← AI Assistants
C

Claude

Notable issues
Anthropic · 🇺🇸 United States
PolicyApp PermissionsNetwork TrafficFirmwareRegulatory
Technical details
Manufacturer: Anthropic

The bottom line

Claude Desktop installed browser extensions without asking, ran code outside the sandbox, and modified other apps' files. A privacy consultant called it spyware. Anthropic also settled $1.5 billion for training on pirated books and switched training consent to default-on. Even the "responsible AI" company cuts corners when it suits them. Anthropic spent years telling investors and regulators it was the safety-conscious AI lab — the one that would pump the brakes before deploying something dangerous. Then it built a tool it admits is too dangerous to release publicly, capable of breaking into any major operating system on the planet. A 27-year-old OpenBSD bug. A 16-year-old FFmpeg flaw that automated tools had hit five million times without catching. Mythos found them all, and built working exploits. The model Anthropic calls too dangerous to release is the model Anthropic built.

Legal jurisdiction
🇺🇸 United States (headquarters)
CLOUD Act read more →
US govt can demand your data from this company even if stored overseas
FISA §702 / PRISM read more →
NSA collects stored emails, photos, messages without individual warrants
Geofence warrants read more →
Police can demand location data for everyone near a crime scene
Spying
0/4 N/A
Is someone spying on me?
Data Sharing
2/4 MODERATE
Who gets my data?
Security
3/4 HIGH
Is it actually secure?
Honesty
1/4 LOW
Can I trust what they say?
CONFIGURE High-risk areas that can be partially mitigated with settings changes.
7Contradictions
0Critical
3High
3Medium
12Sources
Findings by concern
Data Sharing 2/4 MODERATE 3 findings
⚫ mediumpolicy claims vs regulatory findings
Anthropic offers opt-out from training and its business tiers don't train on your data — genuinely better than the competition. But it's a US corporation backed by Google ($2B) and Amazon ($4B), subject to FISA 702, National Security Letters, and CLOUD Act requests. No transparency report exists. The best privacy policy in AI is still a promise from a company that hasn't told you how often it breaks that promise for governments.

What they claim: Claude respects privacy with training opt-out.

What we found: Free: may train (opt-out available). API/business: no training. US jurisdiction (FISA, NSLs). Backed by Google ($2B+), Amazon ($4B) -- PRISM participants. No transparency report on data requests.

⚫ mediumfirmware analysis vs policy claims
Anthropic collects less than OpenAI or Google — no voice, no location, no browsing history. But it's still a US company, backed by $2 billion from Google and $4 billion from Amazon — both PRISM participants. Your conversations go through US servers subject to FISA Section 702. Anthropic's investors have a financial interest in AI training data. The safest closed-source AI is still closed-source.

What they claim: Claude is the safety-focused, privacy-respecting alternative.

What we found: Less aggressive than ChatGPT (no memory, no file training changes). But US-hosted conversations subject to legal compulsion. Google/Amazon investor pressure could influence practices.

✔️ lowpolicy claims vs firmware analysis
Anthropic publishes more safety research than any competitor and offers a genuine opt-out for training. But it has never published a transparency report showing how many government requests it receives for user data, or how many it complied with. OpenAI publishes one. Google publishes one. The company that talks the most about responsible AI won't say how often governments ask to read your conversations.

What they claim: Claude provides transparent AI assistance.

What we found: Safety research published. Constitutional AI documented. But no transparency report on government requests. No data handling audit. Closed-source model.

Security 3/4 HIGH 3 findings
⚡ highmarketing claim vs regulatory finding
Anthropic spent years telling investors and regulators it was the safety-conscious AI lab — the one that would pump the brakes before deploying something dangerous. Then it built a tool it admits is too dangerous to release publicly, capable of breaking into any major operating system on the planet. A 27-year-old OpenBSD bug. A 16-year-old FFmpeg flaw that automated tools had hit five million times without catching. Mythos found them all, and built working exploits. The model Anthropic calls too dangerous to release is the model Anthropic built.

What they claim: Anthropic markets itself as a safety-first AI lab that won't deploy capabilities deemed too dangerous, and raised over $7.3 billion partly on the strength of that safety-first positioning.

What we found: Anthropic's own April 2026 announcement described Mythos as too dangerous to release publicly — yet Anthropic built and deployed it. The model autonomously finds and exploits zero-day vulnerabilities across every major OS and browser, succeeded on first exploit attempts in over 83% of cases, and chained Linux kernel bugs to achieve full machine control. The UK AI Safety Institute confirmed Mythos represents a step up in offensive capability over all prior frontier models.

⚡ highpolicy claim vs third party research
Anthropic told the world that Mythos — a model capable of breaking into any major operating system — was locked behind strict controls, accessible only to vetted partners. By the time that announcement finished loading, an unauthorised group was already inside. They got in through a contractor's shared account and a URL they guessed from an older data breach. The most dangerous AI hacking tool ever built was secured by the same single-point-of-failure that secures every leaked API key story.

What they claim: Anthropic said Mythos was being released only to a curated group of ~50 elite partner organisations under strict access controls to prevent bad actors getting hold of it.

What we found: On the same day Mythos was publicly announced (April 7 2026), an unauthorised group gained access through a contractor employee, shared API keys, and a URL pattern deduced from a prior data breach. They provided Bloomberg with screenshots and a live demonstration. Anthropic confirmed it was investigating a report claiming unauthorised access to Claude Mythos Preview through one of its third-party vendor environments. The breach required no sophisticated attack — only a contractor, a URL pattern, and a Day-One guess.

⚫ mediummarketing claim vs policy claim
Anthropic found thousands of critical flaws in every major operating system and browser. Then its partners were bound by confidentiality clauses that stopped them from telling anyone — including the companies whose software was at risk. For six weeks, Anthropic's inner circle sat on knowledge of live vulnerabilities while the rest of the world stayed exposed. A U.S. congressman had to publicly pressure Anthropic before it allowed partners to share what they'd found. Transparency, apparently, has terms and conditions.

What they claim: Anthropic presents itself as a transparent, mission-driven organisation committed to public safety and responsible disclosure of AI risks.

What we found: Under Project Glasswing, Anthropic's partner agreements originally included confidentiality protections that prevented partners from sharing vulnerability findings, threat intelligence, tools, code, and best practices outside the initial group — even with organisations exposed to those same vulnerabilities. Partners could not warn security teams at other companies, regulators, open-source maintainers, or the media. U.S. Representative Josh Gottheimer stated: No entity should be contractually restricted from warning others about urgent cyber risks. Anthropic only loosened these restrictions on May 19 2026 — six weeks after Mythos was announced — following political pressure.

Honesty 1/4 LOW 1 finding
⚡ highmarketing vs third party research
Claude Desktop installed browser extensions without asking, ran code outside the sandbox, and modified other apps' files. A privacy consultant called it spyware. Anthropic also settled $1.5 billion for training on pirated books and switched training consent to default-on. Even the "responsible AI" company cuts corners when it suits them.

What they claim: Anthropic promotes Claude as a safe, transparent AI assistant

What we found: In April 2026, Claude Desktop for macOS was found to install files affecting other vendors' applications without disclosure, authorise browser extensions without user consent, and run a binary bridge outside the browser sandbox at user privilege level. A privacy consultant called it "spyware" and a potential violation of European privacy law. Separately, Anthropic settled a $1.5 billion copyright lawsuit for training Claude on pirated books, and changed its training consent to default-on with a dark pattern interface.

Latest Risks & Threats
New developments that compound existing privacy concerns. 3 emerging risks.
RISK Mythos capabilities briefed to G20 financial regulators as systemic banking risk ⚠️ Financial_Infrastructure Announced 2026-05-18
Anthropic is briefing the Financial Stability Board — the G20 watchdog covering finance ministries and central banks from the US, UK, EU, Australia, Japan, China, and Saudi Arabia — on cybersecurity vulnerabilities Mythos has identified in the global financial system. The briefing was requested by Bank of England Governor Andrew Bailey (FSB chair), who named Mythos by name in an April 2026 speech as one of two events that elevated cyber risk faster than any other category in recent years. The IMF has separately warned that AI models could turn cyber risks into a macro-financial shock.
Sources
RISK US government fighting Anthropic plans to expand Glasswing access to 70 additional organisations ⚠️ Government Announced 2026-05-08
Anthropic is seeking to expand Project Glasswing participation by approximately 70 additional organisations. The Trump administration is reportedly fighting these expansion plans. Several federal agencies including the NSA and Commerce Department already have access; the Treasury Department is seeking it. The administration's resistance follows the US Defense Department's March 2026 designation of Anthropic as a supply chain risk. The wider sharing rule change (May 19 2026) — which now permits partners to share findings with regulators, media, and the public — adds further pressure on the controlled access model.
Sources
RISK Google $40B + Amazon $33B Infrastructure Lock-in 🤖 Ai Announced 2026-04-24
Anthropic is now financially dependent on two companies that DeviceGuardian grades F for privacy. Google is investing up to $40 billion and providing 5 gigawatts of cloud compute over 5 years. Amazon is investing up to $33 billion, and in return Anthropic has committed to spending $100 billion on AWS over the next decade. Combined, Google (~14%) and Amazon (~17%) own roughly 31% of Anthropic. Every Claude conversation runs on infrastructure controlled by companies with documented surveillance business models — Google tracks you across 90% of the web, Amazon records you in your home. No evidence of conversation data sharing today. But Anthropic literally cannot operate without them. When your two biggest shareholders are also your landlords, and they both run competing AI products, the pressure to compromise is structural, not hypothetical.
Compounds 2 existing findings
Anthropic offers opt-out from training and its business tiers don't train on you...Anthropic collects less than OpenAI or Google — no voice, no location, no browsi...
Sources
Sources