Anthropic Leak Exposes Claude Mythos and Thousands of Internal Assets
Anthropic confirmed that an internal data exposure revealed details about Claude Mythos, an unreleased AI model the company described in leaked draft materials as its most capable system to date. The leak surfaced through an unsecured, publicly searchable cache tied to a content management system misconfiguration, which reportedly failed to mark uploaded files as private before storing them in a publicly accessible data lake. Exposed materials included a draft blog post, PDFs, images, release-related content, and information about an exclusive CEO-level event.
Reports said the exposure involved nearly 3,000 unpublished assets and included internal language stating that Anthropic had assessed Claude Mythos as posing unprecedented cybersecurity risks. Anthropic said the model is real and is being tested by early-access customers, but it had not disclosed whether anyone beyond journalists accessed the data or what remediation steps were taken. The incident has intensified scrutiny of the company’s data governance, access controls, and broader safety claims around pre-deployment evaluation of advanced AI systems.

Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
4 events from the most recent confirmed update back to the earliest known activity.
Anthropic restricts Claude Mythos to 40 security organizations
Anthropic said it would not release Claude Mythos to the general public and instead limit access through Project Glasswing to 40 organizations for defensive cybersecurity work. The company cited Mythos's unusually strong vulnerability discovery and exploitation capabilities, and said participants would analyze their own systems and relevant open-source software and share findings with industry.
Claude Code npm update exposes source map and full codebase archive
In a separate Anthropic exposure, a Claude Code npm package update accidentally included a source map that pointed to a cloud-hosted zip archive containing the full Claude Code codebase. The archive was quickly discovered and mirrored online, expanding scrutiny of Anthropic's internal release and development pipeline security.
Anthropic confirms Claude Mythos leak and early testing status
After the exposure was reported, Anthropic confirmed the accidental leak and acknowledged that Claude Mythos exists, describing it as its most capable model to date. The company said the model was being tested by early access customers and that the leaked draft materials characterized it as posing unprecedented cybersecurity risks in internal assessments.
Anthropic accidentally exposes internal Claude Mythos materials
Anthropic inadvertently left internal assets related to its unreleased Claude Mythos model publicly accessible due to a content management system configuration issue that failed to mark uploaded items as private. The exposure reportedly included nearly 3,000 unpublished assets, including draft posts, PDFs, images, and details about an exclusive CEO event.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
7 references tracked. Mallory keeps watching after this page renders.
La IA m�s avanzada de Anthropic es tan peligrosa que, de momento, s�lo lo podr�n usar 40 organizaciones de seguridad | Tecnolog�a
elmundo.es
Open sourceYour AI Vendor's Worst Enemy Is Its Own Development Pipeline
bankinfosecurity.com
Open sourceYour AI Vendor's Worst Enemy Is Its Own Development Pipeline
govinfosecurity.com
Open sourceLeak reveals Anthropic’s ‘Mythos,’ a powerful AI model aimed at cybersecurity use cases | InfoWorld
infoworld.com
Open sourceHere's what next as Anthropic's most powerful AI model leaked via unsecured data cache
coindesk.com
Open sourceMeet Claude Mythos: Leaked Anthropic post reveals the powerful upcoming model - DataBreaches.Net
databreaches.net
Open sourceAnthropic's Leaked Drafts Expose Powerful New AI Model "Claude Mythos"
cybersecuritynews.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.


