Anthropic’s most dangerous AI model just fell into the wrong hands - The Verge

Detailed Analysis

Anthropic suffered a significant data exposure incident in late March 2026 when a configuration error on its website left nearly 3,000 unpublished assets — including documents, images, and PDFs — publicly accessible without authentication. The leak, first uncovered by Fortune journalist Bea Nolan on March 27, 2026, originated from Anthropic's content management system, which had been intended to serve early access customers but was inadvertently left open to the public. The exposed materials revealed substantial details about an unannounced AI model called Claude Mythos, described internally as part of Anthropic's "Capybara" model tier. Anthropic moved quickly to remove the assets after discovery and publicly acknowledged the incident, confirming that Mythos represents its most capable model to date.

The leaked internal documents portray Claude Mythos as a meaningful leap forward in AI capability, particularly in domains with acute dual-use risk. Anthropic's own drafts describe the model as a "step change" in performance, with exceptional proficiency in academic reasoning and, critically, in identifying and exploiting software vulnerabilities at a level that surpasses all prior models in the company's lineup. The company's internal risk assessments are notably candid, warning of "unprecedented cybersecurity risks" and acknowledging that the model's capabilities could theoretically enable large-scale cyberattacks if accessed by malicious actors. These concerns prompted Anthropic to conduct only cautious, limited external testing following training, and to emphasize the model's defensive utility for cybersecurity firms as the intended primary application.

Despite the alarming framing that accompanied early coverage — including The Verge's suggestion that the model "fell into the wrong hands" — the available evidence indicates that no adversarial actors obtained the model itself or its weights. What was exposed were unpublished preview documents and marketing assets describing the model's capabilities, not the model architecture or training data. Anthropic's prompt response in taking down the assets appears to have limited the practical damage of the exposure. Nevertheless, the incident raises real questions about operational security practices at a company that routinely positions itself as a safety-first organization. Publicly disclosing, even inadvertently, that a model can enable large-scale cyberattacks introduces its own risks by providing a detailed capability roadmap to sophisticated threat actors who might seek to replicate or probe similar systems.

The Mythos leak sits within a broader and accelerating trend of frontier AI developers grappling with the dual-use implications of increasingly powerful models. Anthropic's own internal language — describing the need to prepare for potential misuse by threat actors — reflects a growing industry norm of proactive "responsible scaling" rhetoric, which companies like Anthropic, OpenAI, and Google DeepMind have embedded into their public safety frameworks. However, this incident illustrates a tension at the heart of that posture: companies must market and communicate their most powerful capabilities to attract enterprise customers and investment, yet doing so, even prematurely through accidental leaks, can itself constitute a security risk. The concurrent news that a U.S. judge blocked the Pentagon's attempt to label Anthropic a supply-chain risk adds further complexity to the company's regulatory and national security profile, suggesting that government scrutiny of frontier AI developers is intensifying even as those developers work to position themselves as trusted partners in sensitive domains.

The incident also underscores why cybersecurity has emerged as the central flashpoint in debates over advanced AI capabilities. Unlike risks related to disinformation or labor displacement, cyberattack enablement represents a threat vector with potentially immediate, catastrophic, and attributable consequences — making it a particularly sensitive area for both regulators and the public. As models like Mythos approach or exceed human expert performance in vulnerability exploitation, the pressure on AI labs to demonstrate robust internal controls, responsible disclosure practices, and credible deployment safeguards will only intensify. Anthropic's accidental self-disclosure, however inadvertent, may ultimately accelerate that reckoning.