routine model announcement sitting in a staging environment. The draft blog post contained language warning that Mythos is "currently far ahead of any other AI model in cyber capabilities" and "presages an upcoming wave of models that can exploit vulnerabilities in ways that far outpace the efforts of defenders." That specific document — about a model Anthropic considers dangerous enough to brief government officials on — was sitting in an unencrypted, publicly searchable bucket because someone forgot to flip a boolean.

Think about the chain of events: Anthropic writes an internal document about a model so dangerous that they plan to brief the White House before releasing it. They store that document in a CMS. The CMS defaults to public. Nobody checks. A reporter finds it through what amounts to basic search engine indexing. The entire carefully planned disclosure strategy — phased rollout, defenders-first access, government briefings — gets blown up by a default checkbox.

Mythos: What We Know (and What We Don't)

Here's where it gets interesting for anyone building on Claude's API. Mythos isn't just the next Opus. It's a new tier entirely, codenamed "Capybara" internally. Think of the current hierarchy — Haiku, Sonnet, Opus — and now imagine something above Opus with a different name and presumably a different price point.

What the leaked documents claim:

  • "Dramatically higher scores" on software coding, academic reasoning, and cybersecurity evaluations compared to Claude Opus 4.6

  • A new product tier that sits above Opus, meaning this isn't a 4.7 or 5.0 — it's a category upgrade

  • The model is already in testing with "early access customers"

  • Anthropic is focused on making it "much more efficient before any general release" because it's currently "very expensive for us to serve, and will be very expensive for our customers to use"

What we don't have: specific benchmark numbers. The leaked draft mentioned dramatic improvements but didn't include actual scores. One outlet reported 10 trillion parameters, though Anthropic hasn't confirmed this and it could easily be speculation extrapolated from the "step change" language. For context, Claude Opus 4.6 already operates at the frontier — it scores around 80.8% on SWE-bench Verified and holds a 1M-token context window. "Dramatically higher" from that baseline would be genuinely remarkable.

The Cybersecurity Angle Is the Real Story

Most coverage focused on the embarrassment. The substance matters more. Anthropic is reportedly briefing government officials that Mythos can autonomously discover and exploit software vulnerabilities faster than human defenders can patch them, making large-scale cyberattacks significantly more likely in 2026. This isn't marketing language — it's from internal safety evaluations that were never supposed to be public.

What This Means If You're Building on Claude

The release strategy here reflects genuine concern. Rather than a typical API launch, Anthropic is doing a phased rollout starting exclusively with cybersecurity defense organizations. Give blue teams time to understand the capabilities before red teams — or actual attackers using similar future models — can leverage them. I have mixed feelings about this. A deliberate defenders-first rollout is exactly the kind of responsible deployment Anthropic promises. But the fact that we only know about this strategy because of a data leak rather than a transparent announcement somewhat undercuts the "responsible" messaging.

Beyond the rollout strategy, a few practical implications worth tracking:

New API tier incoming. If Capybara ships as described, expect a fourth tier above Opus with meaningfully higher per-token pricing. Anthropic explicitly said the model is expensive to serve and they need to optimize before general availability. For most developers, Opus and Sonnet will remain the workhorses. Capybara will likely target enterprise use cases where the extra capability justifies the cost — automated security auditing, complex multi-step code generation, high-stakes reasoning tasks where you need the absolute best output and are willing to pay for it.

No timeline. Anthropic hasn't announced a release date, and the leaked draft was clearly pre-publication. The efficiency improvements they're working on could take weeks or months. Don't restructure your architecture around a model you can't access yet.

The safety evaluation framework matters. Whether or not you care about the political dynamics of AI safety, the cybersecurity evaluation results in this leak are developer-relevant. If models are genuinely reaching the point where they can autonomously discover and exploit vulnerabilities faster than human teams can patch them, that changes the threat model for every application you ship. It's worth paying attention to the Responsible Scaling Policy framework Anthropic uses, because it will determine when and how you get access.

The Irony Runs Deep

A Hacker News commenter summed it up: the AI safety company warning about unprecedented cybersecurity risks couldn't secure its own CMS defaults. Anthropic's March has been wild by any measure — over a dozen product launches, multiple outages, and now this. The model might be transformative when it arrives. But the way we found out is a reminder that sometimes the hardest problem is just remembering to set your drafts to private.