Claude Mythos (Opus 5) Leaked: What We Know So Far

Anthropic’s most powerful AI model yet has been revealed — not through a launch event, but through a data leak. Internal documents describing Claude Mythos (internally codenamed “Capybara”) were exposed after a configuration error in Anthropic’s content management system left nearly 3,000 files publicly accessible without authentication.

Here’s what we know, what’s still unconfirmed, and why it matters.

What Happened

In late March 2026, a security researcher discovered that a misconfigured data store on Anthropic’s infrastructure was exposing internal documents — draft blog posts, PDFs, images, and internal memos — to the public internet. Anthropic quickly locked down access after being notified, but not before the documents spread across security forums and social media.

Anthropic has since confirmed that the leak is real. A spokesperson acknowledged that the company has completed training on a model called Claude Mythos and is trialing it with early access customers, calling it “a step change” in AI performance and “the most capable we’ve built to date.”

What Is Claude Mythos?

According to the leaked documents, Claude Mythos sits above the current Opus tier — a new class of model entirely, not just another version bump. While the internet has been calling it “Opus 5,” the internal positioning suggests Mythos is meant to be a separate, higher tier.

The key claims from the leaked materials:

Coding and Reasoning

Mythos reportedly delivers major performance gains over Claude Opus 4.6 across coding benchmarks and academic reasoning tasks. Given that Opus 4.6 already leads on SWE-bench Verified (~80.8%), Terminal-Bench 2.0, and Humanity’s Last Exam, the implication is that Mythos pushes these numbers significantly higher.

Cybersecurity Capabilities

This is the most alarming part of the leak. Internal documents describe Mythos as “currently far ahead of any other AI model in cyber capabilities” — capable of discovering and exploiting software vulnerabilities at speeds that far outpace human defenders.

The documents reportedly warn that Mythos “presages an upcoming wave of models that can exploit vulnerabilities in ways that far outpace the efforts of defenders” — a remarkably candid assessment from the company building the model.

Chinese State-Sponsored Exploitation

Perhaps the most explosive claim: Anthropic reportedly discovered that a Chinese state-sponsored group had been running a coordinated campaign using Claude Code to infiltrate approximately 30 organizations, including tech companies, financial institutions, and government agencies. Anthropic detected and shut down the campaign, but the incident appears to have influenced the cautious rollout strategy for Mythos.

Market Impact

The leak had immediate financial consequences. Concerns about AI-powered cyber threats triggered a sell-off in U.S. software and cybersecurity stocks. The risk-off sentiment spilled into crypto markets, with Bitcoin dropping to $66,000. Japanese media reported extensively on the national security implications of the leak.

What’s Still Unconfirmed

Despite the leak and Anthropic’s partial confirmation, several key questions remain:

• Benchmark numbers. No specific scores have been published. Claims about Mythos dominating every benchmark are based on leaked internal descriptions, not verified third-party evaluations.
• Pricing and availability. No information about API pricing, context window size, or general availability timeline.
• “Opus 5” naming. The community has been calling it “Opus 5” or “Claude 5,” but the leaked documents position Mythos as a new tier above Opus, not a direct successor. The final naming is unknown.
• UI sightings. Some users report seeing “Mythos 5 (experimental)” in the Claude interface and “Larger and more intelligent” descriptions. These could be limited A/B tests, internal testing artifacts, or fabricated screenshots. No widespread confirmation exists.

Anthropic’s Rollout Strategy

Based on the leaked documents and Anthropic’s public statements, the rollout will be deliberately cautious:

1. Select cybersecurity partners first. The initial access group is focused on security researchers and defenders — the goal is to prepare defenses before the model’s offensive capabilities become widely available.
2. Staged expansion. Broader access will follow, presumably through the API and Claude Pro/Team/Enterprise plans.
3. No public launch date. Anthropic has not committed to a timeline.

This approach mirrors how Anthropic handled previous releases where safety concerns were elevated — slow, controlled, with defensive use cases prioritized.

What This Means

Whether you call it Opus 5, Mythos, or Capybara, the implications are significant:

For developers: A model that meaningfully surpasses Opus 4.6 in coding would be a major tool for software development, debugging, and agentic workflows. The question is when it becomes available and at what price.

For cybersecurity: The leaked documents paint a picture of an AI model that can find and exploit vulnerabilities faster than humans can patch them. If accurate, this shifts the cybersecurity landscape fundamentally — defenders will need AI-powered tools just to keep pace.

For AI safety: Anthropic publicly acknowledging that its own model poses risks to cyber defense is notable. The cautious rollout suggests the company takes its Responsible Scaling Policy seriously, but it also raises questions about whether any staged release can truly contain capabilities once they’re deployed.

For the industry: If Mythos delivers on the claims in the leaked documents, it sets a new bar for frontier AI models. Competitors will need to respond — and the cybersecurity implications will likely accelerate regulatory conversations.

The Bottom Line

The Claude Mythos leak is real. Anthropic has confirmed the model exists and that it represents a significant capability jump. But the details — benchmarks, pricing, availability, exact capabilities — remain unverified beyond what was in the leaked internal documents.

For now, what we have is: a confirmed next-generation model from Anthropic, internal documents suggesting unprecedented capabilities (especially in cybersecurity), a cautious rollout plan, and a lot of speculation filling the gaps.

We’ll update this article as Anthropic makes official announcements. In the meantime, Claude Opus 4.6 and Sonnet 4.6 remain the most capable publicly available Claude models — and they’re already remarkably powerful for coding, reasoning, and complex tasks.