Exclusive: Anthropic's New 'Mythos' AI Model Revealed, Posing Unprecedented Cybersecurity Risks

Artificial intelligence company Anthropic has confirmed that it is developing and testing with early access customers a new AI model, which represents a significant advancement compared to its previous models. This announcement comes after a data leak revealed the model's existence. An Anthropic spokesperson described the new model as 'a step change' in AI performance and 'the most capable we've built to date'. Currently, the model is being trialed by 'early access customers'.

Information about the model was inadvertently stored in a publicly accessible data cache, which allowed for its review by Fortune magazine. A draft blog post, available in an unsecured and public data store, revealed that the new model is called 'Claude Mythos' and that the company believes it poses unprecedented cybersecurity risks. The same cache of documents revealed details of an invite-only CEO summit in Europe, part of the company's strategy to sell its AI models to large corporate customers.

The leaked material, including what appeared to be a draft blog post announcing a new model, was left in an unsecured and public data lake, according to documents reviewed by Roy Paz, AI security researcher at LayerX Security, and Alexandre Pauwels, cybersecurity researcher at the University of Cambridge. In total, nearly 3,000 assets related to Anthropic's blog, which had not been previously published on the company's news or research sites, were publicly accessible in this data cache, according to Pauwels.

After being informed of the leak by Fortune on Thursday, Anthropic removed the public's ability to search the data store and retrieve documents. In a statement, Anthropic acknowledged that a 'human error' in the configuration of its content management system led to the blog draft being accessible. The company described the unpublished material as 'early drafts of content considered for publication'.

In addition to 'Mythos', the draft blog post also mentioned a new tier of AI models that will be called 'Capybara'. In the document, Anthropic states: 'Capybara is a new name for a new tier of model: larger and more intelligent than our Opus models—which were, until now, our most powerful'. Capybara and Mythos appear to refer to the same underlying model.

Currently, Anthropic markets its models in three different sizes: the largest and most capable versions are branded Opus, while slightly faster and cheaper, but less capable, versions are branded Sonnet, and the smallest, cheapest, and fastest are called Haiku. However, in the blog post, Anthropic describes Capybara as a new tier of model that is even larger and more capable than Opus, but also more expensive.

The company stated: 'Compared to our previous best model, Claude Opus 4.6, Capybara gets dramatically higher scores on tests of software coding, academic reasoning, and cybersecurity, among others'. The document also indicated that the company had completed training of 'Claude Mythos', which the draft blog post described as 'by far the most powerful AI model we've ever developed'.

In response to questions about the blog draft, the company acknowledged the training and testing of a new model. An Anthropic spokesperson said: 'We’re developing a general purpose model with meaningful advances in reasoning, coding, and cybersecurity. Given the strength of its capabilities, we’re being deliberate about how we release it. As is standard practice across the industry, we’re working with a small group of early access customers to test the model. We consider this model a step change and the most capable we’ve built to date'.

The leaked document notes that the new AI model poses significant cybersecurity risks. The blog draft stated: 'In preparing to release Claude Capybara, we want to act with extra caution and understand the risks it poses—even beyond what we learn in our own testing. In particular, we want to understand the model’s potential near-term risks in the realm of cybersecurity—and share the results to help cyber defenders prepare'.

Anthropic appears to be especially worried about the model's cybersecurity implications, noting that the system is 'currently far ahead of any other AI model in cyber capabilities' and 'it presages an upcoming wave of models that can exploit vulnerabilities in ways that far outpace the efforts of defenders'. In other words, Anthropic fears that hackers could use the model to run large-scale cyberattacks.

The company states that, because of this risk, its plan for the model's release will focus on cyber defenders: 'We’re releasing it in early access to organizations, giving them a head start in improving the robustness of their codebases against the impending wave of AI-driven exploits'. The latest generations of frontier models, from both Anthropic and OpenAI, have crossed a threshold that the companies say poses new cybersecurity risks.

In February, when OpenAI released GPT-5.3-Codex, the company said it was the first model it had classified as 'high capability' for cybersecurity-related tasks under its Preparedness Framework, and the first it had directly trained to identify software vulnerabilities. Anthropic, meanwhile, navigated similar risks with its Opus 4.6, released the same week. The model demonstrated the ability to surface previously unknown vulnerabilities in production codebases, a capability that the company acknowledged was dual-use, meaning it could help both hackers and cybersecurity defenders find and close vulnerabilities in code.

The leak of not-yet-public information appears to stem from an error on the part of users of the company’s content management system (CMS), which is the software used to publish the company’s public blog, according to cybersecurity professionals. Digital assets created using the content management system are set to public by default and typically assigned a publicly accessible URL when uploaded—unless the user explicitly changes a setting so that these assets are kept private. As a result, a large cache of images, PDF files, and audio files seem to have been published erroneously to an unsecured and publicly-accessible URL via the off-the-shelf content management system.

Anthropic acknowledged in a statement to Fortune that 'an issue with one of our external CMS tools led to draft content being accessible'. It attributed this issue to 'human error'. Many of the documents appeared to be discarded or unused assets for past blog posts like images, banners, and logos. However, several appeared to be what were meant to be private or internal documents. For example, one asset has a title that described an employee’s 'parental leave'.

The documents also included a PDF containing information about an upcoming, invite-only retreat for the CEOs of European companies being held in the U.K., and which Anthropic CEO Dario Amodei will attend. Names of the other attendees are not listed, but are described as Europe’s most influential business leaders.

The two-day retreat is described as an 'intimate gathering' to engage in 'thoughtful conversation' at an 18th-century manor-turned-hotel-and-spa in the English countryside. The document says that attendees will hear from lawmakers and policymakers about how businesses are adopting AI and experience unreleased Claude capabilities. An Anthropic spokesperson told Fortune that the event 'is part of an ongoing series of events we’ve hosted over the past year. We look forward to hosting European business leaders to discuss the future of AI'.