This week, the tech world is seeing big headlines about not one, but two groundbreaking models from two of the top AI companies – arguably, the two top AI companies, OpenAI and Anthropic. But only one of them reveals a boondoggle that shakes the trust of most humans-in-the-loop when it comes to deliberate, responsible rollouts.
OpenAI, having just shut down its Sora video gen model, is preparing to launch a new model called “Spud.” The Spud project seems to be progressing in a methodical, planned way, according to comments from Sam Altman.
Not so Anthropic’s Mythos model, built on prior iterations, that the company is calling the most powerful AI it has created to date. Specifically, multiple sources confirm that Mythos becoming accessible to the public was the result of a leak.
Managing the Content
Insiders note that the leak apparently had to do with a setting in the company’s Content Management System (CMS) that just left a whole bunch of important stuff public by mistake.
“The data leak included details about the upcoming release of the Claude Mythos AI model, an ‘exclusive CEO event,’ and other internal assets such as PDFs and images,” wrote Matt Binder for Mashable, citing coverage by Fortune magazine. “In total, the leak included nearly 3,000 assets that Anthropic had not previously published. According to Anthropic, the leak was the result of an issue with the content management system (CMS) that the company uses. The data was uploaded to the CMS by the company. However, Anthropic failed to mark the items as private so the data was stored in a publicly accessible data lake.”
Uh-oh.
Ruben Dominguez has a little more detailed breakdown over at The AI Corner.
“Someone noticed that Claude Code version 2.1.88 was published to the npm registry with a 59.8MB source map file accidentally attached,” Dominguez writes. “A source map maps minified code back to the original readable source. Within hours, people were posting screenshots. Someone backed it up on GitHub. Developers started digging. What they found was not just a peek behind the curtain. It was the whole backstage.”
Here’s how he describes “the whole backstage:”
“The source map shipped inside @anthropic-ai/claude-code version 2.1.88 on npm,” he continues. “Anthropic has since pulled it. The internet did not wait. Buried inside were 44 feature flags covering features that are fully built but not yet shipped. Not vaporware. Compiled code sitting behind flags that compile to false when Anthropic ships the external build.”
Most of the rest of it is in bullet points, so I’ll let you access it that way. But just for demonstrative purposes, you can get a better sense of all of what was exposed from lists like this, cribbed directly from Dominguez’s enumerations:
· The 7 biggest technical takeaways – why the system prompts being in the CLI is genuinely surprising, why the Bash tool is the real crown jewel, what the axios dependency means for security, and why this was always readable even before the leak
· Every unshipped feature explained – all 20+ flagged features across MAJOR, IN-FLIGHT, INFRASTRUCTURE, and DEV TOOLING, with what each one actually does and how complete it looks
· The 44 feature flags, catalogued – the full list with descriptions, including the Ant-only internal tools that only load for Anthropic employees
· The leaked prompts – what is actually in Claude Code’s system prompt, why it is surprising it was ever in a distributed package, and what it reveals about how Claude reasons about its own tasks
· The safety angle – Anthropic’s own research shows Claude has tried to hack its own servers with a 12% sabotage rate, and now this. What to make of it.
None of this builds a huge amount of trust in front-runners like Anthropic to police their systems in ways that will prevent hackers from running amok with the latest tech tools.
“Researchers have already shown that AI tools can assist in cyberattacks,” writes Somatirtha at Analytics Insight. “Hackers can use these systems to scan code, detect flaws, and build attack scripts. These tools cut the skill needed to launch sophisticated attacks. Security analysts have also found weaknesses in AI-powered developer tools, which could expose systems to misuse.”
So if companies can’t even prevent giving away the store to whoever has a computer, our ability to collectively guard against malware is, well, hobbled significantly.
Mythos and Capybara: What’s In a Name?
I wanted to go back to something from Binder’s reporting, where the author writes:
“Anthropic says that Claude Mythos is currently in the trial stage and available to select ‘early access customers.’”
Look carefully at the next line:
“In addition to the new AI model, the leaked post also mentions a new, unreleased AI model tier from Anthropic called Capybara.”
If we assume that by “the new AI model,” Binder means Mythos, then Capybara, if you’ll forgive the pun, is a different animal. Elsewhere, though, reporting seems to indicate that Mythos is just the production name of Capybara, which was the early code name for the same project.
We should probably figure out which of these is true, too.
The last quarter, the first quarter of 2026, has been a whirlwind. Look for more of this kind of consternation as new models keep rolling out, sometimes in an orderly fashion, sometimes – well – not.
