By Anthropic has been quietly training a model that sits above Opus in its product hierarchy. We know this because the company left a draft blog post announcing it in an unsecured, publicly searchable data store, where security researchers found it last week.
The model is called Claude Mythos, codenamed Capybara. According to the leaked draft, reviewed by Fortune, it gets "dramatically higher scores on tests of software coding, academic reasoning, and cybersecurity" compared to Claude Opus 4.6. Anthropic confirmed the model exists, calling it "a step change" and "the most capable we've built to date." It is currently in early access testing with a small group of customers.
The question is whether "dramatically higher" means a meaningful capability jump or the kind of incremental gain that looks impressive on benchmarks but barely registers in production workflows.
What the leak actually revealed
The leak was discovered independently by Roy Paz, a senior AI security researcher at LayerX Security, and Alexandre Pauwels, a cybersecurity researcher at the University of Cambridge. They found that Anthropic's content management system stored all assets, published and unpublished, in a publicly accessible data cache. Nearly 3,000 unpublished assets were sitting there, according to Pauwels' count reported by Fortune. Blog drafts, images, PDFs, all retrievable by anyone who knew how to query the system.
The draft blog post described Capybara as "a new name for a new tier of model: larger and more intelligent than our Opus models, which were, until now, our most powerful." It also laid out a cautious rollout plan, acknowledging the model is expensive to run and not ready for general release.
Anthropic attributed the exposure to "human error in the CMS configuration" and stressed the leaked material was "early drafts of content considered for publication." After Fortune contacted the company on March 26, Anthropic locked down the data store.
The irony here is thick. The draft also detailed how Mythos poses what Anthropic considers unprecedented cybersecurity risks. The company described the model as "currently far ahead of any other AI model in cyber capabilities" and warned it "presages an upcoming wave of models that can exploit vulnerabilities in ways that far outpace the efforts of defenders." A company warning about novel cyber risks while leaving its own CMS wide open is not a great look.
A fourth tier changes the economics
Until now, Anthropic's product line followed a clean three-tier structure: Haiku (fast, cheap), Sonnet (balanced), Opus (maximum capability). Capybara introduces a fourth tier above Opus, which means it will almost certainly come at a higher price point.
The draft blog explicitly noted the model is expensive to run. For practitioners, this raises a practical question: if Opus already handles most complex tasks well, who needs a tier above it, and at what cost?
The answer, based on the leaked rollout strategy, appears to be enterprise security teams first. Anthropic's plan is to release Mythos in early access to organizations that can use its cyber capabilities defensively, "giving them a head start in improving the robustness of their codebases against the impending wave of AI-driven exploits." This is a security-first go-to-market, not a consumer launch.
That tracks with how OpenAI handled GPT-5.3-Codex in February, which it classified as "high capability" for cybersecurity tasks under its Preparedness Framework. Both labs are now building models that can find vulnerabilities faster than human security teams can patch them, and both are grappling with the dual-use problem in real time.
Claude's consumer surge adds context
The Mythos leak lands during what is already Anthropic's strongest consumer stretch. Claude hit #1 on Apple's US App Store in early March, briefly dethroning ChatGPT, according to Business Insider. As of early March, Appfigures data reported by TechCrunch showed Claude pulling 149,000 daily US downloads versus ChatGPT's 124,000. Similarweb data from the same TechCrunch report put Claude's daily active users at 11.3 million on March 2, up from roughly 4 million at the start of the year.
An Anthropic spokesperson told TechCrunch that Claude paid subscriptions have more than doubled this year. Indagari, a consumer transaction analysis firm, confirmed to TechCrunch that both new subscribers and returning users hit record numbers in February.
The growth drivers are a mix: Anthropic's Super Bowl ads mocking ChatGPT's decision to show ads, the very public DOD dispute where Anthropic refused to allow lethal autonomous operations or mass surveillance, and strong product launches including Claude Code and Claude Cowork. It is worth noting that ChatGPT still dominates the broader market. Similarweb reported 250.5 million daily active users for ChatGPT on March 2, per TechCrunch. Claude's surge is real, but the gap remains enormous.
The leaked CEO summit details add another layer. Anthropic is planning an invite-only retreat for European corporate leaders with CEO Dario Amodei in attendance, part of the company's push into enterprise sales. Consumer momentum and enterprise outreach running in parallel suggests Anthropic is trying to convert developer enthusiasm into corporate contracts.
What we don't know yet
- The leaked draft says "dramatically higher scores" but names no specific benchmarks, no version numbers, no methodology. Until Anthropic publishes actual evaluation data, "dramatically higher" is a marketing claim, not a technical one.
- The draft says the model is expensive. How expensive? Will it be API-only, or will Pro/Team subscribers get access? No pricing details exist yet.
- Anthropic claims Mythos is "far ahead of any other AI model in cyber capabilities." That is a strong claim from an internal draft, not a peer-reviewed evaluation. We need independent red-team results before treating it as established fact.
What this means for builders
If you are building on Claude's API, the immediate takeaway is that your current Opus workflows are not going anywhere. Capybara is positioned above Opus, not as a replacement. The early access focus on cybersecurity suggests general availability is months away, not weeks.
The more interesting signal is structural. Both Anthropic and OpenAI are now building models they consider too capable for unrestricted release, models that require careful rollout strategies and security-first access tiers. Anthropic's own safety team has warned that the regulatory framework to handle this does not exist yet.
For the foundation model market, Mythos confirms that the capability ceiling is still rising. The question is whether the next generation of competition happens on raw capability, which is what Capybara targets, or on cost-efficiency and reliability at the Sonnet/Haiku tier where most production workloads actually run. Anthropic is betting it can do both. The leak just told us about the first part earlier than planned.
Kai Nakamura covers AI for The Daily Vibe.
