Anthropic Capybara Leak: How 3,000 Files Exposed the Most Powerful AI Model
On March 26, 2026, two security researchers discovered approximately 3,000 unpublished files in an unsecured data store connected to Anthropic’s content management system. The files revealed the existence of Claude Mythos, the first model in a new Capybara tier that Anthropic describes as “the most capable we’ve built to date.”
The leak was not a hack. It was a configuration error — a “human error” in Anthropic’s CMS that left draft blog posts, internal documentation, and strategic planning materials publicly accessible and searchable. For a company that positions itself as the safety-focused AI leader, the irony was not lost on anyone.
Who Found the Files
The leak was discovered by two independent cybersecurity researchers working separately.
Roy Paz — LayerX Security
Roy Paz is a Senior AI Security Researcher at LayerX Security, a browser security company. Paz specializes in finding exposed data in publicly accessible cloud storage — exactly the type of misconfiguration that exposed Anthropic’s files.
His discovery was part of routine security research, not a targeted investigation of Anthropic. The files appeared in publicly searchable data stores, meaning anyone with the right search queries could have found them.
Alexandre Pauwels — University of Cambridge
Alexandre Pauwels is a researcher at the University of Cambridge. Pauwels independently found the same exposed data store, confirming that the files were genuinely public and not the result of a one-off access error.
The fact that two independent researchers found the same exposed data within a similar timeframe suggests the files were broadly discoverable — not hidden in an obscure location but accessible through standard search and enumeration techniques.
What Was Exposed
The approximately 3,000 files covered three categories of sensitive information.
Draft Blog Posts About Claude Mythos
The most consequential files were draft blog posts describing a new model called Claude Mythos and a new tier called Capybara. These drafts contained specific performance claims: “dramatically higher scores on tests of software coding, academic reasoning, and cybersecurity” compared to Claude Opus 4.6.
The drafts also included Anthropic’s internal risk assessment, stating the model is “currently far ahead of any other AI model in cyber capabilities” and “poses unprecedented cybersecurity risks.” These were internal assessments that Anthropic had not yet decided to publish.
Internal Documentation
Beyond the blog drafts, the exposed files included internal documentation about the model’s capabilities, testing results, and deployment strategy. The exact contents of these files have not been fully reported, but they provided enough detail for Fortune to publish a comprehensive exclusive article.
Strategic Planning Materials
The leak also exposed details about a planned invite-only CEO summit where Anthropic CEO Dario Amodei would meet European business leaders at an 18th-century manor hotel-and-spa in the English countryside. This revealed Anthropic’s business development strategy and high-level relationship building with European corporate leaders.
The Timeline
The leak unfolded over less than 48 hours:
| Date | Event |
|---|---|
| March 26, 2026 (morning) | Researchers discover exposed files |
| March 26, 2026 (afternoon) | Fortune contacts Anthropic for comment |
| March 26, 2026 (10:27 PM ET) | Fortune publishes exclusive story |
| March 26, 2026 (same day) | Bloomberg reports Anthropic considering October 2026 IPO |
| March 27, 2026 | Anthropic restricts access to exposed data store |
| March 27, 2026 | Cybersecurity stocks drop: CRWD -7%, PANW -6%, FTNT 4-6% |
| March 27, 2026 | Story goes viral across tech and financial media |
The timing of Bloomberg’s IPO report on the same day as the leak was coincidental but amplified the story’s impact. Both revelations — a breakthrough model and a potential $60B+ IPO — hit the market simultaneously.
The Technical Failure
The leak resulted from a misconfiguration in Anthropic’s content management system, not a sophisticated cyberattack.
What Went Wrong
Anthropic stores blog content and related assets in a cloud-based CMS with an associated data store. The configuration error left this data store publicly accessible and searchable without authentication. Anyone who knew (or discovered) the correct URL or search parameters could browse the files freely.
This is a common class of security failure. Cloud storage misconfigurations have exposed data from companies including Capital One, Facebook, and the Pentagon. The difference here is that Anthropic is an AI safety company whose entire brand is built on careful, responsible handling of powerful technology.
How It Was Fixed
After Fortune notified Anthropic on March 26, the company restricted public access to the data store. An Anthropic spokesperson attributed the incident to “human error” in CMS configuration and did not indicate that any additional security measures were needed beyond correcting the configuration.
The Irony Factor
The irony of the Anthropic leak has become a defining element of the story, referenced in nearly every media report.
An AI Safety Company’s Security Failure
Anthropic’s founding mission is building safe AI. The company split from OpenAI specifically because founders Dario and Daniela Amodei believed OpenAI was not taking safety seriously enough. Anthropic created the Responsible Scaling Policy, developed Constitutional AI, and consistently positions itself as the most safety-conscious major AI lab.
Leaking details about their most powerful model through a basic CMS misconfiguration — one of the most preventable types of security failures — undercut that narrative in a single day.
As Futurism wrote: “Let’s hope the new model wasn’t responsible for the security of Anthropic’s company blog.”
The Model That “Poses Unprecedented Cybersecurity Risks”
The deepest irony is that the leaked model itself is described as having unprecedented cybersecurity capabilities. A model that can find and exploit software vulnerabilities at superhuman speed was exposed through a vulnerability that a junior security engineer could have prevented.
The draft blog post’s own language — warning about models that “exploit vulnerabilities in ways that far outpace the efforts of defenders” — became a self-referential commentary on Anthropic’s own security posture.
Market and Industry Impact
The leak’s consequences extended far beyond embarrassment for Anthropic.
Cybersecurity Stock Impact
The revelation that an AI model could outperform human cybersecurity experts caused immediate market reaction. CrowdStrike fell ~7%, Palo Alto Networks dropped ~6%, and Fortinet declined 4-6%. The IGV cybersecurity ETF also fell. This was the first time an AI model announcement directly moved cybersecurity stock prices.
Competitive Intelligence
The leak gave every competitor — OpenAI, Google, Meta, and smaller AI labs — detailed intelligence about Anthropic’s most advanced model. Performance claims, capability descriptions, and release strategy were all exposed. In a competitive industry where model capabilities are closely guarded secrets, this was a significant strategic disadvantage.
IPO Implications
The leak occurred on the same day that Bloomberg reported Anthropic’s IPO plans. Whether the leak helps or hurts the IPO narrative is debatable. On one hand, it demonstrated that Anthropic has genuinely breakthrough technology. On the other hand, it raised questions about the company’s operational security and governance — concerns that matter to institutional investors.
Anthropic’s Official Response
Anthropic’s response was measured and limited. The key statements from their spokesperson:
On the model: “We’re developing a general purpose model with meaningful advances in reasoning, coding, and cybersecurity.” They confirmed the model exists and is being tested.
On the leak: Attributed to “human error” in CMS configuration. No broader security review was announced publicly.
On release: “We consider this model a step change and the most capable we’ve built to date.” Emphasized being “deliberate” about release given capability strength.
On access: “We’re working with a small group of early access customers to test the model.” Confirmed restricted access focused on cybersecurity defense.
What the Leak Changed
The exposure of Capybara altered several dynamics in the AI industry.
Public Awareness
Before the leak, the Capybara tier was unknown outside Anthropic. After it, “Claude Capybara” and “Claude Mythos” became trending search terms. This pre-launch awareness is something Anthropic cannot undo — the model’s existence is now public knowledge regardless of their release timeline.
Safety Debate
The leak intensified debate about AI cybersecurity risks. Anthropic’s own internal assessment — that the model “poses unprecedented cybersecurity risks” — became public ammunition for both AI safety advocates (who argue for regulation) and AI accelerationists (who argue that capability advances are inevitable).
Release Pressure
With the model’s capabilities now public knowledge, Anthropic faces pressure to either release Capybara or explain why it remains restricted. Competitors can point to the leaked benchmarks and claim comparable progress. The controlled rollout strategy that Anthropic planned has been complicated by the loss of information asymmetry.
Questions About the Anthropic Capybara Leak
Was Anthropic hacked?
No. The leak resulted from a CMS misconfiguration — “human error” that left approximately 3,000 files publicly accessible. It was a configuration mistake, not a cyberattack.
Who discovered the leak?
Security researchers Roy Paz (LayerX Security) and Alexandre Pauwels (University of Cambridge) independently found the exposed data. Fortune was the first media outlet to report it.
What was in the leaked files?
Draft blog posts about Claude Mythos and the Capybara tier, internal documentation about model capabilities, and details about a planned CEO summit in Europe. The most consequential contents were specific performance claims and cybersecurity risk assessments.
Did the leak affect Anthropic’s stock?
Anthropic is privately held and has no stock. However, the leak crashed cybersecurity stocks: CrowdStrike fell ~7%, Palo Alto Networks ~6%, and Fortinet 4-6%. Anthropic’s planned IPO (potentially October 2026) could be affected by the incident.
Could this happen again?
Yes. Cloud storage misconfigurations are one of the most common causes of data exposure. Without a public statement about additional security measures, there is no way to know whether Anthropic has implemented changes beyond fixing the specific configuration error.
Did the leak help or hurt Anthropic?
Both. It demonstrated breakthrough technology that validates a $60B+ IPO valuation. But it also exposed internal risk assessments prematurely, gave competitors strategic intelligence, and undermined Anthropic’s safety-first brand with a basic security failure.