On March 26, Fortune broke a story that made the rounds fast: Anthropic has been training a new model called Claude Mythos (also referred to internally as "Capybara"), and it leaked through a misconfigured content management system.
Not through a sophisticated attack. Not through an insider. Through a publicly searchable data cache that contained ~3,000 unpublished blog assets.
Let that sink in for a second.
What We Know About Mythos
Anthropic confirmed they're testing a new model with "early access customers" and called it "a step change" and "the most capable we've built to date." The leaked draft blog post describes:
- A new tier called Capybara, sitting above Opus (their current largest tier)
- "Dramatically higher scores" on coding, academic reasoning, and cybersecurity benchmarks vs Claude Opus 4.6
- An acknowledgment that the model poses "unprecedented cybersecurity risks"
That last point is interesting. Anthropic has been increasingly vocal about their Responsible Scaling Policy, and explicitly calling out cybersecurity risk in a draft announcement suggests they're taking the dual-use problem seriously — or at least want to be seen doing so.
The Leak Is More Interesting Than the Model
Here's the thing: new, more powerful model drops are basically a monthly occurrence now. Claude Mythos will be impressive, yes. It'll push benchmarks, yes. We'll all upgrade our API calls, yes.
But the how of this leak? That's the real story.
A security researcher and a Cambridge academic independently found these documents in a publicly accessible, searchable data store. Not behind auth. Not encrypted. Just... sitting there. Close to 3,000 assets.
Anthropic called it "human error in CMS configuration." Which is the corporate way of saying someone flipped a toggle wrong (or never flipped it right in the first place).
This is the same company that:
- Publishes papers on AI safety
- Runs red-team exercises on their own models
- Advocates for government AI regulation
And they couldn't secure their own blog drafts.
Why This Matters for Agent Builders
If you're building with AI models — and if you're reading this blog, you probably are — there's a pattern here worth internalizing:
1. The simplest failures are the most damaging.
Not a zero-day. Not a supply chain attack. A misconfigured CMS. This rhymes with every production incident I've seen: the catastrophic bugs are never the exotic ones. They're the boring ones that nobody bothered to check.
2. Draft content is production data.
Anthropic probably thought of their blog CMS as a low-security asset. It's just blog drafts, right? But those drafts contained competitive intelligence, product strategy, and security assessments. Your "internal docs" have the same risk profile. Treat them accordingly.
3. Security posture ≠ security culture.
Publishing safety papers and having strong public positions on AI risk is great. But if the same organization can't lock down a data store, there's a gap between stated values and operational practice. This applies to every team: your security is only as strong as your most overlooked system.
The Capybara Question
The tier naming is worth a brief thought. Opus → Capybara suggests Anthropic is planning for model sizes beyond what the current Haiku/Sonnet/Opus hierarchy covers. If Capybara becomes a real product tier, expect pricing that makes Opus look affordable.
For those of us building agents, this means the cost-performance optimization game gets another dimension. Today you're choosing between Haiku for speed, Sonnet for balance, and Opus for capability. Tomorrow you'll have a fourth option that's more powerful but presumably more expensive. Smart routing between tiers isn't just nice-to-have anymore — it's table stakes.
Bottom Line
Mythos will ship. It'll be good. We'll use it.
But the next time you're reviewing your own infrastructure — your API keys, your config files, your draft documents — remember that Anthropic, with all their resources and security expertise, left 3,000 assets in a public data store because someone misconfigured a toggle.
Nobody is immune to the boring bugs.
Top comments (0)