The company that invests more in AI safety than anyone just leaked its own secrets through a misconfigured blog.

Not a metaphor. On March 26, 2026, security researchers discovered that Anthropic had ~3,000 unpublished internal documents — blog drafts, PDFs, details of an exclusive CEO event — sitting in a public, searchable data store. Among those documents: the full description of Claude Mythos, a model Anthropic calls “a step change” in capabilities and “the most capable we’ve built to date.”

Researchers Roy Paz from LayerX Security and Alexandre Pauwels from the University of Cambridge found the exposed data store. Fortune reviewed the documents and notified Anthropic, which restricted access and attributed the incident to “human error” in its CMS configuration.

As Futurism put it: “Let’s hope the new model wasn’t responsible for the security of Anthropic’s company blog.”

What Claude Mythos is and why it matters

According to the leaked documents, Claude Mythos — internal codename “Capybara” — is a new model tier above Opus. Anthropic describes it as “larger and more intelligent than our Opus models, which were, until now, our most powerful.” Compared to Claude Opus 4.6, Mythos scores “dramatically higher” on tests of software coding, academic reasoning, and cybersecurity.

The detail that moved markets: Anthropic’s own internal documents warn that the model is “currently far ahead of any other AI model in cyber capabilities” and “presages an upcoming wave of models that can exploit vulnerabilities in ways that far outpace the efforts of defenders.”

This is a model that can find unknown vulnerabilities in production code. It can also exploit them. That duality isn’t new in security tooling — it’s what we addressed in our analysis of AI code security. What’s new is the scale: an order of magnitude more powerful than any prior model, according to Stifel analyst Adam Borg.

Anthropic plans to give access to cyber defense organizations first, before broader availability. The model is “very expensive” to serve and will require efficiency improvements before a general release.

Six weeks that changed the trust equation

The leak didn’t happen in isolation. Put it in sequence:

February 9, 2026. Mrinank Sharma, Anthropic’s head of safeguards research, resigns. He publishes an open letter saying “the world is in peril” and that he repeatedly saw how difficult it is for Anthropic to let its values govern its actions in practice.

February 24, 2026. Anthropic publishes version 3.0 of its Responsible Scaling Policy. The main change: it removes the commitment to pause model training if capabilities outstrip safety controls. The previous policy stated that the inability to demonstrate adequate safeguards was, by itself, sufficient to halt development. The new version replaces that condition with a dual requirement: both leadership in the AI race and material catastrophic risk. Time covered it as the abandonment of Anthropic’s most visible safety pledge.

March 26, 2026. They leak ~3,000 internal documents through a CMS error.

Each event, separately, has a reasonable explanation. Sharma had legitimate differences in judgment. The RSP v3.0 reflects competitive reality (if Anthropic pauses and OpenAI doesn’t, the net effect on global risk is debatable). The leak was an operational mistake.

But if you’re a B2B buyer relying on Anthropic as an AI vendor, the full sequence forces a question: how well is my vendor’s internal security and governance machinery actually working? Not as a theoretical exercise — as a real risk assessment.

What the market already told you

The market processed the signal before most IT teams did. On March 27, per Investing.com:

Stock	Drop
CrowdStrike (CRWD)	-7%
Palo Alto Networks (PANW)	-6%
Zscaler (ZS)	-4.5%
Okta (OKTA)	-3%
SentinelOne (S)	-3%
Fortinet (FTNT)	-3%
Tenable (TENB)	-9%

Nasdaq fell 2.15%. S&P 500 dropped 1.67%.

Why did cybersecurity stocks drop and not Anthropic’s (which is private)? Because the market read the correct implication: if models like Mythos can find and exploit vulnerabilities faster than defenders can patch them, companies whose business depends on known signatures, vulnerability databases, and prior threat intelligence telemetry face real pressure. Raymond James analyst Adam Tindle described it exactly that way.

Adam Borg at Stifel was more blunt: the model could be “the ultimate hacking tool” that turns ordinary attackers into nation-state-level threats.

This isn’t isolated speculation. In September 2025, Anthropic detected and documented the first large-scale AI-orchestrated cyber-espionage campaign: a Chinese state-linked group (designated GTG-1002) used Claude Code to automate attacks against ~30 global organizations, completing 80-90% of the campaign with human intervention at only 4-6 decision points. The AI wasn’t the advisor — it was the operator.

What this means for your enterprise AI strategy

I want to be direct: this is not an argument to stop using Claude. At IQ Source we use Claude every day. We implement Claude-based solutions for our clients. It’s an excellent model.

But the model’s quality doesn’t exempt you from evaluating the vendor as an organization. Those are two different things.

If your company uses Claude — or any AI model — in production, the Mythos leak gives you three concrete tasks:

Revisit your vendor evaluation. Five weeks ago we published a 12-question framework for evaluating AI vendors. The question that was missing — and that you now need to add — is about the vendor’s operational security track record. Not just their certifications (SOC 2, ISO 27001), but their actual history: have they had incidents? How did they respond? How long did it take?

Check your contract. Does it include incident notification clauses? With what SLA? What happens to your data if the vendor suffers a breach? Who covers remediation costs? Most AI-as-a-service contracts don’t cover these scenarios with the specificity you need.

Document your contingency plan. If tomorrow your AI vendor has an incident that undermines trust — as just happened — what’s your playbook? Do you have data isolation per vendor? Can you migrate to an alternative model in days, not months? Three days ago we covered how the LiteLLM attack broke trust chains at the dependency level. Now the question moves up a level: what happens when it’s the vendor itself?

Why we still work with Claude

It might seem contradictory: we write a post about Anthropic’s leak and remain Claude integrators. It’s not.

Sophisticated buyers don’t pick the vendor that’s never had an incident — because that vendor doesn’t exist. They pick the one with a clear response process. Anthropic acknowledged the problem, restricted access, and publicly attributed it to human error. They didn’t minimize. They didn’t blame third parties.

The question isn’t whether to trust Anthropic. It’s what kind of trust you’re extending and what mechanisms you have when that trust gets tested.

At IQ Source we help companies build AI strategies that treat the vendor as a variable, not a constant. That means contracts with contingency clauses, architectures that don’t depend on a single vendor for everything, and periodic evaluations that go beyond model benchmarks.

Does your AI vendor contract include incident notification clauses? Do you have a documented plan for a scenario where your vendor suffers a breach? If you can’t answer both, let’s talk about your trust posture before it becomes urgent.