Claude Mythos: Anthropic’s Frontier Model Leak Reveals Autonomous Agent Capabilities
A data leak first surfaced on March 26 has exposed the existence of “Claude Mythos,” an unreleased frontier model that Anthropic describes internally as a “step change in capabilities.” Unlike current Claude models that respond to instructions one step at a time, Mythos reportedly plans and executes sequences of actions autonomously across multiple systems — making decisions and completing operations without waiting for human input at each stage.
Anthropic is testing Mythos with a small group of early-access customers but hasn’t set a general release date, partly because the model remains expensive to run. The company has been privately warning senior government officials that Mythos is “currently far ahead of any other AI model in cyber capabilities” and could make large-scale cyberattacks significantly more likely in 2026. Polymarket odds currently put a Q2 release at roughly 40%. Internal codenames from the source code leak map the model tiers: Capybara is Claude 4.6, Fennec is Opus 4.6, and the unreleased Numbat is still in testing.
Claude Code Source Leak Fallout: DMCA Takedowns Scaled Back After Overcorrection
The March 31 Claude Code source leak — a 59.8 MB source map file accidentally bundled in npm package v2.1.88 — continues to generate fallout. The leak exposed 512,000 lines of TypeScript across 1,906 files, revealing internal codenames, feature flags like KAIROS (an autonomous daemon mode), and model tier mappings. Anthropic initially issued broad DMCA takedown requests that hit more GitHub repositories than intended, impacting legitimate projects. The company has since scaled back the takedowns significantly.
Security researchers have used the exposed code to find new vulnerabilities. A critical concern: within hours of the leak, a trojanized version of an HTTP client containing a cross-platform remote access trojan appeared, targeting users who installed or updated Claude Code via npm during a specific window on March 31. Anthropic maintains that no customer data or credentials were exposed in the original leak, calling it a “release packaging issue caused by human error.”
CVE-2026-21852 and 50+ Subcommand Bypass: Two New Claude Code Vulnerabilities
Two serious security vulnerabilities in Claude Code surfaced this week. CVE-2026-21852, disclosed by Check Point Research, exploits an improper initialization order in Claude Code’s project-load flow. If a user opens Claude Code in a malicious repository containing a settings file that sets ANTHROPIC_BASE_URL to an attacker-controlled endpoint, API requests fire before the trust confirmation dialog appears — leaking the user’s Anthropic API key with zero interaction required. Anthropic patched this in version 2.0.65.
Separately, Adversa AI disclosed a bypass where commands composed of more than 50 subcommands can evade Claude Code’s security analysis for subcommands after the 50th. This means a carefully crafted prompt can slip dangerous operations past the tool’s safety checks. Both vulnerabilities underscore the growing attack surface of AI coding assistants — the more capable the tool, the more it can be weaponized when trust boundaries break down.
Together AI Open-Sources 12 Agent Skills for Claude Code and Codex
Together AI released 12 open-source agent skills that teach Claude Code and OpenAI’s Codex how to use the Together AI platform natively. Install via a single command: npx skills add togethercomputer/skills. Once installed, coding agents get immediate knowledge of Together AI’s SDK patterns, model IDs, and API calls without developers needing to manually engineer prompts or overload context windows.
This is part of a broader trend: infrastructure providers are packaging their platform knowledge as installable agent skills rather than relying on documentation alone. It’s a distribution play — if your SDK knowledge lives inside the coding agent, you’re the default choice when the agent needs to make an API call. Expect more cloud and API providers to follow this pattern through Q2.
Agent Skills Ecosystem Hits 2,300+ Skills Across 95+ Marketplaces
The agent skills ecosystem around Claude Code has reached a significant milestone: community directories now track over 2,300 skills and 770+ MCP servers across 95+ marketplaces. Since Anthropic released the Agent Skills specification as an open standard in December 2025 — with OpenAI adopting the same format for Codex CLI and ChatGPT — the cross-platform compatibility has accelerated adoption significantly.
Platforms like SkillsMP and the VoltAgent awesome-agent-skills repository on GitHub are aggregating skills from across the ecosystem. Anthropic’s own plugin marketplace now offers organization-wide management for Team and Enterprise plans, with a curated directory of partner-built skills. The open standard means skills built for Claude Code work in Codex, Cursor, Gemini CLI, and other compatible agents — lowering the friction for both skill creators and consumers.
OpenClaw Cutoff Day One: Developer Community Weighs API Migration Paths
The first full day of the OpenClaw subscription cutoff is playing out across developer forums and social media. The dominant thread: migration logistics. Developers who built workflows on subscription-priced Claude access through OpenClaw are now evaluating their options — Anthropic’s API billing at standard rates, the new Extra Usage bundles with the 30% launch discount, or switching to multi-model platforms that route across providers.
The one-time credit (equal to one month’s subscription cost) expires April 17, creating a short window for teams to test API-based workflows before committing. Several OpenClaw community members report that their actual API usage would cost 3-5x what they paid via subscription. That price gap is the core grievance — and the reason Anthropic made the change in the first place. The weekend is giving everyone time to do the math.
Anthropic’s Security Week Exposes the AI Tooling Paradox
Zoom out on the last seven days and a pattern emerges that goes beyond any single incident. The Claude Code source leak led to discovered CVEs. The CVEs exposed how much trust developers place in AI coding assistants. The OpenClaw cutoff showed how much compute those trust relationships consume. And the Mythos leak revealed that the next generation of models will be even more autonomous — capable of executing multi-step operations across systems without human checkpoints.
This is the AI tooling paradox: the more capable and autonomous these tools become, the higher the stakes when trust boundaries break. A coding assistant that can read your repo, call APIs, and execute commands is extraordinarily productive — until it’s exploited. Anthropic is now simultaneously pushing capability forward with Mythos while scrambling to secure the existing surface area of Claude Code. The agent skills ecosystem, now 2,300+ skills strong, makes the surface area question even more urgent. Every skill is a new trust boundary. Every MCP connector is a new potential attack vector. The industry hasn’t figured out the security model for this yet — and it’s building fast anyway.