By Anthropic has confirmed the existence of a new, unreleased AI model after Fortune reported Thursday that roughly 3,000 unpublished assets from the company's content management system were publicly accessible to anyone with enough technical knowledge to query it. Among those assets: draft blog posts describing capabilities that, if accurate, place the model well above the current Opus lineup.
The company calls it "a step change." That's the on-record language. The question is whether the draft documents Fortune reviewed support that framing in detail -- and on that, the evidence is single-source.
How the leak happened
This wasn't a breach. No credentials were stolen, no production systems were compromised. Anthropic's CMS tool had a configuration error: assets were public by default unless explicitly set to private. Roy Paz, senior AI security researcher at LayerX Security, and Alexandre Pauwels, cybersecurity researcher at the University of Cambridge, independently located and reviewed the documents. Both found the same cache of roughly 3,000 unpublished materials: draft blog posts, images, PDFs, and internal documents.
Fortune contacted Anthropic on Thursday. The company secured the data store and removed public access the same day.
Anthropic's spokesperson attributed the exposure to "human error in the CMS configuration" and was clear that "these materials were early drafts of content considered for publication and did not involve our core infrastructure, AI systems, customer data, or security architecture."
That's a real distinction. A misconfigured content tool is a categorically different security problem from a compromised model API or training pipeline.
What Anthropic confirmed on record
Anthropic told Fortune: "We're developing a general purpose model with meaningful advances in reasoning, coding, and cybersecurity. Given the strength of its capabilities, we're being deliberate about how we release it. As is standard practice across the industry, we're working with a small group of early access customers to test the model. We consider this model a step change and the most capable we've built to date."
That's the confirmed floor. A new model exists. Early access customers are testing it. The company considers it their strongest yet. Anthropic did not confirm names, specific capabilities, or benchmark performance figures.
What the leaked drafts say (single-source)
Here's where the story gets technically interesting -- and where precision matters. According to Fortune's review of the leaked draft blog posts, the model has two designations: the product name "Claude Mythos," and a tier name called "Capybara." The draft describes Capybara as "a new name for a new tier of model: larger and more expensive than our Opus models -- which were, until now, our most powerful."
Anthropic has not confirmed either name on record.
The draft documents, as reported by Fortune, also contain significant claims about cybersecurity performance. The text reportedly describes Capybara as "currently far ahead of any other AI model in cyber capabilities" and states that it "presages an upcoming wave of models that can exploit vulnerabilities in ways that far outpace the efforts of defenders." The draft also reportedly compares Capybara favorably to Claude Opus 4.6 across coding, academic reasoning, and cybersecurity benchmarks, though no specific numbers appear in Fortune's reporting.
These come from early draft documents. Draft launch posts don't always survive editorial review, and capability language written for a product announcement often gets revised. The quotes are real; whether they reflect finalized, validated claims is unknown.
Why the cyber framing matters
If the draft language holds through to release, the deployment strategy will be notable. According to Fortune's reporting on the leaked materials, Anthropic planned to give early access specifically to organizations focused on cyber defense -- to give defenders a head start against what the draft called "the impending wave of AI-driven exploits" the model itself might enable.
That's an offensive capability framing paired with a defensive access strategy. It's a real policy choice with real implications for how powerful vulnerability-finding systems get deployed, and it's consistent with Anthropic's broader safety posture, at least directionally.
Anthropic's on-record statement tracks with this in broad strokes: "meaningful advances in... cybersecurity" and being "deliberate about how we release it." The specific offensive/defensive framing, though, comes entirely from the draft documents.
What this means for practitioners
For engineers tracking the Anthropic roadmap: a tier above Opus is confirmed, currently in limited early access. The company's own language suggests the capability gap is significant enough to warrant a slower rollout than typical model releases. Whether the specific cybersecurity benchmark claims in the leaked drafts hold up will depend on what methodology Anthropic publishes when the model ships publicly.
For security teams: the CMS misconfiguration itself is the more immediately instructive story. Anthropic's AI systems weren't touched. But draft launch materials -- including language about offensive AI capabilities -- were sitting in a publicly-queryable cache. Content tooling regularly sits outside the security perimeter that protects production infrastructure. That gap has real consequences.
The model story is compelling. The security story is the one most organizations can act on today.
Kai Nakamura covers AI for The Daily Vibe.
