What Anthropic is
Anthropic is an AI safety company that builds and deploys frontier large language models under the Claude brand. It occupies an unusual position in the AI landscape: it consistently produces models at or near the top of capability rankings while maintaining hard, public limits on how those models can be used — limits it has refused to remove even under direct government pressure, threats of contract termination, and a formal national-security designation.
The company's model lineup spans a tiered architecture. The Opus and Sonnet lines serve general commercial and developer use; Claude Code is a GA agentic coding product that has become a significant revenue driver; and the newer Fable/Mythos naming scheme introduces a two-tier access model where the most capable version of a model is withheld from general release pending safety review. Claude Science, announced in mid-2026, extends the agentic product strategy into life sciences and pharmaceutical research.
---
Model lineage and capability trajectory
Anthropic's public model history through this bundle runs from Claude 3 (multimodal, 200K context, Constitutional AI safety tuning) through the 3.5/3.7 Sonnet series — which introduced computer use and hybrid reasoning — to the Opus 4.x line and the Fable/Mythos generation.
Key inflection points:
- Claude 3.7 Sonnet (September 2025) was Anthropic's first hybrid reasoning model, combining near-instant and extended thinking modes in a single model, with a configurable "thinking budget" for developers. It launched alongside Claude Code in limited research preview.
- Claude Opus 4 / Sonnet 4 (September 2025) established the Opus 4 line with 72.5% on SWE-bench and 43.2% on Terminal-bench, making Claude Code generally available with GitHub Actions and IDE integrations.
- Claude Opus 4.5 (March 2026) added up to 65% token efficiency gains and deepened agentic capabilities, with integrations into Excel, Chrome, and desktop environments.
- Claude Opus 4.6 (March 2026) introduced a 1M-token context window in beta and topped Terminal-Bench 2.0, Humanity's Last Exam, GDPval-AA (by 144 Elo over GPT-5.2), and BrowseComp.
- Claude Opus 4.7 (May 2026) was the first model to ship Project Glasswing cybersecurity safeguards, explicitly positioned as a testbed for safety mechanisms before broader Mythos-class deployment.
- Claude Opus 4.8 (May 2026) added always-on adaptive reasoning across five effort levels, parallel subagent execution, and topped Artificial Analysis's Intelligence Index at launch (GDPval-AA 69%, HLE 46%).
- Claude Fable 5 / Mythos 5 (June 2026) represent the current frontier: Mythos 5 autonomously discovered thousands of high-severity vulnerabilities in popular operating systems and browsers during testing; Fable 5 is the general-access variant with hardcoded classifiers on sensitive domains, priced at $10/$50 per million tokens — roughly half the cost of the prior Mythos Preview.
---
The safety-governance architecture
Anthropic's safety posture is operationalized through several interlocking mechanisms:
Responsible Scaling Policy (RSP): A framework that gates model deployment on capability evaluations. Claude Mythos Preview was the first model for which Anthropic published a model card without commercial release — an explicit RSP-driven decision.
Constitutional AI: The training-time technique underlying Claude's refusal behaviors and value alignment.
Tiered access (Fable/Mythos): The Fable/Mythos split formalizes what was previously informal: the most capable model version is withheld from general release and made available only to vetted organizations under Project Glasswing, while a capability-constrained general-access version ships commercially.
Project Glasswing: A consortium of 150+ organizations across power, water, healthcare, communications, and hardware sectors in 15+ countries, funded with $100M in API credits, using Mythos-class models to proactively scan codebases for vulnerabilities. The initial cohort identified 10,000+ high- or critical-severity flaws. Anthropic frames this as a race against the clock: it warns that Mythos-class cyber capabilities will be widely available within 6–12 months.
Claude Security: A product using Opus 4.8 for automated codebase scanning and patch suggestions, released alongside Glasswing's expansion.
---
The regulatory confrontation
The most consequential story in this bundle is Anthropic's collision with the U.S. government over two usage restrictions: fully autonomous weapons and mass domestic surveillance of Americans.
The sequence:
1. February 2026: The Department of War demanded Anthropic accede to "any lawful use" of Claude and remove the two contested safeguards. Dario Amodei publicly refused, noting Claude was already extensively deployed across DoD and intelligence community systems for intelligence analysis, operational planning, and cyber operations.
2. March 2026: Secretary of War Pete Hegseth formally designated Anthropic a supply-chain risk under 10 USC 3252 — a designation previously applied only to foreign companies. OpenAI signed a contract allowing use "for all lawful purposes" (with carve-outs Altman later called rushed and renegotiated). A Trump Truth Social post threatened civil and criminal consequences against Anthropic.
3. March 2026: Separately, Claude integrated with Palantir's Maven Smart System was reported to have been used in U.S. military targeting in Iran, compressing a 12-hour targeting process to under one minute and helping select over 1,000 targets in the first 24 hours. A subsequent investigation found U.S. forces likely struck a school killing 170+ people, with stale target data potentially a contributing factor — the first known case of AI-enabled targeting at this scale with documented downstream harm.
4. June 2026: The Commerce Department issued an export control directive requiring Anthropic to disable Fable 5 and Mythos 5 for all foreign nationals after Amazon researchers demonstrated a jailbreak enabling exploit code generation. Anthropic complied while publicly disputing the standard applied, arguing that requiring perfect jailbreak resistance would halt all frontier model deployments industry-wide — noting that GPT-5.5 and other publicly available models could produce the same outputs.
5. July 1, 2026: Fable 5 access was restored globally after Anthropic deployed an improved classifier blocking the reported technique in over 99% of cases. Mythos 5 remains restricted to approved U.S. organizations. The episode set a precedent: the first government-mandated suspension of general public access to a frontier AI model.
---
Adversarial threats to the platform
Anthropic has faced two distinct categories of adversarial activity:
Distillation attacks: In February 2026, Anthropic publicly identified DeepSeek, Moonshot AI, and MiniMax as conducting coordinated large-scale distillation attacks — generating over 16 million exchanges through approximately 24,000 fraudulent accounts to extract Claude's most differentiated capabilities (agentic reasoning, tool use, coding, chain-of-thought). MiniMax alone accounted for over 13 million exchanges. Anthropic frames these as national security concerns because illicitly distilled models strip out safety safeguards.
AI-orchestrated cyberattacks: In November 2025, Anthropic detected and disrupted a sophisticated espionage campaign attributed with high confidence to a Chinese state-sponsored actor that used Claude Code as an autonomous agent against roughly 30 global targets across tech, finance, chemical manufacturing, and government sectors. Attackers jailbroke Claude Code by decomposing malicious tasks into seemingly innocent subtasks and falsely framing them as defensive security testing. Anthropic describes this as the first documented large-scale cyberattack executed without substantial human intervention. A subsequent analysis of 832 banned accounts found medium-or-higher-risk actors grew from 33% to 56% of the threat population over the study period, and that the MITRE ATT&CK framework lacks coverage for agentic orchestration behaviors.
---
Infrastructure and financial scale
Anthropic's compute footprint spans multiple hyperscalers and specialized providers:
- Amazon (primary): 10-year, $100B+ commitment; up to 5GW on Trainium2–4; nearly 1GW online by end of 2026; full Claude Platform available within AWS.
- Google/Broadcom: Multiple gigawatts of next-generation TPU capacity coming online from 2027.
- Microsoft/NVIDIA: $30B Azure compute commitment; up to 1GW of Grace Blackwell/Vera Rubin systems; Claude models available on Microsoft Foundry and across the Copilot family.
- SpaceX Colossus: Access to 300MW+ and 220,000+ NVIDIA GPUs; interest in orbital AI compute capacity.
Revenue trajectory: ~$9B ARR (end of 2025) → $14B ARR (Series G, February 2026) → $30B+ ARR (April 2026) → $47B ARR (Series H, May 2026). The Series G coincided with a confidential S-1 filing; the Series H was led by Altimeter, Dragoneer, Greenoaks, and Sequoia at a $965B post-money valuation.
---
Ecosystem and developer platform
Model Context Protocol (MCP): An open standard Anthropic released to replace fragmented per-source integrations with a universal protocol for connecting AI agents to external data sources. Early adopters include Block, Apollo, Zed, Replit, Codeium, and Sourcegraph; pre-built connectors cover GitHub, Slack, Google Drive, and Postgres.
Claude Code: The agentic coding product that became GA in September 2025 with GitHub Actions, VS Code, and JetBrains integrations. By February 2026 it accounted for an estimated 4% of all GitHub public commits worldwide and $2.5B+ in ARR. Claude Sonnet 5 is now its default model, with a 1M-token context window.
Claude Science: Announced June 2026 for pharmaceutical and biotech research workflows, positioned as the scientific-domain analog to Claude Code.
---
Where it's heading
The events in this bundle point toward several durable dynamics:
1. Tiered access as the new normal. The Fable/Mythos split — and the government's willingness to enforce it via export controls — suggests that the most capable frontier models will increasingly be gated behind government-mediated access tiers, with Anthropic and regulators co-determining who gets what.
2. Safety as a competitive and legal battleground. Anthropic's refusal to remove its two contested safeguards, its court challenge to the supply-chain designation, and its public attribution of distillation attacks all signal that safety policy is now a legal and geopolitical matter, not just a product decision.
3. Agentic products as the revenue engine. Claude Code's trajectory — from research preview to $2.5B ARR in under six months — and the launch of Claude Science suggest Anthropic is building a portfolio of domain-specific autonomous agents on top of its model infrastructure.
4. Infrastructure as a moat. The multi-hyperscaler compute commitments, combined with the SpaceX Colossus deal and interest in orbital compute, indicate Anthropic is treating training infrastructure as a strategic asset requiring diversification across providers and geographies.




