Anthropic has confirmed it is developing and testing a new artificial intelligence model called Claude Mythos, described as the most capable the company has ever built. Writing for Fortune, Beatrice Nolan reports that the model’s existence came to light after internal documents were accidentally left in a publicly accessible online data store.
An Anthropic spokesperson called the model “a step change” in AI performance. The company says it is currently being tested by a small group of early access customers before any broader release.
The leaked material included a draft blog post referring to the model under two names. “Claude Mythos” seems likely as the official name, while “Capybara” sounds more like an internal codename. Anthropic currently sells its models in three sizes: Haiku, Sonnet, and Opus. Mythos would sit above all of these, making it larger and more expensive than the existing top tier.
The draft states that compared to Claude Opus 4.6, the new model scores dramatically higher on tests of software coding, academic reasoning, and cybersecurity tasks.
Cybersecurity is a particular concern. Anthropic’s own draft blog post describes the model as “currently far ahead of any other AI model in cyber capabilities.” The company warns the system could help attackers exploit software vulnerabilities faster than defenders can respond. Because of this risk, Anthropic plans to release the model first to cybersecurity organizations, giving them time to strengthen their defenses before the technology becomes more widely available.
This concern follows a pattern across the AI industry. OpenAI recently classified its GPT-5.3-Codex as the first model reaching “high capability” for cybersecurity tasks under its own safety framework. Anthropic’s existing Opus 4.6 can already surface previously unknown vulnerabilities in software, a capability the company acknowledges can be used for both attack and defense.
Anthropic has also disclosed that hacking groups linked to the Chinese government have attempted to misuse its Claude system. In one case, a Chinese state-sponsored group used Claude Code to infiltrate approximately 30 organizations, including technology companies, financial institutions, and government agencies, before Anthropic detected the campaign. The company then banned the accounts involved and notified affected organizations.
The data leak itself stems from a misconfiguration in Anthropic’s content management system. Digital assets uploaded to the system are set to public by default. Unless a user actively changes this setting, files become accessible to anyone with the right URL. Cybersecurity researchers Roy Paz of LayerX Security and Alexandre Pauwels of the University of Cambridge identified close to 3,000 previously unpublished assets in the exposed data store. After Fortune informed Anthropic of the leak, the company removed public access to the store and attributed the incident to “human error.”
