Should I be worried about the malicious axios package in Claude Code?

Yes, if you updated Claude Code via npm between 00:21 and 03:29 UTC on March 31, 2026. Malicious axios versions (1.14.1 or 0.30.4) bundled in version 2.1.88 of @anthropic-ai/claude-code contained a Remote Access Trojan. Treat this as an active security incident.

Claude Mythos: Anthropic's Secret AI Model, Leaked (2026)

Q: What is Claude Mythos?

Claude Mythos (codename Capybara) is Anthropic's most powerful AI model to date, representing a new tier above the Opus family. It was accidentally revealed on March 26, 2026, when a CMS configuration error exposed ~3,000 unpublished assets. Anthropic confirms it as a 'step change' in capabilities, currently in early access.

Q: Is Claude Mythos the same as Opus 5?

Likely yes. Mythos appears to be what many called 'Opus 5' — a model above the Opus tier. Anthropic uses 'Mythos' commercially and 'Capybara' as the development codename. No official 'Opus 5' branding has been confirmed as of April 2026.

Q: What cybersecurity risks does Claude Mythos pose?

Anthropic's internal documents describe Mythos as 'currently far ahead of any other AI model in cyber capabilities' and warn it could enable large-scale cyberattacks by rapidly finding and exploiting vulnerabilities. Anthropic is actively briefing government officials on these risks.

I was in a café in Canggu, half-watching a surf session through the window, when my phone blew up.

Three separate group chats. Same Fortune article link. Same message: “Anthropic just leaked their next model. This one’s different.”

I put down my iced coffee and read every word.

Claude Mythos — internal codename Capybara — is real. And Anthropic didn’t announce it. A misconfigured CMS did.

What leaked is either the most exciting or the most alarming thing in AI this year, depending on your threat model. Probably both.

What Actually Leaked — and How It Happened

On March 26, 2026, a configuration error in Anthropic’s content management system left approximately 3,000 unpublished assets sitting in a searchable, publicly accessible data store.

Not behind a paywall. Not hidden behind authentication. Just… there.

Fortune broke the story after researchers found draft blog posts, internal graphics, PDFs, and event details that were clearly never meant to go public. Anthropic’s spokesperson attributed it to “human error in the CMS configuration” — every asset uploaded to their central store was public by default unless explicitly marked private. One toggle in the wrong position, and the curtain fell.

The company described the exposed content as “early drafts considered for publication” that “did not involve our core infrastructure, AI systems, customer data, or security architecture.”

Fine. But among those drafts was an announcement for Claude Mythos — and what it described is what everyone’s talking about.

Here’s the kicker: five days later, on March 31, Anthropic did it again.

This time, version 2.1.88 of the @anthropic-ai/claude-code npm package shipped with a 59.8 MB source map file exposing approximately 512,000 lines of TypeScript source code — the entire codebase. Developers mirrored it to GitHub within hours. It was forked 41,500+ times before Anthropic could respond.

And if you updated Claude Code between 00:21 and 03:29 UTC on March 31, you may have pulled a malicious version of axios (versions 1.14.1 or 0.30.4) containing a Remote Access Trojan. Check that environment immediately.

Two major leaks. Five days apart. Same company.

So What Is Claude Mythos?

Claude Mythos (codename Capybara) is a new tier of AI model sitting above Anthropic’s existing Opus family.

This isn’t a minor version bump. The leaked draft describes it as a “step change” — not Anthropic’s marketing language, but their internal framing before they were ready to tell anyone.

The official quote from an Anthropic spokesperson, after Fortune confirmed the leak: Mythos represents “a step change” in performance and is “the most capable we’ve built to date.” The model has completed training and is currently being tested with a small group of early access customers.

Compared to Claude Opus 4.6, the leaked materials describe dramatically higher benchmark scores across:

Software coding
Academic reasoning
Cybersecurity (this one deserves its own section — see below)

The model occupies a new tier above Opus, Sonnet, and Haiku. Capybara is the internal development codename; Mythos appears to be the commercial name.

The Cybersecurity Angle — Why Governments Are Actually Worried

Here’s where this stops being just an AI launch story.

The leaked draft blog post didn’t only announce Mythos’s capabilities. It warned that the model poses “unprecedented cybersecurity risks.”

Anthropic’s own internal language: Mythos is “currently far ahead of any other AI model in cyber capabilities” and “presages an upcoming wave of models that can exploit vulnerabilities in ways that far outpace the efforts of defenders.”

That’s the company building the model writing that about their own product.

It gets more serious. Anthropic has been privately briefing top government officials that Mythos makes large-scale cyberattacks significantly more likely in 2026. Not a hypothetical warning — active pre-release briefings to policymakers.

Gizmodo reported that the Pentagon’s circles view this as a feature rather than a threat, which is its own specific kind of validation.

The dual-use reality of this is unavoidable. A model that can rapidly find and exploit software vulnerabilities accelerates the cyber arms race in both directions. Attackers and defenders will access the same underlying capability — but attackers historically move faster.

I’ll say the quiet part clearly: if your passive income operation runs any server-side infrastructure, this is a good moment to audit your vulnerability exposure. The people reading about Mythos’s offensive capabilities are also reading those security advisories.

What We Can Verify vs. What’s Being Overstated

A word of caution before you repeat what’s circulating on Twitter.

Some coverage has included specific parameter counts and benchmark percentages that aren’t traceable to the original leaked documents. I’m not going to publish unverifiable numbers as fact.

What is confirmed (verified from multiple major outlets):

Claude Mythos exists and is in early access ✓
Anthropic confirmed it’s real and describes it as a “step change” ✓
It’s a new tier above Opus, significantly ahead on coding/reasoning/cybersecurity ✓
Anthropic’s internal documents describe “unprecedented cybersecurity risks” ✓
Government briefings on cyberattack risks are happening ✓
The Claude Code npm package leaked ~512K lines of source code ✓
A malicious axios version was bundled in that package ✓

What’s still speculation:

Exact parameter counts (multiple claims, no primary source confirmation)
Precise benchmark numbers vs. competitor models
Pricing, API tier, or general availability timeline

Apply healthy skepticism to any specific number that doesn’t trace back to Fortune, Axios, CoinDesk, or Euronews — the outlets that actually reviewed the leaked documents.

What This Means for You in Practice

Here’s my practical read on this, as someone who uses Claude’s API in production for research workflows and content pipelines.

If you’re building AI-powered passive income workflows: Mythos signals where the capability ceiling is moving in the next 12 months. The workflows you’re building today on Opus 4.6 will eventually run on Mythos-level models. Design for that headroom now. Agentic workflows that feel powerful today will feel basic by comparison. I wrote about building AI passive income systems here.

If you’re an AI developer or API user: Early access exists. Anthropic has confirmed a small group of customers is already testing Mythos. If you have production-scale usage — especially in coding, research, or high-stakes reasoning tasks — applying for that waitlist is worth doing. The differentiation window between Opus 4.6 and Mythos could be significant.

If you’re building on AI security or SaaS: The tools that get early access to Mythos-level capabilities will have a real moat — at least temporarily. Watch Anthropic’s early access announcements. Being on the right side of that capability curve matters more than it used to.

If you’re on anyone’s security team: The npm malware incident is not theoretical. Version 2.1.88 of @anthropic-ai/claude-code included a malicious axios dependency with a RAT payload. If any developers in your organization pulled that update during the window I mentioned above, treat this as an active incident. More on AI toolchain security here.

The Meta-Story Worth Naming

Let me step back from the technical details.

Anthropic is arguably the company most vocal about responsible AI development. Their safety-first messaging is central to their brand and their pitch to governments, regulators, and enterprise customers.

They accidentally revealed their most powerful and potentially dangerous model through a misconfigured CMS. Then, five days later, accidentally shipped their proprietary coding tool’s source code — bundled with malware — through a packaging error on npm.

This isn’t a takedown. Every company makes operational mistakes. But there’s a real tension here worth naming: the company most focused on preventing AI risk made two basic operational security errors within a week of each other. And the model at the center of this story is the one they themselves describe as a cybersecurity breakthrough that could enable large-scale attacks.

“Passive income isn’t lazy money — it’s smart money.” The same principle applies to security posture. You can’t set it and forget it when the threat model is actively changing beneath you.

Common Mistakes to Avoid Right Now

Don’t panic-sell or panic-buy based on speculation. Wait for official benchmarks before making infrastructure or business decisions based on Mythos capability claims.
Don’t ignore the npm malware incident. If anyone on your team installed Claude Code in that window, audit the environment now. This is a real security issue.
Don’t dismiss the cybersecurity risk. Even if Anthropic’s internal language sounds dramatic, the directional claim — that frontier AI significantly accelerates offensive cyber capabilities — is credible and worth taking seriously in your threat model.
Don’t wait for public release to prepare. The agentic AI landscape in 12 months will look meaningfully different. Start designing for that now.

Frequently Asked Questions

What is Claude Mythos? Claude Mythos (internal codename Capybara) is Anthropic’s most powerful AI model to date, representing a new tier above the Opus model family. It was accidentally revealed on March 26, 2026, when a CMS configuration error exposed approximately 3,000 unpublished Anthropic assets. Anthropic has confirmed the model’s existence and describes it as a “step change” in capabilities, currently in early access testing.

Is Claude Mythos the same as Opus 5? Likely yes, in substance. Mythos appears to be what many informally called “Opus 5” — a model above the Opus tier. Anthropic uses the name Mythos commercially and Capybara as the development codename. No official “Opus 5” branding has been confirmed.

When will Claude Mythos be publicly available? No public release date has been announced as of April 2026. The model is in early access with select customers. Apply through Anthropic’s API waitlist if you have production-scale usage.

What cybersecurity risks does Claude Mythos pose? Anthropic’s internal documents describe the model as “currently far ahead of any other AI model in cyber capabilities” and warn it could enable large-scale cyberattacks by rapidly finding and exploiting software vulnerabilities. Anthropic is actively briefing government officials on these risks ahead of public release.

Is the Claude Code npm leak connected to Mythos? They are separate incidents. The Claude Code npm leak (March 31, 2026) was a packaging error in version 2.1.88 that exposed 512,000 lines of TypeScript source code, plus shipped a malicious axios dependency. The Mythos CMS leak was a separate configuration error on March 26, 2026.

Should I be worried about the malicious axios package? Yes, if you updated Claude Code via npm between 00:21 and 03:29 UTC on March 31, 2026. The malicious axios versions (1.14.1 or 0.30.4) contained a Remote Access Trojan. Treat this as an active security incident if it applies to your environment.

The Bottom Line

Claude Mythos is real, it’s Anthropic’s most capable model to date, and it raises cybersecurity implications that even its creators are alarmed by. We know this not because Anthropic chose to tell us — but because their CMS did.

The model will eventually be publicly available. When it is, it will raise the capability bar significantly for coding, reasoning, and potentially offensive cyber applications. Building your AI workflows and security posture with that in mind now — not when the announcement lands — is the smart move.

The window before Mythos reshapes the AI landscape is shorter than it looks.

Affiliate disclosure: I link to CoinLedger for crypto-AI earnings tracking (affiliate) and ElevenLabs for AI content workflows (affiliate). Anthropic doesn’t run an affiliate program — links to their API and Claude Pro are editorial, not sponsored.

Risk disclaimer: Information in this article is based on leaked draft materials as reported by Fortune, Axios, CoinDesk, Euronews, and Futurism as of April 1, 2026. Capability claims should be treated as preliminary until official Anthropic benchmarks are published. This is not financial advice, security consulting, or an endorsement of any specific technology decision.

Last updated: April 1, 2026

Next in this series: What Mythos-level AI means for passive income builders — the workflows, positioning opportunities, and tools to watch when the AI ceiling just moved.

Get Smarter About Passive Income

Weekly crypto yield picks + AI income strategies. Join readers.