Three independent data leaks in 90 days turned an Anthropic secret into public knowledge. This is the full story — from the first CMS exposure to the npm cache smoking gun.
TL;DR: Anthropic's next model (Claude Mythos, codename Capybara) was confirmed across three separate unintended disclosures: a staging CMS leak, a deobfuscated VS Code extension, and a stale npm bundle. Each leak independently corroborated the others — making the existence of Claude Mythos effectively impossible to deny by March 2026.
Leak type: HTTP 200 on a staging endpoint | Duration live: ~2 hours | Information exposed: Model ID, API category, draft description
In late January 2026, a developer was browsing Anthropic's documentation site when they noticed an unusual HTTP response. A staging environment had been briefly exposed to the public internet — and it included a pre-production version of the API documentation.
Within that staging doc, a table of available models included an entry the public had never seen:
The developer took screenshots, shared them in a private Discord, and the screenshots propagated to X (formerly Twitter) within hours. Anthropic patched the staging server access two hours after the first tweet, but the screenshots were already archived.
claude-mythos-20260601 (suggesting June 1, 2026 build)Leak type: Insufficiently obfuscated JS bundle | Where: VS Code Marketplace | Information exposed: Endpoint names, codename "Capybara", token limit constant
Claude Code's VS Code extension ships as a minified JavaScript bundle. In February 2026, a developer applied standard deobfuscation tools to the bundle and found unexpected references:
The bundle also contained:
CLAUDE_MYTHOS_ENDPOINT environment variable referenceMAX_CONTEXT_TOKENS: 409600 constant (= 400K tokens)'capybara' stored alongside the model IDaudio_input: true absent from all other model configsAnthropic pushed an extension update within 48 hours that removed these references. The original version was archived by the VS Code Marketplace.
Leak type: Stale model string in published npm package | Package: @anthropic-ai/sdk | Duration: 6 hours before patch | Information exposed: Internal build date string
On March 4, 2026, Anthropic published a routine update to their official TypeScript SDK. A developer running npm diff noticed the bundle contained an unexpected model reference:
The model string claude-mythos-20260301 implies a March 1, 2026 build date — suggesting Anthropic's internal engineering team was already running a functional model build. The npm package was patched within 6 hours, but the old version (0.41.2) remained accessible in npm's immutable package registry.
What makes this situation unusual is that all three leaks happened independently, from different systems (web CMS, VS Code extension, npm SDK), and each contained unique information that complemented the others:
| Information | CMS (Jan) | VS Code (Feb) | npm (Mar) |
|---|---|---|---|
| Model name "Mythos" | ✓ | ✓ | ✓ |
| Codename "Capybara" | — | ✓ | — |
| ~400K context | — | ✓ (409600) | — |
| Audio input support | — | ✓ | — |
| Internal build date | 20260601 | — | 20260301 |
| "Frontier" tier | ✓ | ✓ | — |
As of April 2026, Anthropic has issued no official statement about Claude Mythos. Standard practice at AI labs is to neither confirm nor deny pre-release models — this maintains pricing power and prevents competitors from targeting specific milestones.
Be first to know when Anthropic releases Claude Mythos. Early access alerts & benchmark updates.
Join 3,400+ developers · Free forever · No spam
Explore Claude Mythos →