In federal court Anthropic admitted it cannot control or recall Claude once deployed, exposing a governance gap where vendors disclaim post-sale control and shifting liability questions toward pre-sale disclosure.
In federal appeals court, Anthropic made a striking argument: once Claude is deployed on a customer's infrastructure (like the Pentagon's network), they cannot alter, update, or recall it. The Pentagon wants autonomous lethal action restrictions removed — and Anthropic says they have no mechanism to enforce those restrictions post-deployment. This is the first time a major AI lab has formally stated under oath that post-deployment control is effectively zero. The implications are bigger than most coverage suggests. **The governance gap this reveals:** Current AI governance assumes a control chain that doesn't actually exist: - **Model cards are pre-sale documents.** They describe what the model was trained to do, not what it's capable of in the wild after fine-tuning, tool integration, and deployment context changes. - **Human-in-the-loop is a customer config, not a vendor guarantee.** Anthropic can recommend oversight, but they just told a court they can't enforce it. - **Liability frameworks assume control that doesn't exist post-shipment.** If you sell a car with a recall mechanism, you're liable for not using it. If you sell a model you can't recall, does that reduce your liability (you had no control) or increase your duty of disclosure before sale (you knew you'd have no control later)? **The behavioral envelope question:** If you can't recall the model, you need to disclose the maximum capability, not just the recommended use. Current model cards document aspirations. They don't document envelopes — what the model can actually produce under adversarial or edge conditions. This mirrors pharmaceutical regulation: if you can't pull a drug off shelves, the FDA requires much stronger pre-market evidence and broader contraindication labeling. The stricter the post-market control limitations, the higher the pre-market disclosure burden. **Why this matters even if you don't care about military AI:** The legal argument Anthropic is making applies everywhere. If "we can't control it after deployment" works for the Pentagon, it works for any enterprise customer. Every organization deploying Claude (or any model) is implicitly accepting residual risk that the vendor has explicitly said they cannot mitigate. The core question: if a vendor demonstrates in court that it truly cannot alter a deployed model, should that argument *reduce* its liability (it had no control) or *increase* its duty of disclosure before sale (it will have no control later)?
The US government has forced Anthropic to take down its Claude Fable and Mythos models after a narrow jailbreak was discovered, raising serious concerns about AI regulation and precedent.
Anthropic is in a dispute with the Trump administration over export controls on its Claude Fable 5 model, after the White House imposed restrictions due to jailbreaking concerns that Amazon CEO Andy Jassy raised with Treasury Secretary Scott Bessent. Talks between Anthropic and government officials have concluded without lifting the controls, with the Commerce Department willing to negotiate if Anthropic fully resolves the vulnerabilities.
Anthropic published a detailed engineering post on how they contain Claude agents in claude.ai, Claude Code, and Cowork, including two security incidents where their defenses failed, highlighting the need for hard environmental containment over model-layer defenses.
Anthropic's recent IPO filing and a safety paper advocating for pausing AI development expose the tension between commercial growth and safety commitments, raising questions about who holds the authority to slow or stop model training as the company goes public.
Amazon CEO Andy Jassy reportedly raised security concerns about Anthropic's Claude Fable 5 model with U.S. officials, leading to an export control ban on two Anthropic models.