Anthropic has confirmed the existence of Claude Mythos, a new AI model it describes as representing a “step change” in capabilities, after internal documents were discovered in an unsecured publicly searchable data store. The leak exposed nearly 3,000 unpublished assets linked to Anthropic’s blog, including draft announcements and internal materials describing the model’s capabilities and risk profile.
An Anthropic spokesperson confirmed that Mythos is the most capable model the company has built to date, with meaningful advances in reasoning, coding, and cybersecurity. The model outperformed Claude Opus 4.6 across several benchmarks and would occupy a new tier above Opus in Anthropic’s model lineup. The company said it is working with a small group of early access customers to test the model.
The cybersecurity implications drew the most attention. Internal documents describe the model as being far ahead of any other AI system in cyber capabilities, and Anthropic’s own assessment warns that it presages an upcoming wave of models that can exploit vulnerabilities in ways that far outpace the efforts of defenders. This candid internal risk assessment, now public, has intensified debate about whether frontier AI companies can responsibly develop and contain models with offensive security capabilities.
The breach itself stemmed from a misconfiguration in Anthropic’s content management system. A default setting automatically made uploaded files public, leaving the nearly 3,000 internal documents exposed to anyone who knew where to look. The irony of a company known for its focus on AI safety suffering a basic infrastructure security failure has not been lost on observers.
The leaked materials also referenced an upcoming invite-only CEO retreat, adding corporate governance details to the security exposure. Anthropic has not disclosed how long the data store was publicly accessible or whether any sensitive customer information was included among the exposed assets. The incident is likely to prompt scrutiny of operational security practices across frontier AI labs, where the gap between published safety commitments and basic IT hygiene can carry significant consequences.
