TL;DR
- Data Breach: A CMS misconfiguration exposed nearly 3,000 Anthropic internal documents, including details of an unreleased model called Claude Mythos.
- Model Capabilities: Anthropic describes Mythos as a step change in reasoning and cybersecurity, positioning it above its current Opus lineup.
- Release Strategy: Anthropic plans to release Mythos first to cyber defense organizations before making it broadly available.
- Competitive Context: OpenAI finished pretraining its own frontier model, codenamed Spud, as both companies prepare for IPOs later in 2026.
AI safety startup Anthropic confirmed on March 27 that a basic content management misconfiguration had exposed nearly 3,000 internal documents, inadvertently revealing details of an unreleased model called Claude Mythos that Anthropic describes as a step change in reasoning and cybersecurity capabilities. Anthropic now faces the uncomfortable task of defending both its operational security and its competitive strategy at the same time.
According to Fortune, which broke the story on March 26, a default setting in Anthropic’s content management system made all uploaded assets publicly accessible. Among the exposed files were draft blog posts revealing details about a model with the internal product name Capybara. Both Anthropic and OpenAI are racing to release flagship models ahead of planned IPOs later in 2026.
Leaked Details Reveal Anthropic’s Strongest Model
Leaked draft blog posts describe Capybara as a new tier of model above Opus, which was previously Anthropic’s top-performing offering. Internal documents position Capybara as larger and more intelligent than the Opus lineup, with dramatically higher scores in software coding, academic reasoning, and cybersecurity. One draft described Mythos as “currently far ahead of any other AI model in cyber capabilities” and warned it presages a wave of models that can exploit vulnerabilities in ways that far outpace defenders.
Leaked benchmark comparisons showed gains across multiple domains, though Anthropic has not publicly released specific numbers or methodology details. Introducing a fourth tier above Opus positions Anthropic to compete directly with OpenAI’s frontier models on cybersecurity, a domain where government and enterprise contracts carry outsized value.
Given those capabilities, Anthropic plans to release Mythos first to defense organizations, giving them a head start at hardening their systems before broader public availability. Security researchers Roy Paz of LayerX Security and Alexandre Pauwels of the University of Cambridge independently reviewed the leaked data for Fortune, confirming the authenticity of the exposed documents. Anthropic is already testing Mythos with a small group of early access customers, suggesting the model is further along in development than competitors may have expected.
In its official response, Anthropic confirmed both Mythos’s capabilities and its deliberate release strategy.
“We’re developing a general purpose model with meaningful advances in reasoning, coding, and cybersecurity. Given the strength of its capabilities, we’re being deliberate about how we release it. As is standard practice across the industry, we’re working with a small group of early access customers to test the model. We consider this model a step change and the most capable we’ve built to date.”
Anthropic spokesperson (via Fortune)
Before Mythos, Claude Opus 4.6 already topped Terminal-Bench 2.0 at 65.4%, surpassing GPT-5.2-Codex.
A leap beyond that benchmark into what Anthropic describes as sharply higher scores would represent a notable capability jump in an already competitive field. For enterprise buyers evaluating AI vendors ahead of contract renewals, the leaked capability claims could shift purchasing decisions even before an official launch.
How the Breach Happened
At its core, the underlying misconfiguration was elementary. All assets uploaded to Anthropic’s central data store were public by default unless explicitly set to private. Anyone with technical knowledge could query the system to retrieve files, including unpublished drafts.
Fortune independently discovered the exposed data, informed Anthropic of the vulnerability, and gave the company adequate time to secure the system before publishing its report. An Anthropic spokesperson attributed the exposure to “human error in the CMS configuration.” Anthropic characterized the exposed documents as early drafts unrelated to its core infrastructure, AI systems, customer data, or security architecture, and stated the CMS issue was unrelated to Claude, Cowork, or any of its AI tools.
Internally, Anthropic had automated much of its software development using Claude-based AI coding agents, but said AI was not at fault for the misconfiguration. Beyond model details, the breach also exposed a PDF for an invite-only two-day retreat for European CEOs at an 18th-century English countryside manor where CEO Dario Amodei was scheduled to attend. Attendees were promised private briefings on Anthropic’s AI strategy and direct access to senior leadership, details the company had intended to keep confidential.
Raising further questions about routine security audits on its publishing infrastructure, CMS misconfigurations are among the simplest infrastructure errors to prevent, typically requiring only a configuration review to ensure new uploads default to private access rather than public. For a company founded with the explicit goal of creating safe AI, the pattern of security incidents is notable.
In January 2026, a security flaw resurfaced in its Claude Cowork tool days after launch, allowing attackers to exploit the tool’s own API to steal user data. In November 2025, Anthropic’s claims about disrupting a Chinese state-sponsored campaign using Claude Code to infiltrate roughly 30 organizations drew backlash from the security community.
In a separate security test, researchers demonstrated that Claude could be turned into a malware factory within eight hours, highlighting the dual-use risks of the same AI systems Anthropic markets for defensive purposes. Earlier in March 2026, the Trump administration blacklisted Anthropic after it set limits on how the military could use its AI models, and Anthropic has since filed suit against the government over the designation.
AI Arms Race Intensifies
Mythos arrives at a particularly charged moment in the AI industry. According to The Information, OpenAI finished pretraining its own model, codenamed Spud, as of March 25. OpenAI CEO Sam Altman reportedly wrote in an internal memo that “things are moving faster than many of us expected” and said the company is shutting down its video app Sora to free computing capacity for Spud.
Altman described the model internally as a system that could accelerate the broader economy, underscoring the scale of ambition driving both companies as they prepare for public offerings. OpenAI also announced it would shut down its video generation app Sora to redirect computing capacity toward Spud’s final training and evaluation runs. Releasing a frontier model before going public would strengthen each company’s narrative to prospective investors, making the timing of Mythos’s accidental exposure particularly awkward for Anthropic’s leadership team.
In February, OpenAI released GPT-5.3-Codex with high cyber capability classification under its Preparedness Framework, marking the first time the company rated one of its own models at that level for cybersecurity. Anthropic’s leaked documents suggest Mythos would represent a further escalation, positioning both companies at the frontier of a domain with notable national security implications.
Anthropic had already unveiled Claude Code Security in February 2026, a move that rattled cybersecurity stocks and signaled the company’s expanding footprint in defensive AI applications. OpenAI VP of Research Max Schwarzer departed for Anthropic earlier in March, intensifying the talent competition between the two companies and raising questions about whether OpenAI can maintain its research edge as it simultaneously scales Spud toward production readiness.
Leaked details of Anthropic’s step-change Mythos model through a basic CMS misconfiguration highlight a persistent and widening gap between the company’s safety messaging and its operational security practices. Apple experienced similar CMS leaks in 2018 with iPhone names and in 2025 with App Store debugging files, but for Anthropic the stakes are uniquely high. With Mythos already in early access testing and both companies positioning for IPOs in the coming months, Anthropic now faces a decision: accelerate the model’s public release to control the narrative, or maintain the deliberate rollout strategy it outlined before the breach forced its hand.