Late March 2026, Anthropic experienced what can happen to any fast-growing company: a misconfigured content management system made around 3,000 internal documents publicly accessible. Among them: drafts of internal blog posts, red-teaming reports, deployment plans.
And the name of a model nobody had talked about publicly.
Claude Mythos. Also referred to internally as Capybara.
Anthropic confirmed the leak to Fortune — and said more than you’d expect from a company doing damage control. The model exists. It’s being tested. And it is, in Anthropic’s own words, “the most capable model we’ve ever built.”
Mythos vs. Capybara: The Name Question First
The public confusion around the two names is understandable. Anthropic apparently used both internally — “Mythos” as the primary name, “Capybara” as a codename or alternative designation for a sub-architecture.
The exact distinction hasn’t been clarified publicly. What the sources describe:
- Claude Mythos: The actual model. A new performance tier above the current Opus line. The hierarchy would then read: Haiku → Sonnet → Opus → Mythos.
- Capybara: Possibly refers to a specific architectural property — persistent memory and cross-session coordination. Whether that’s a standalone model or a feature set within Mythos remains open.
For this article, I’m treating both as related information from the same leak context.
The Benchmarks: What Got Leaked
This is where the numbers get interesting. The leaked drafts show a comparison between Claude Opus 4.6 and Mythos on the key benchmarks:
SWE-bench Verified — measures real GitHub issue resolution in actual codebases, not constructed toy problems:
- Opus 4.6: low-to-mid 70s
- Mythos: mid-to-high 80s — roughly 12 to 15 percentage points higher
That might sound like a normal improvement. It isn’t. SWE-bench is notoriously hard to move because it reflects real software engineering problems. Jumps between previous model generations typically landed in the single digits.
GPQA Diamond — graduate-level reasoning in biology, chemistry, physics:
- Opus 4.6: mid-to-upper 70s
- Mythos: low-to-mid 80s
Until now, all frontier models have clustered relatively tightly on GPQA Diamond. Mythos breaks out of that cluster.
Terminal-Bench 2.0 — autonomous terminal tasks, complex shell workflows:
- Mythos: over 70 percent — a score no other model has reached
Cybersecurity benchmarks: This is where the picture is clearest — and most sensitive. According to the leaked documents, Mythos is “currently far superior to any other AI model in cyber capabilities.”
The Cybersecurity Problem
This is the part that likely explains why Anthropic is handling the rollout with unusual caution.
Internal red-teaming reports classify Mythos as an “unprecedented cybersecurity risk.” The model can apparently discover and exploit zero-day vulnerabilities with a level of sophistication no previous model reaches.
To put that in context: current frontier models could help with CTF challenges, recognize basic exploit patterns, and identify straightforward security flaws in code. Useful for defenders, but not a qualitative shift in the threat landscape.
What Anthropic describes about Mythos is something different. The company frames it this way: they expect “a coming wave of models that can exploit vulnerabilities in ways that far exceed the efforts of defenders.”
That’s a remarkably direct statement for a company in the middle of a data leak incident.
The consequence for the rollout:
- Initial access exclusively for customers in cyber defense
- Gradual API expansion, no immediate public availability
- No general access at this point
From where I sit, that’s the right call — even if it means commercial pressure. Handing a model that can operate at this level of zero-day exploitation to arbitrary API customers, before defenders have caught up, would be reckless.
Capybara as an Architecture Shift: Persistent Memory and Execution Loop
The second part of the leak — the features described as “Capybara” — is at least as interesting conceptually as the benchmark numbers.
What’s described is a paradigm shift in how LLM agents operate.
Current model: Interaction loop. Each session starts fresh. Context has to be rebuilt manually. The agent “knows” nothing after a conversation ends.
Capybara architecture: Execution loop. Persistent memory across sessions. The agent coordinates workflows over time — not over individual prompts. Goals persist without the human starting from scratch every session.
That sounds abstract. Concretely, it means:
An agent coordinating a software delivery process would remember: “This ticket has technical dependency X. Last time I found that team Y is needed for it. And the deployment slot is Thursday.” — Without the user having to bring that up every time.
That’s the difference between an assistant that responds and an assistant that plans.
Claude Code 2.1.76: The Autonomous Developer Agent
Alongside the Mythos leak, something else came out: details about Claude Code 2.1.76 — and they read like a quiet revolution for developer workflows.
The new features:
/loopcommand: Persistent background task execution. Claude keeps working even when the user isn’t actively in the chat.- Computer Use & Remote Control: Direct desktop interaction on Mac. Claude can operate GUIs, not just the terminal.
- Mobile Remote Management: Control via browser or smartphone. Monitor and steer a running agent on the go.
- Voice Mode: 20 languages, hands-free pair programming.
The /loop command is the most significant. It turns Claude Code from an autocomplete assistant into an agent that autonomously works through tasks in the background — and asks questions when it gets stuck.
Combined with the Capybara memory architecture, the result is a system that remembers not just the current task, but the project history.
What This Means for Enterprise Use
I build AI automation for enterprise clients. What interests me most about this leak isn’t the benchmark numbers — it’s the system architecture.
Agentic workflows become more stable. The current problem with multi-step agents is drift: the longer an agent runs, the more it deviates from the original goal. Persistent memory and cross-session coordination address exactly that.
Codebase analysis at a new level. SWE-bench in the mid-to-high 80s means Mythos can solve real engineering problems in actual codebases at a level that currently requires junior engineers. That changes how you build code review pipelines, technical debt tracking, and automated refactoring workflows.
Security tooling gets more powerful — on both sides. A model that understands zero-day exploits at Mythos’s level is an enormous tool for defensive security teams. Automated vulnerability analysis, threat modeling, penetration test assistance — all of that gets qualitatively better. The other side of that coin is what Anthropic found in red-teaming.
My Assessment
Anthropic lost control of the narrative with this leak — and in their own response showed more transparency than most companies would in this situation. That deserves acknowledgment.
The technical details are real. SWE-bench in the high 80s isn’t marketing; those are verifiable numbers on a standardized benchmark. Anthropic keeping the model behind a controlled early-access gate, rather than rolling it out immediately, is the right decision given the cybersecurity implications.
What concerns me: the gap between what the model can do and what defenders are prepared for is widening. Anthropic names that themselves. The question is whether the industry — companies, security teams, regulators — catches up fast enough.
For enterprise clients building AI strategy now: anyone designing automation systems on top of Opus 4.6 today should have Mythos in the architecture backlog. Not because you can deploy it today. But because the system boundaries you draw now determine how easy or hard the upgrade will be in 12 months.
Planning AI automation in your organization and want to know how to position yourself correctly today? Let’s talk.