Anthropic did not plan to announce its next frontier model this week. A misconfigured content management system did it for them.

In late March, security researchers Roy Paz of LayerX Security and Alexandre Pauwels of the University of Cambridge discovered that a default configuration error in Anthropic’s CMS had left nearly 3,000 unpublished internal assets — draft blog posts, PDFs, internal memos, and images — publicly accessible without authentication. Among the exposed documents: a detailed draft announcement of a new model called Claude Mythos, internally codenamed Capybara. Fortune reviewed the documents and informed Anthropic, which restricted access shortly after. By then, the material had already spread.

Anthropic attributed the incident to “human error” in CMS configuration, describing the exposed files as “early drafts of content considered for publication.” The company then confirmed, on the record, that the model is real.

What Anthropic Has Confirmed

An Anthropic spokesperson told Fortune that Claude Mythos represents “a step change” and is “the most capable we’ve built to date” — a general-purpose model with “meaningful advances in reasoning, coding, and cybersecurity.” The company confirmed it is currently being tested with a small group of early access customers.

The leaked draft blog post described Claude Mythos as “by far the most powerful AI model we’ve ever developed.” Compared to Claude Opus 4.6, it “gets dramatically higher scores on tests of software coding, academic reasoning, and cybersecurity, among others.”

A New Tier Above Opus: Capybara

The leaked draft places Mythos in a new model tier called Capybara — described as “larger and more intelligent than our Opus models, which were, until now, our most powerful.” The two names, Mythos and Capybara, appear to refer to the same underlying model, with Anthropic seemingly deciding between the two names at the time of the leak.

Both versions of the draft use the same justification for the Mythos name, saying it was chosen to evoke “the deep connective tissue that links together knowledge and ideas.” Anthropic currently segments its models into three tiers — Opus, Sonnet, and Haiku. Capybara would add a fourth tier above all three, with pricing and access terms commensurate with its compute intensity.

The draft acknowledged the model is “very expensive for us to serve, and will be very expensive for our customers to use,” with Anthropic stating it is working to make it “much more efficient before any general release.”

The Cybersecurity Warning at the Center of the Story

The most striking element of the leak is not the capability claims — it is Anthropic’s own language about what the model can do to the defensive side of the security landscape.

The draft stated the model is “currently far ahead of any other AI model in cyber capabilities” and warned that it “presages an upcoming wave of models that can exploit vulnerabilities in ways that far outpace the efforts of defenders.” The company described its planned rollout strategy as a direct response to this risk: releasing it first to enterprise security organizations, giving cyber defenders a head start before the model’s offensive capabilities become more widely available.

Anthropic is also privately warning top government officials that Mythos makes large-scale cyberattacks much more likely in 2026, according to Axios. Cybersecurity stocks — including CrowdStrike, Palo Alto Networks, Zscaler, and Fortinet — fell in the days following the leak as markets assessed the implications.

The irony was not lost on observers. A safety-focused AI lab accidentally leaving its most powerful model’s launch materials in a public data store, for a model it describes as posing unprecedented cybersecurity risks, is the kind of detail that writes its own headline.

What the Community Is Adding

On top of the confirmed Fortune reporting, X account @iruletheworldmo posted a thread on March 31 citing what they described as information from Anthropic staff, adding several unverified details not present in the leaked documents:

The thread claims a target release date of April 16, benchmark scores above 95 across every major evaluation, pricing of $120/$600 per million tokens, a 10 million token context window, and enterprise-only access at launch. A follow-up post included what appeared to be a confidential benchmark comparison image:

None of these specifics — the April 16 date, the pricing structure, the context window, or the benchmark image — have been confirmed by Anthropic or corroborated by any outlet that reviewed the original leaked documents. They should be read as community-sourced additions to a confirmed story, not as verified facts. Anthropic has not set a public release timeline.

A Pattern Worth Noting

This is the second significant information leak from Anthropic in the span of a week — following the Claude Code source map exposure that exposed 1,906 proprietary TypeScript files on npm the same day. Both incidents stem from configuration defaults rather than external attacks: in each case, a system set to public by default when it should have been private.

For a company whose entire brand proposition is built on safety and careful deployment, the optics of two self-inflicted leaks in one week — one of them revealing a model the company itself describes as an unprecedented security risk — will be difficult to separate from the underlying capability story, however strong that story turns out to be.

Anthropic has not issued a formal statement beyond its on-record confirmation to Fortune.

Comments

No comments yet. Be the first to share your thoughts.

or to leave a comment.