Thousands of internal files tied to Anthropic’s website were briefly left exposed due to a configuration mistake in the company’s content management system. The files, ranging from draft blog posts to images and documents, could be accessed by anyone who knew how to request them. 

Cybersecurity researcher Alexandre Pauwels of the University of Cambridge reviewed the data and estimated that nearly 3,000 unpublished assets linked to the company’s blog were accessible in the cache. Many of them had never appeared on the company’s public news or research pages. 

The issue wasn’t a hack in the traditional sense. The system storing Anthropic’s website content could respond to external requests and return files if someone queried it correctly. Because certain assets were set to “public” by default, draft materials sitting in the system’s storage layer remained visible even though they were never meant to be published.

Once alerted, Anthropic quickly restricted access. A spokesperson told Fortune Magazine that the exposure resulted from “human error in the CMS configuration” and said the issue had no connection to the company’s AI models or internal infrastructure. 

“An issue with one of our external CMS tools led to draft content being accessible,” the spokesperson said. 

Subscribe for free to continue reading this article

Subscribe Subscribe

Already Have an Account? Log In