Anthropic leak reveals offensive capabilities of AI model designed for cybersecurity. Beyond the incident, the entire governance of AI uses must be rethought.
On March 27, a simple configuration error exposed Anthropic’s future AI model, Claude Mythos. This spectacular leak reminds us of the immense responsibility of the designers of so-called “border” models.
The cause of this leak? A trivial human error within Anthropic’s content management system that made accessible an unencrypted, publicly indexable data repository containing nearly 3,000 confidential digital assets.
Anatomy of a leak
Revealed by Fortune magazine, this leak provides access to the technical specifications and internal evaluations of Claude Mythos, the first model in a new line called “Capybara”. This code name, chosen by Anthropic engineers, evokes the “deep connective tissues” that link knowledge and ideas.”
The company, built on a positioning of security and AI alignment, therefore sees Claude Opus 4.6, its most sensitive model, leak, not due to sophisticated hacking but to a simple misconfiguration in a CMS (Content Management System).
Claude Mythos: an AI model tailored for cyber
Until now, Claude Opus 4.6 was considered the best performing model on the market, excelling in agentic coding and advanced reasoning. And yet, Mythos already outperforms its predecessor on almost every key metric, including in the areas of software coding, academic reasoning, and, most critically, cybersecurity-related tasks.
Claude Mythos is distinguished by a massive architecture and extreme computational requirements that are difficult to scale on a large scale, which makes it particularly expensive to operate. This computational intensity explains why Anthropic favored a gradual deployment strategy, via the Claude API, first in a restricted circle of customers specializing in cyber defense.
The model is able to map entire code bases, understand complex interactions between components, and identify logical vulnerabilities that traditional static security testing (SAST) tools cannot detect. Anthropic claims that they are “significantly superior” to the state of the art, especially for critical tasks, without however publishing detailed scores.
Performances as remarkable as they are worrying
Claude Mythos integrates significantly improved long-term planning mechanisms: it can execute tasks over several days without loss of context, with operational continuity in complex environments. Concretely, it can methodically explore a network over time, wait for opportunities for lateral movement and stealthily exfiltrate data. Its operational behavior is similar to that of a team of experienced hackers.
The most worrying aspect is its “recursive self-fixing” capability: this functionality allows it to identify and correct errors itself in its own operating code or in the infrastructure it manages. In other words, a cyber agent controlled by Claude Mythos could self-optimize during an attack, by correcting script errors or adapting its payload in real time to bypass detected protections.
This machine speed reduces the window of opportunity for defenders who must now respond to intrusions occurring in minutes rather than days. If AI can automate “red-teaming” (simulated attacks) continuously, it allows companies to discover their vulnerabilities before the attackers. But this technology also allows malicious actors to act almost autonomously with a high level of competence.
This leak raises the question of how quickly these attack capabilities will spread. To face this, companies must no longer consider cybersecurity as a simple cost center but as a strategic function, also boosted by AI to be able to keep pace with attackers and continuously test its own defenses.
The leak of Claude Mythos is a warning: border models are not a simple subject of innovation, but an issue of sovereignty, governance and chain of responsibility, for companies and for public authorities.
