Anthropic ‘Mythos’ Leak

Security researchers Roy Paz of LayerX Security and Alexandre Pauwels of the University of Cambridge independently found an unsecured Anthropic CMS cache that contained roughly 3,000 unpublished assets, including draft blog posts, PDFs, images and event materials. (tech.yahoo.com) Fortune reviewed the exposed documents and notified Anthropic on March 26, after which the company removed public access and attributed the incident to a human error in CMS configuration. (fortune.com) Leaked drafts identify the unreleased model as “Claude Mythos” (internally codenamed “Capybara”) and describe Capybara as a new product tier positioned above Anthropic’s Opus line. (boxmining.com) Anthropic’s own draft language, quoted in reporting, calls Mythos “a step change” and “the most capable we’ve built to date,” and the company says the model has completed training and is being trialed with select early-access customers. (mashable.com) Leaked internal assessments warn Mythos scores dramatically higher on coding, academic reasoning and cybersecurity benchmarks and state it is “currently far ahead of any other AI model in cyber capabilities,” including the ability to identify and exploit software vulnerabilities at machine speed. (findskill.ai) The disclosure triggered a sharp market reaction on March 27, with major cybersecurity stocks sliding — reports cite CrowdStrike down about 7% and Palo Alto Networks down about 6% as investors priced in the leaked capabilities. (finance.yahoo.com) Independent coverage and security analysis stress this was an access-control/configuration failure rather than an intrusion, highlighting that a CMS default setting left uploaded assets publicly searchable unless explicitly set private. (securityboulevard.com) Reporting of the cache also included unpublished corporate items such as an invite-only CEO summit, underscoring that the exposed trove mixed product drafts with sensitive commercial and event planning details. (revolutioninai.com)