Anthropic: agents, security, and legal friction

Anthropic is trying to sell companies an easier way to put artificial intelligence agents to work at the exact moment it is telling the world one of its own research models is too dangerous to release. On April 9, Anthropic published a post describing “Managed Agents,” a hosted Claude service for long-running tasks that is meant to spare developers from constantly rebuilding the scaffolding around newer models. (anthropic.com) An artificial intelligence agent is basically a model with hands: it does not just answer a question, it clicks, reads, retries, and keeps going across many steps. Anthropic says older agent setups break as models improve, so Managed Agents keeps the interface stable while Anthropic swaps out the underlying harnesses behind the scenes. (anthropic.com) That product push lands in the middle of a very different Anthropic story: a cyber model called Claude Mythos Preview that the company says it will not release publicly. Multiple reports on April 8 said Anthropic concluded the model could make catastrophic hacking easier, so access is being kept limited instead of opened like a normal model launch. (bankinfosecurity.com) (pcgamer.com) The reason that claim got attention is simple: software vulnerabilities are hidden cracks in code that let an attacker slip through a locked door. Reports on Mythos said the model found thousands of vulnerabilities across major operating systems, major web browsers, and other widely used software, which is why Anthropic framed it as a security tool and a misuse risk at the same time. (pcgamer.com) (venturebeat.com) Anthropic’s public posture has been moving in that direction for months. On February 24, the company published Responsible Scaling Policy version 3.0, which lays out capability thresholds and says some systems may need tighter controls or restricted deployment if they cross dangerous lines. (anthropic.com) So the company now has two Anthropic stories running in parallel. One is “we can make agents easier to deploy for normal business work,” and the other is “we built a model strong enough in cyber work that we are keeping it behind glass.” (anthropic.com) (venturebeat.com) Then there is the legal fight. On April 8, the United States Court of Appeals for the District of Columbia Circuit refused Anthropic’s request to pause a Pentagon designation that labels the company a supply-chain risk, leaving that label in place for now. (politico.com) (cnbc.com) That label is not just symbolic. Politico reported the designation blocks Pentagon contractors from using Anthropic models on Department of Defense contracts, even while a separate California case has limited parts of a broader federal ban. (politico.com) (bloomberg.com) (cnbc.com) Anthropic’s own newsroom shows how much of 2026 has already been pulled into security and government issues. In late February and early March, the company posted a string of statements about the Department of War dispute, and on March 6 it announced a security partnership with Mozilla focused on improving Firefox. (anthropic.com 1) (anthropic.com 2) Put together, the picture is unusual even for an artificial intelligence company in 2026. Anthropic is asking customers to trust it with more autonomous software, arguing that some of its most capable cyber research cannot safely be released, and fighting a live court battle over whether the Pentagon can treat its products as a national-security supply-chain problem. (anthropic.com) (bankinfosecurity.com) (politico.com)