Exclusive: Anthropic’s Unreleased Model Details and Invite-Only CEO Retreat Found in Unsecured Data Trove, Marking a Significant Security Lapse

(SeaPRwire) –   AI firm Anthropic has accidentally disclosed details about an upcoming model launch, a private CEO gathering, and other internal materials—including images and PDFs—in what seems to be a major security breach.

This unreleased information was accessible through the company’s content management system (CMS), a tool Anthropic uses to post content to parts of its website.

In total, close to 3,000 assets tied to Anthropic’s blog—materials not previously published on the company’s public news or research sites—were still publicly accessible in this data cache, per Alexandre Pauwels, a cybersecurity researcher at the University of Cambridge who asked to assess and review the content.

After alerted Anthropic to the issue on Thursday, the company implemented measures to secure the data, rendering it no longer publicly available.

Before these steps were taken, Anthropic stored all its website content—including blog posts, images, and documents—in a central system that didn’t require a login to access. Any individual with technical expertise could send requests to this public system to retrieve details about the files it held.

Even though some of this content hadn’t been published on Anthropic’s website, the underlying system would still provide the stored digital assets to anyone who knew how to request them. This allowed direct access to unpublished materials like draft pages and internal assets.

The problem seems to originate from the functionality of Anthropic’s content management system (CMS). Every asset uploaded to the central data store—like logos, graphics, or research papers—was public by default unless specifically marked as private. Cybersecurity experts who analyzed the data told that Anthropic apparently failed to restrict access to certain non-public documents, leading to the large file cache being available in the company’s public data lake. Additionally, many of the company’s assets had public web addresses.

“A problem with one of our external CMS tools caused draft content to become accessible,” an Anthropic spokesperson told . The spokesperson blamed the issue on “human error in the CMS setup.”

Recently, there have been several high-profile instances of tech companies facing technical glitches and mishaps due to issues with AI-generated code or AI agents. However, Anthropic—maker of the popular Claude AI models and a company that has highlighted its use of Claude-based AI coding agents to automate much of its internal software development—stated that AI was not responsible here.

The CMS issue was “unrelated to Claude, Cowork, or any Anthropic AI tools,” the spokesperson added.

The company also tried to minimize the importance of the unsecured material: “These were early drafts of content being considered for publication and did not touch our core infrastructure, AI systems, customer data, or security framework,” the spokesperson explained.

Although most of the documents seem to be discarded or unused assets from previous blog posts—such as images, banners, and logos—some of the data contained sensitive details.

The documents included details of upcoming product announcements, such as information about an unreleased AI model that Anthropic described in the files as its most capable trained model to date.

When contacted by , the company confirmed it is developing and testing a new model with early access customers—one that it called a “step change” in AI capabilities, with notably improved performance in “reasoning, coding, and cybersecurity” compared to its previous models.

The publicly accessible data also contained details about an upcoming, invite-only retreat for CEOs of major European companies in the U.K., which Anthropic CEO Dario Amodei plans to attend. An Anthropic spokesperson noted the retreat was “part of an ongoing series of events we’ve hosted over the past year” and that the company is “developing a general-purpose model with meaningful improvements in reasoning, coding, and cybersecurity.”

The documents also included images seemingly intended for internal use, such as one with a title referencing an employee’s “parental leave.”

This isn’t the first instance of a tech company accidentally exposing internal or pre-release assets by making them publicly available prior to official announcements.

Apple has had two such leaks via its website: once in 2018, when upcoming iPhone names appeared in a publicly accessible sitemap file hours before launch, and again in late 2025, when a developer found that Apple had released its redesigned App Store with active debugging files, allowing anyone with a browser to read the site’s full internal code.

Gaming companies like Epic Games and Nintendo have also had pre-release images, in-game assets, and other media leak via content delivery network (CDN) systems or staging servers—similar to the data lake Anthropic used here. Even bigger companies like Google have accidentally made internal documentation available at public URLs, and Tesla vehicle-related data has been exposed through misconfigured third-party servers.

That said, the issue is likely made worse by AI coding tools now widely available on the market—including Anthropic’s own Claude Code.

These tools can automate the crawling, pattern detection, and correlation of publicly accessible assets, making it much simpler to find such content and reduce the effort required to do so. AI tools like Claude Code or Codex can also create scripts or queries that scan entire datasets, quickly spotting patterns or file naming rules that a human might overlook.