In late March, a misconfigured content management system at Anthropic left nearly 3,000 unpublished assets publicly accessible. Among them was a draft blog post announcing a new model called Claude Mythos. Fortune broke the story, Anthropic locked things down, and the company attributed the exposure to human error.
The draft itself was revealing. It described Mythos as the most powerful model Anthropic has ever built and introduced a new capability tier called Capybara — positioned above Opus, which currently sits at the top of Anthropic's lineup and is widely considered the strongest coding model available. According to the leaked draft, the Capybara tier dramatically outperforms Claude Opus 4.6 on coding, academic reasoning, and cybersecurity benchmarks. Anthropic confirmed it is testing the model with early access customers and called it a "step change" in performance. The company also noted the model is very expensive to run and not yet ready for general release.
Whether this leak was a genuine mistake or something more calculated, the contents are worth sitting with. Not for the corporate intrigue, but for what they tell us about the speed and direction of AI capability — and what that means for organizations trying to keep up.
"Step change" sounds like corporate jargon, but it has a specific meaning. It describes a nonlinear jump in capability — not a steady 10% improvement over the last version, but something closer to a vertical leap on the chart. Anthropic choosing that language deliberately signals they believe Mythos represents something more than the usual upgrade cycle.
One useful way to think about what that means in practical terms: measure how long an AI agent can run independently and stay productive. Not looping endlessly or repeating itself, but doing real, useful work without a human stepping in to course-correct.
That number has been climbing fast. With earlier Opus versions, an agent could run productively for roughly an hour before it started losing the thread. Opus 4.5 pushed that to two or three hours. With Opus 4.6, it's common to see agents run for six, seven, even eight hours — and there have been experiments pushing well beyond that.
A step change from that baseline could mean agents running independently for days. Maybe longer. And the implications extend well past software development. The same question — how far can the model go on its own? — applies to legal case research, medical diagnosis, content production, financial analysis, and dozens of other sustained reasoning tasks that associations and their members deal with regularly.
The performance claims alone would have gotten attention. What moved markets was the cybersecurity section of the leaked draft.
Anthropic's draft reportedly described Mythos as currently far ahead of any other AI model in cyber capabilities. It also warned of an upcoming wave of models that can exploit vulnerabilities in ways that far outpace the efforts of defenders. That language landed hard. CrowdStrike's stock dropped roughly 7%. Palo Alto Networks fell about 6%. The iShares cybersecurity ETF lost around 4.5%. One analyst wrote that the model has the potential to elevate any ordinary hacker into a nation-state-level adversary.
Anthropic's reported rollout strategy reflects the weight of that assessment. The company is apparently giving cyber defenders early access to strengthen their code bases before the model reaches broader availability.
None of this exists in a vacuum. In November 2025, Anthropic disclosed the first documented large-scale cyber attack executed predominantly by AI. A Chinese state-sponsored group had jailbroken Claude Code, disguising malicious commands as legitimate security testing, and used it to autonomously target roughly 30 organizations — tech companies, financial institutions, and government agencies. The AI executed an estimated 80 to 90 percent of the operation on its own: discovering vulnerabilities, writing exploit code, harvesting credentials, and pulling out data. A small number of attacks succeeded before Anthropic banned the accounts and notified authorities.
That incident made something concrete that a lot of people in cybersecurity had been warning about for years. AI-powered attacks at scale are happening now. A model like Mythos raises the ceiling on what those attacks could look like.
Here's where it gets relevant for associations specifically.
Open-source AI models that are freely available and will do whatever the user asks trail frontier models by roughly 6 to 12 months. That gap has been consistent. So whatever Mythos can do today, freely available models will be able to approximate within a year — possibly sooner.
Current open-source AI is already capable enough to target individuals and small organizations. Most associations fall squarely into that category. Some cybersecurity targets are robust enough to withstand serious pressure. Others — and this includes many associations — would struggle against even a moderately sophisticated AI-assisted attack.
The instinct might be to read all of this and feel helpless. But there's a structural dynamic at play that actually works in defenders' favor. In order to build strong cyber defenses, you need to understand what the offense is capable of. You can't protect against attack patterns you've never modeled. A model that excels at identifying and exploiting vulnerabilities is also, by definition, one of the best tools available for finding and closing those same vulnerabilities before someone else gets to them.
That's the logic behind Anthropic's reported strategy of giving defenders early access. If Mythos can spot weaknesses that no other tool can find, security teams can use that intelligence to harden their systems before the capability spreads to the broader ecosystem.
Associations don't need to become cybersecurity firms. But they do need to understand that AI-powered threats targeting small and mid-sized organizations are a current reality, not a future concern. And the tools available for defense are getting stronger at the same pace as the tools available for attack — but only if you're actually using them.
Zoom out from the specifics of the Mythos leak and a broader pattern comes into focus.
AI capability has been roughly doubling every six months relative to price. That pace has held steady, and there are signs it may actually be accelerating. Multiple forces are converging: more computing hardware coming online as the year progresses, improvements in model training techniques, advances in reinforcement learning, and breakthroughs in model compression that make powerful models smaller and cheaper to run.
Meanwhile, many associations haven't fully tapped into capabilities that have been available for two or three years. Basic processes — manually tagging content for a website, reviewing abstract submissions without any AI pre-screening, hand-processing membership applications — are still the norm in a lot of organizations. These are tasks that AI could have handled reliably during the GPT-4 era, let alone with current tools.
That gap between what's available and what most organizations are actually using keeps widening. And it creates a real tension. On one hand, it can feel overwhelming — how do you keep up when the frontier moves this fast? On the other hand, it means there's an enormous amount of low-hanging fruit still available. You don't need Mythos-level capability to start automating the repetitive, high-volume tasks that eat up your team's time. You need the willingness to start.
The organizations that treat AI capability growth as a reason to engage — rather than a reason to wait until things "settle down" — are the ones that will compound those gains over time. The frontier will keep moving. The question is whether your organization is moving with it, even if that means starting with the basics.