Security researchers discovered approximately 3,000 of Anthropic's internal assets exposed in an unsecured public database, including a draft blog post for an unreleased model called 'Capybara' (also Claude Mythos).
Anthropic just had its worst week in the company's history — and then it got worse. Hours after a federal judge temporarily blocked the Pentagon from blacklisting the AI lab as a national security risk, security researchers disclosed that Anthropic had left nearly 3,000 internal assets exposed in a public database, including a draft blog post describing a powerful new model it had not yet announced. Fortune The Washington Post
Roy Paz, a senior AI security researcher at LayerX Security, discovered the unsecured data cache and reported it to Fortune, which first published the exposure on Thursday. Alexandre Pauwels, a cybersecurity researcher at the University of Cambridge, separately reviewed the leaked material and confirmed its contents to Fortune. The cache contained roughly 3,000 assets linked to Anthropic's blog that had not been published on its news or research sites — among them a draft post for a new model Anthropic internally calls Capybara, also referenced as Claude Mythos in company documents. Fortune
The draft post described Capybara as a new tier of model, larger and more intelligent than the company's previous most powerful system, Claude Opus 4.6. An Anthropic spokesperson confirmed to Fortune that the new model represents a step change in performance and is the most capable the company has built to date — what the draft called "by far the most powerful AI model we have ever developed." The spokesperson said Capybara scores dramatically higher than Opus 4.6 on tests of software coding, academic reasoning, and cybersecurity capabilities. Fortune
Anthropic told Fortune it presages an upcoming wave of AI systems that can find and exploit software vulnerabilities far faster than defenders can respond. The company said it plans to release Capybara in early access to organizations, giving them a head start at hardening their codebases against that wave. According to the leaked material, Capybara is currently far ahead of any other AI model in cyber capabilities — ahead even of OpenAI's GPT-5.3-Codex, which Anthropic had previously classified as the first model to cross its high-capability threshold for cybersecurity tasks under its Preparedness Framework. Fortune
The leaked cache also included details of an invite-only European CEO retreat Anthropic CEO Dario Amodei is scheduled to attend — a two-day gathering at an 18th-century manor turned hotel and spa in the English countryside, described in the documents as an intimate gathering of European business leaders. Attendees were slated to experience unreleased Claude capabilities, according to the exposed material. One of the 3,000 assets had a title describing an employee's parental leave. Fortune
Anthropic confirmed the leak was the result of human error in configuring its content management system, where assets are set to public by default unless a user explicitly marks them private. After being notified by Fortune, the company removed public access to the data store. LinkedIn
The timing is a gift for anyone cataloguing Anthropic's worst week. Hours before the leak became public, U.S. District Judge Rita Lin temporarily blocked the Trump administration from designating Anthropic a supply-chain risk and ordered federal agencies to stop using Claude. Lin wrote that the punitive measures taken against Anthropic by the administration and Defense Secretary Pete Hegseth appeared arbitrary and capricious and could cripple the company. "Nothing in the governing statute supports the Orwellian notion that an American company may be branded a potential adversary and saboteur of the U.S. for expressing disagreement with the government," she ruled. The New York Times
The dual exposure raises a question Anthropic's safety brand makes it awkward to ask: can a lab built on operational discipline maintain basic security hygiene while fighting simultaneous regulatory wars on multiple fronts? A Chinese state-sponsored group had already been running a coordinated campaign using Claude Code to infiltrate roughly 30 organizations — tech companies, financial institutions, and government agencies. And Anthropic left a CMS misconfiguration open enough that a security researcher found it with a search engine. Anthropic