The Capybara Leak: How Internal Anthropic Documents Exposed Mythos Preview

Key Points

• In late March 2026, an Anthropic CMS misconfiguration made ~3,000 internal assets publicly accessible
• The documents referenced internal codenames "Mythos" and "Capybara" for an unreleased AI model
• Draft materials described a "step-change" in AI capability, positioning the model above the Claude Opus line
• The leak preceded the official announcement by roughly 10 days
• Anthropic remediated the misconfiguration after it was reported by security researchers

The March 2026 Incident

Before Anthropic officially announced Claude Mythos Preview on April 7, the AI community was already buzzing with speculation. The reason: a content management system misconfiguration that exposed approximately 3,000 unpublished internal documents to the public internet.

The assets were not protected by authentication. Researchers discovered them by browsing Anthropic's public-facing CMS infrastructure — no hacking, no exploitation, just a misconfigured access control that left draft documents publicly accessible.

What the Documents Revealed

The leaked materials included draft blog posts, internal memos, and technical documents that painted a picture of a model far more capable than anything Anthropic had publicly released:

• The "Capybara" tier: Internal documents described a new model tier above the established Opus line, using the codename "Capybara." This suggested a generational leap rather than incremental improvement.

• Cybersecurity concerns: Several documents explicitly warned that the model's ability to identify and exploit vulnerabilities could "outpace current defenses" if broadly available. This foreshadowed the restricted-access approach announced with Project Glasswing.

• Benchmark previews: Draft performance data showed scores significantly above Claude Opus 4.6 across SWE-bench, mathematical reasoning, and cybersecurity benchmarks.

• Internal debate: Some documents hinted at internal disagreement about whether to release the model publicly, with safety teams advocating for restricted access.

How It Was Discovered

The discovery was reportedly straightforward. Security researchers who routinely monitor major AI company infrastructure noticed the misconfigured CMS. The documents were accessible via standard web requests — no credentials required, no sophisticated techniques needed.

The irony was not lost on observers: a company developing the world's most advanced cybersecurity AI model had a basic web security lapse in its own content management system.

Anthropic's Response

After the misconfiguration was reported, Anthropic took the documents offline and acknowledged the incident. The company did not issue a detailed public statement about the leak itself but proceeded with the official announcement approximately 10 days later.

Some observers speculated that the leak accelerated Anthropic's timeline for the official announcement. Whether this is true remains unconfirmed.

Significance

The Capybara leak is significant for several reasons:

1. It gave the public advance notice of a major AI development, allowing independent analysis before Anthropic could control the narrative
2. It revealed internal safety debates that might not have been publicly disclosed otherwise
3. It highlighted the gap between AI security capabilities and basic information security practices
4. It set the stage for the more serious unauthorized access reports that emerged weeks later

For a complete chronology, see our timeline.