The Biggest AI Leak of 2026
On March 26, 2026, Fortune published an exclusive revealing that Anthropic accidentally exposed draft documents about a powerful new AI model called Claude Mythos. The leak was caused by a configuration error in Anthropic's content management system that made close to 3,000 unpublished assets publicly accessible.
Security researchers Roy Paz of LayerX Security and Alexandre Pauwels of the University of Cambridge discovered the exposed data store. Here's what the leaked documents reveal — and what's been independently verified since.
What Is Claude Mythos?
According to the leaked draft blog posts, Mythos is a new generation of Claude model and Capybara is a new tier above Opus.
The documents state: "Capybara is a new name for a new tier of model: larger and more intelligent than our Opus models — which were, until now, our most powerful."
This creates a four-tier structure for Claude models:
Tier | Description | Status |
|---|---|---|
Capybara (new) | Largest, most powerful | Early access only |
Opus | Most capable (current top tier) | Generally available |
Sonnet | Balanced speed and capability | Generally available |
Haiku | Fastest, cheapest | Generally available |
Researchers found two versions of the same blog post that differ only in the model's name: "Mythos" (v1) and "Capybara" (v2). In the Capybara version, the name was swapped throughout the title and body, but the subtitle still reads: "We have finished training a new AI model: Claude Mythos."
What the Leaked Documents Claim
The draft blog post makes several specific claims:
"Dramatically higher scores" than Claude Opus 4.6 on software coding, academic reasoning, and cybersecurity
The model is "currently far ahead of any other AI model in cyber capabilities"
It "poses unprecedented cybersecurity risks" by potentially "rapidly finding and exploiting software vulnerabilities"
The model could "accelerate a cyber arms race"
Important: No specific benchmark scores appeared in the leaked documents themselves. The claims are qualitative, not quantitative.
SWE-Bench Pro: 77.8% — Verified on the Leaderboard
While the leaked documents didn't contain benchmark numbers, the SWE-Bench Pro leaderboard (as of April 7, 2026) independently confirms:
Claude Mythos Preview: 77.8%
GLM-5.1: 58.4%
GPT-5.4: 57.7%
Claude Opus 4.6: 57.3%
Gemini 3.1 Pro: 54.2%
That 77.8% represents a 20.5 percentage point improvement over Claude Opus 4.6 — the largest single-generation jump on SWE-Bench Pro. For context, the gap between Mythos and the #2 model (GLM-5.1 at 58.4%) is larger than the gap between #2 and #5.
The Cybersecurity Paradox
In an ironic twist that multiple outlets noted, Anthropic's own security lapse — a misconfigured CMS — revealed a model that the company itself warns poses cybersecurity risks.
The leaked draft outlines a cautious rollout strategy: beginning with a small group of early-access users focused on cybersecurity evaluation. Anthropic acknowledges the dual-use nature of the model's capabilities and says it requires "extra caution."
The Second Leak: Claude Code Source Code
Just days later, Fortune reported a second security incident: Anthropic accidentally leaked the source code for Claude Code on NPM. Approximately 500,000 lines across ~1,900 files were exposed.
The leaked source code provided additional evidence:
Anthropic is actively preparing to launch Capybara
The company may release "fast" and "slow" versions — similar to Sonnet (fast) and Opus (thorough) today
Internal references confirm the model is in advanced testing stages
Availability and Pricing
As of April 2026:
Detail | Status |
|---|---|
Access | Closed early access — small group selected by Anthropic |
Public API | Not available |
Pricing | Not announced (described as "very expensive to serve") |
Release date | Not confirmed |
Anthropic told Fortune the exposed materials were "early drafts of content that were being considered for publication" and attributed the incident to "human error."
What This Means for the AI Landscape
1. The Open-Source Gap Widens Again
GLM-5.1 just took the open-source crown at 58.4%. If Mythos ships at 77.8%, the gap between the best open and closed models jumps from 1.1 points (Opus vs GLM-5.1) to 19.4 points. That's a generational difference.
2. Pricing Will Define Adoption
If Capybara is "very expensive to serve," expect a premium tier. Current Opus pricing ($5/$25 per million tokens) may look cheap compared to Capybara rates. For developers doing high-volume work, GLM-5.1 at $1/$3.20 remains the pragmatic choice.
3. Competitive Pressure Intensifies
OpenAI's GPT-5.5 "Spud" is weeks from release. DeepSeek V4 targets late April. Google Gemma 4 just shipped under Apache 2.0. If Anthropic adds Mythos to this mix, Q2 2026 becomes the most competitive quarter in AI history.
4. Security Implications Are Real
Anthropic's own warning about the model's cybersecurity capabilities — combined with the irony of discovering this through their own security failure — suggests a careful, phased rollout. Don't expect immediate general availability.
What to Watch For
Official announcement: When Anthropic formally reveals Mythos/Capybara pricing and availability
Independent benchmarks: Third-party verification beyond SWE-Bench Pro — reasoning, math, general knowledge
Fast vs. slow variants: Whether Capybara gets a Sonnet-equivalent (fast) and Opus-equivalent (thorough)
API pricing: Whether it's $10/$50+ per million tokens or even higher
Bottom Line
Claude Mythos appears to be a genuine "step change" — not marketing speak. The 77.8% SWE-Bench Pro score is independently verified on the leaderboard, not just leaked marketing copy. The fact that this was revealed through a security failure rather than a polished launch adds credibility: these are internal documents, not press releases.
When it ships broadly, Mythos could reset the competitive landscape. But "when" is the operative word — Anthropic is clearly being cautious, and for a model they describe as posing "unprecedented cybersecurity risks," caution seems warranted.