When AI Becomes the Hacker: What the Anthropic Mythos Leak Means for National Security

Imagine a hacker who never sleeps, never makes mistakes, and can simultaneously scan thousands of computer systems for weaknesses in the time it takes a human analyst to pour a cup of coffee. That hacker is no longer science fiction. According to documents accidentally leaked by one of the world's leading artificial intelligence companies, that level of AI-driven cyber capability is already here and is about to become significantly more powerful.

The leak in question involves Anthropic, the American AI safety company behind the Claude family of AI models. In late March 2026, nearly 3,000 internal documents, including a draft blog post, were inadvertently left in a publicly accessible online data store due to a configuration error. What those documents revealed sent shockwaves through cybersecurity circles, government corridors, and financial markets alike.

What Was Leaked and Why It Matters

The leaked documents described a new, unreleased Anthropic AI model known internally as Claude Mythos, also referred to as Capybara. According to Anthropic's own draft language, Mythos is "currently far ahead of any other AI model in cyber capabilities" and warns of "an upcoming wave of models that can exploit vulnerabilities in ways that far outpace the efforts of defenders."

In plain terms, this model can find and exploit weaknesses in software systems faster and more efficiently than the best human hackers alive today. Anthropic confirmed the model exists, describing it as a "step change" in AI performance, and disclosed that it is already being quietly tested with a small group of early-access customers focused on cyber defense.

To make matters more complicated, the Mythos leak was followed days later by a second accidental exposure, this time involving the source code of Anthropic's widely used Claude Code software development tool, approximately 500,000 lines of code spread across nearly 1,900 files.

AI Weaponized: It Is Already Happening

For practitioners who may wonder whether AI-driven cyberattacks are a future concern or a present one, the answer is clear: they are already here.

• A hacker recently used Claude, alongside Chinese-made DeepSeek, to build attack infrastructure targeting hundreds of victims simultaneously.

• In February 2026, a separate attacker used Claude to breach Mexican government systems, stealing tax and voter data.

• Chinese state-sponsored actors have already attempted to exploit Claude Code to penetrate roughly 30 organizations before Anthropic disrupted the campaign.

What Mythos represents is not the beginning of this threat. It is a dramatic acceleration of it.

The Agentic Threat: One AI Agent, Hundreds of Human Hackers

The most significant shift brought by models like Mythos is the rise of what security experts call agentic AI, meaning AI systems capable of carrying out multi-step tasks independently, without human instruction at every stage.

A single agentic AI system can theoretically:

• Scan an entire organization's network for vulnerabilities around the clock

• Develop custom exploit code targeting those weaknesses

• Launch coordinated attacks across multiple systems simultaneously

• Adapt its approach in real time when defensive measures are detected

As Shlomo Kramer, CEO of cybersecurity firm Cato Networks, put it directly: "The agentic attackers are coming." OpenAI has separately confirmed that its own forthcoming models, including one codenamed Spud, carry similarly elevated cybersecurity risk ratings.

What This Means for You and Your Organization

The Anthropic Mythos story is not just a technology headline. It is a national security signal. Anthropic is already privately briefing senior government officials about the threat of large-scale AI-enabled cyberattacks in 2026. Cybersecurity stock valuations fell sharply following the leak. The intelligence community is watching closely.

For military and law enforcement professionals, the message is clear: adversaries with access to frontier AI models gain capabilities previously available only to the most sophisticated nation-state cyber units. For policymakers, the Mythos disclosure strengthens the urgency of AI governance frameworks like the Texas Responsible AI Governance Act. For enterprise security teams, the window to harden systems before these models reach general availability is narrowing.

At OGUN Security Research and Strategic Consulting LLC, we help organizations across the public and private sectors understand, assess, and respond to exactly these kinds of emerging AI and cybersecurity threats. Whether you need a threat briefing, a risk assessment, or strategic advisory support, our team is ready to assist.

Visit us at www.ogunsecurity.com to learn more or schedule a consultation.

If you found this article valuable, please share it with your network and subscribe to the OSRS email list for expert analysis delivered directly to your inbox. Follow us on Google News, Twitter, and LinkedIn for more exclusive cybersecurity insights and intelligence updates.

AUTHOR BIO: Dr. Sunday Oludare Ogunlana is Founder and CEO of OSRS, a Professor of Cybersecurity, and a national security scholar who advises global intelligence and policy bodies on AI threats and emerging cyber risks.