The AI That Finds Zero-Days Just Leaked Itself

Anthropic said it built the most capable cybersecurity AI ever made. Then it said it was releasing it to the good guys first.

That is the actual story here, and it deserves more than a rewrite of the press release. The model is called Claude Mythos — internally codenamed Capybara, according to a cached draft blog post that briefly appeared on Anthropic's website before a misconfigured content management system made it publicly accessible. The company confirmed the draft was real to Fortune reporter Bea Nolan, who first discovered and reported the existence of the post. Anthropic attributed the leak to human error in the configuration of its CMS.

What the draft said, and what Anthropic confirmed to Fortune on March 26, is that the model represents what the company called a "step change" in capabilities — and what a spokesperson described as the most capable system Anthropic has built to date. The model is a new tier above the Claude 3 Opus series, which had been Anthropic's flagship for general intelligence. In cyber specifically, Anthropic said the model is "currently far ahead of any other AI model in capabilities." That is not a hedge. That is a claim.

Here is the part that sits uneasily: Anthropic also said the model "presages an upcoming wave of models that can exploit vulnerabilities in ways that far outpace the efforts of defenders," according to Fortune's reporting. Meaning: the offense-dominant future is coming regardless. Their answer is to give defensive organizations early access so they can get a head start hardening their codebases before the wave arrives.

"We are releasing it in early access to organizations, giving them a head start in improving the robustness of their codebases against the impending wave of AI-driven exploits," Anthropic told Fortune. Early access customers — organizations Anthropic is not publicly naming — are already testing it in offensive security, general reasoning, and coding tasks, according to the company.

Anthropic confirmed it was testing what it called its most powerful AI yet, according to India Today, after the data leak revealed the existence of the model and raised concerns about severe cybersecurity risks.

The financial markets did not wait to evaluate the ethics. Cybersecurity stocks fell on March 27 following the announcement, as Investing.com reported. Investors read the announcement as evidence that AI-driven vulnerability discovery is about to become commodity-priced — and that established security vendors are exposed.

There is a coherent logic to what Anthropic is doing. If the offense-dominant future is genuinely arriving, then whoever builds the best offensive tool and releases it to defenders first shapes how that future gets contained. Early access is a form of institutional adoption before the category gets regulated, crowded, or stigmatized by a high-profile misuse incident. It is also, not incidentally, a very effective sales and partnership strategy.

But the coherence of the logic does not resolve the tension underneath it. Anthropic is simultaneously the lab that built the most capable offensive cyber tool in existence and the lab telling the world it is the only entity trusted to manage the defensive release. That framing deserves scrutiny, especially from anyone who has been following Anthropic's running conflict with the Pentagon over restrictions on lethal autonomous weapons and mass surveillance uses of its models. The same company that refused the Department of War's demands in February — and got formally designated as a supply chain risk as a result — is now asking critical infrastructure operators and government agencies to bet their security posture on Claude Mythos.

There are open questions that will take time and incident-free observation to answer. Whether early access actually gives defenders enough lead time to matter is unknown. Whether the model is genuinely as far ahead of competitors as Anthropic claims will eventually be tested in public red teaming, if Anthropic allows it. And whether the company that built the offense can credibly be the steward of the defense is a governance question that goes well beyond one blog post.

Firstpost reported that the leak revealed a powerful new AI model with serious cyber risks, while Techzine Global noted that details on the step-change model had leaked.

The leak was an accident. The bet Anthropic is making with the release strategy is not.