Anthropic didn't release a product. It leaked a slide.
Last week, an accidental data cache exposed the existence of an unreleased Anthropic model internally codenamed "Capybara," publicly referred to as Claude Mythos. Anthropic called it "by far the most powerful AI model we've ever developed," with a spokesperson describing "meaningful advances in reasoning, coding, and cybersecurity."
That last word is what spooked Wall Street.
Within hours, cybersecurity stocks cratered. CrowdStrike fell around 7%. Palo Alto Networks dropped roughly 6%. Fortinet, Zscaler and Cloudflare all followed. Billions in market cap vanished — not because of earnings, not because of a competitor, but because of a model that doesn't even have a release date.
The fear has a logic to it. Anthropic said Capybara "gets dramatically higher scores on tests of software coding, academic reasoning, and cybersecurity" compared to Opus 4.6. Fortune reported that the company is planning a slow rollout specifically because of the cybersecurity implications. If a model can autonomously discover zero-day vulnerabilities — previously unknown software flaws that are the bread and butter of what cybersecurity firms charge a premium to find — the market's question becomes obvious.
"These stocks have had tremendous runs so it's rational for any marginal news to dent their shares," Travis Prentice, Chief Investment Officer at Informed Momentum, told the Financial Times.
Rational, sure. But "marginal news" undersells it. Adam Tindle, an analyst at Raymond James, noted that the traditional approach to cybersecurity — built on known threat signatures and vulnerability databases — faces real pressure as AI enables the "continuous discovery of unknown exploits" faster than legacy tools can respond.
That's what rattled the sector. Not that Mythos will replace CrowdStrike tomorrow, but that AI is learning to do the thing cybersecurity companies are built around, and it's learning fast.
The irony is hard to miss. Just last week, Morningstar upgraded CrowdStrike to a wide-moat rating, arguing that AI actually increases the attack surface and makes cybersecurity companies more valuable over time. The market saw one leaked codename and sold everything anyway.
Kirk Materne, an analyst at Evercore ISI, put it plainly: "Until the sector stops reacting to every model release, it's going to be a long and bumpy bottoming process."
This wasn't really about cybersecurity. It was a preview of what happens when AI capabilities advance fast enough to threaten entire business models with a press leak. Today it was CrowdStrike and Palo Alto. Next time it could be legal tech after a reasoning breakthrough, or analytics firms after a data science upgrade. Any industry that sells expertise AI is learning to replicate should be watching the Mythos selloff closely — not as a cybersecurity story, but as a preview of their own future trading day.
