On Thursday, a Fortune reporter discovered that Anthropic had misconfigured their content management system. Nearly 3,000 internal files had been set to public by default. Anyone who looked could read them.

Inside those files was a draft blog post for a model called Claude Mythos. In the draft, Anthropic described it as "by far the most powerful AI model we've ever developed." They called it "a step change." A new tier above Opus, which was until now their most capable model.

Anthropic confirmed it was real. The leak, they said, was human error.

The leaked draft described Mythos in terms that Anthropic has never used publicly for any previous model. Not an improvement. Not a meaningful update. A step change.

Dramatically higher scores than Claude Opus 4.6 in software coding, academic reasoning, and cybersecurity. A new internal tier called Capybara, sitting above the entire existing model family. An invite-only CEO summit in the UK where Mythos was going to be demonstrated to a small group before any public announcement.

Anthropic's official statement after the leak matched the draft closely: "We're developing a general purpose model with meaningful advances in reasoning, coding, and cybersecurity. We consider this model a step change and the most capable we've built to date."

They are testing it right now with a small group of early access customers. It is not publicly available. The reason it is not publicly available is the part that moved markets.

The leaked documents described Claude Mythos as "currently far ahead of any other AI model in cyber capabilities."

It can identify previously unknown vulnerabilities in production codebases. Automatically. That means it can find security holes in real software that human researchers have not found yet.

Anthropic's own draft warned that Mythos would trigger "an upcoming wave of models that can exploit vulnerabilities in ways that far outpace the efforts of defenders."

Read that carefully. They are not describing a theoretical future risk. They are describing what their own model can do, and warning that what comes after it will be worse.

This is not hypothetical. A Chinese state-sponsored hacking group has already used Claude Code, a significantly less capable model, to breach over 30 technology, financial, and government organizations. Mythos is more capable than Claude Code in every way the draft describes.

Cybersecurity stocks collapsed on the news. CrowdStrike fell 7 percent. Palo Alto fell 6 percent. The Nasdaq dropped more than 2 percent. The market read was straightforward: if AI just became the world's most effective hacking tool, the entire business model of cybersecurity is in trouble. The cost of attacking gets cheap. The cost of defending stays expensive.

Anthropic's plan, as described in the leaked documents, is to give cyber defenders early access first.

The logic: defenders need time to use Mythos to find and fix their own vulnerabilities before attackers can use Mythos-level capabilities against them. Give the shield to the people who need it, then release the sword.

This is a reasonable position. It is also an admission that Anthropic has built something they believe is genuinely dangerous in the wrong hands.

The model is also expensive to run. That buys time. When inference costs fall, as they always do, the cost barrier disappears and the question of access becomes much harder to manage.

Anthropic said human error. The CMS defaulted to public. Somebody forgot to change the setting. It happens.

Except Anthropic is a company that builds AI safety systems. Their entire value proposition to enterprise and government customers rests on taking security seriously. A misconfiguration that exposes 3,000 files, including a full draft announcement for their most sensitive unreleased model, is a notable failure for a safety-focused AI lab.

The leak landed days before an invite-only CEO summit where Mythos was being shown for the first time. The draft was polished enough to be a final version. The story generated exactly the kind of coverage that turns a model launch into a cultural event: the most powerful AI ever built, too dangerous to release, accidentally revealed before its time.

Whether it was accidental or deliberate, the effect is the same. Everyone knows Mythos exists. Everyone knows what it can do. The announcement is already out.

Anthropic is not the only lab preparing something this week.

OpenAI finished pretraining on their next major model, codenamed Spud, the same day the Mythos story broke. Sam Altman told staff it will be a "very strong model" arriving "in a few weeks." He described it as something that "can really accelerate the economy." He renamed the product division "AGI Deployment."

Two of the largest AI labs in the world are simultaneously preparing their biggest model releases in recent memory. Both are describing them as potential step changes. Both are being tested quietly before any public announcement. Both companies are restructuring their organizations around what comes next.

Grok 4.20, currently one of the most capable models publicly available, does not know about any of this. When asked about Claude Mythos directly via API, it responded: "I have no knowledge of any Claude Mythos model from Anthropic. This appears to be a rumor or hoax."

The story broke too recently for Grok's training data to include it. That gap between what the models know and what is actually happening is closing faster than anyone expected. Which is, more or less, exactly what Altman said in his memo: "Things are moving faster than many of us expected."