Anthropic to a Federal Court: We Cannot Control Claude Once It’s Deployed
A federal court filing surfaced this week has Anthropic stating, on the record, that the company has no technical ability to control Claude 4 after it has been deployed to customer infrastructure. The framing matters. It is not a marketing position. It is a sworn legal posture, and it shifts the responsibility map for AI deployment in a way enterprise counsel has been waiting two years to see formally written down. If the model is the firearm, the deployer is the operator — that is the doctrine the filing pushes toward. The downstream implication for indemnification clauses, SOC 2 carve-outs, and AI-specific E&O policies is going to be the busiest contract-redline conversation Anthropic’s legal partners will have all month.
The harder read: this is also the lab signaling that “model behavior is the user’s problem once the API key is provisioned” is the hill they will defend. That posture is consistent with the Acceptable Use Policy and the Responsible Scaling Policy, but it is structurally different from what plaintiffs in product-liability cases will want to hear, and it is the opposite of what some sovereign supervisors are asking for around Mythos. Watch for the same language to appear in the next round of enterprise master service agreements, and watch for the EU AI Act enforcement trajectory to use this filing as evidence in either direction. The map didn’t just move — it got drawn for the first time.
UK Mythos Rollout Still No Date — BoE and UK Finance Operational Resilience Group Met This Week
Ten days after Reuters reported the UK Mythos rollout would land “within days,” there is still no timeline. What did happen this week: the Bank of England and UK Finance’s cross-market operational resilience group convened to discuss Mythos and broader AI cyber risk, and the working communique committed firms to use AI “to strengthen cyber defence.” Technology Minister Liz Kendall and Security Minister Dan Jarvis went on the record warning that frontier-AI cyber capability is accelerating faster than the threat models the public sector was working against last quarter. The UK AI Security Institute’s own evaluation, published earlier in the week, said Mythos can exploit vulnerabilities that would take human professionals “days of work.”
The framing this weekend is consistent across G7 supervisors: nobody is committing to dates, everybody is convening, and the institutional posture is that frontier-AI cyber risk now belongs on quarterly review cycles rather than annual ones. The UK government remains the only non-US state to have had AISI access to a Mythos preview. India’s RBI is comparing notes with peer central banks. Germany’s Bundesbank chief is still arguing publicly for universal access. The Mythos negotiation is the most consequential regulator-by-regulator AI policy process since the EU AI Act — and it continues to play out in slow motion in public.
Music Publishers Brief — Anthropic Asks the Court to Find Lyric Training Transformative
Anthropic filed a brief Monday in the Universal Music Group / publishers lawsuit arguing the publishers cannot “meaningfully dispute that training on lyrics (and other copyrighted text) is transformative,” and asking the court to wrap the case on summary judgment. The legal posture is consistent with the Bartz authors-class settlement that closed last fall and with the June 2025 Northern District of California fair-use ruling that found training on copyrighted text fair use in principle while leaving piracy claims open. UMG’s read is the opposite: that lyrics are a uniquely creative-economy artifact and that the fair-use argument that worked for books shouldn’t carry over.
What to watch: the final approval hearing in Bartz happened earlier this month with the $1.5B settlement on track for sign-off; that case’s structure (training fair use, piracy not) is the template Anthropic is extending into music. If the publishers can’t differentiate lyrics from books in a way the court accepts, the music-industry plaintiff bar loses leverage on every other AI training case in the queue. If they can, the cost of training data goes up across the entire frontier lab cohort. The brief is the opening move in the case that decides which way it goes.
Claude Code 2.1.120 — Eight Regressions, Auto-Rollback to 2.1.119 Overnight
The 2.1.120 release that shipped over the weekend went sideways fast. The headline regression is a JavaScript runtime crash on claude --resume and claude --continue: the REPL component throws “g9H is not a function” (or UKH, depending on minified-symbol drift) on session restore, and the workaround is to start a new session and run /resume from the REPL. Beyond that one, the survival checklist that landed on GitHub Friday names eight separate regressions across 2.1.119 and 2.1.120: a sandbox-required false alarm even with sandbox.enabled=false, an Antigravity spawn failure that exits the bundled binary with code 1, a silent model swap, a UI-duplication bug, a WSL2 freeze, an auto-update break, and the resume crashes. The status page acknowledged the issue at 02:35 UTC Saturday. Anthropic has since rolled the auto-update channel back to 2.1.119; users on 2.1.120 can manually run claude install 2.1.119 if they don’t want to wait for the next check.
The trust read on Saturday is more interesting than the bug list. Forty-eight hours after the postmortem that named the three changes behind the monthlong Claude Code decline, the next release ships with eight regressions. Some of those are the cost of moving fast on a CLI that’s now installed in every Fortune 500 dev environment; the rest belong in the “why didn’t the canary catch this” column. The practical takeaway for teams: pin 2.1.117 until the next clean release if you cannot tolerate weekend rollback drama, and keep an eye on the Claude Code GitHub issue tracker rather than the marketing channels — that’s where the real signal lives now.
Rate Limits API Lands — Programmatic Queries for Org and Workspace Limits
The Claude Developer Platform shipped the Rate Limits API on Saturday. The endpoint lets administrators pull the configured rate limits for an organization or for any of its workspaces directly via the API rather than reading them out of the console. For finops and platform teams running Claude across many workspaces — an increasingly common pattern as Enterprise self-serve and Cowork roll out — this is the kind of foundational telemetry that turns “why did this team get throttled this morning” from a Slack archaeology project into a one-line script. It also makes capacity-planning automation possible for the first time without scraping the dashboard.
What it doesn’t do, yet: programmatically modify those limits. Reads first, writes later is the standard Anthropic API pattern, and a write-side companion is the obvious follow-up the request-budgeting community will be asking for inside a quarter. The other thing to watch: how this API plays with the Enterprise Analytics API that’s been live for several weeks now. Together they form the building blocks of an internal “Claude observability” layer that until now has been the province of vendor middleware.
Pinning Claude Code: The 2.1.117 Strategy for Production Teams
If your team is running Claude Code in CI or as part of an agent workload, the lesson of this weekend is that auto-update is a liability. The pattern that worked through the March 4 / March 26 / April 16 window and is now working through the 2.1.120 episode is: pin a known-good version, watch the GitHub issue tracker for two days after each minor release, and only roll forward when there’s a clean week of no new regressions filed. The community-maintained “survival checklist” gist that surfaced Friday is currently the best single source for which versions are stable and which to skip. 2.1.117 is the consensus “safe” pin as of this morning.
Operationally: set DISABLE_UPDATES=1 in your shell profile for Claude Code, ship the version pin in your dotfiles, and run a weekly “is the new release safe yet” check rather than letting auto-update decide. The Bedrock and Vertex paths continue to be the most resilient surfaces for teams that need uptime over latest-features. None of this is news to platform engineers who lived through the npm semver wars; what’s newer is treating an AI agent CLI with the same supply-chain discipline as a runtime dependency.
$800B Valuation Chatter, October IPO Window — What Last Week’s Capital Stack Implies
Stack the week. Amazon’s $5B-immediate-plus-$20B-on-milestones add-on Monday. Google’s $10B-immediate-plus-$30B-on-milestones tranche Friday. The $100B AWS commitment and the 3.5GW Broadcom/Alphabet TPU expansion sitting underneath both. Reporting through the weekend has secondary venture markets pricing Anthropic at up to $800B — double the $380B Series G mark from February — and tracking an October IPO window with a target raise of more than $60B, which would make it the second-largest U.S. IPO ever after SpaceX. The annualized revenue base behind that pricing is north of $30B, with enterprise accounts spending $1M-plus annually having doubled in two months and eight of the Fortune 10 named as customers.
The structural read: the cap table is now built to absorb a public listing without a single hyperscaler holding majority influence. Three-silicon supply hedge, three anchor investors, ARR scale that has pulled ahead of OpenAI for the first time, and a regulator-by-regulator process that looks slow from the outside but is producing the right kind of relationships for a public company that needs to keep operating in the EU, UK, and Asia. The thing that would still give a public-market diligence team pause is the consumer-trust posture (Pro-pricing wobble, Claude Code regression weekend) and the legal exposure surface from this week’s “cannot control Claude once deployed” filing. Both are durable but neither is a deal-breaker. October is plausible.
StackAdapt MCP Server, Zoom Meeting Intelligence — Vertical Connectors Keep Filling In
Two ecosystem moves worth flagging this weekend. StackAdapt brought its campaign-intelligence MCP server to general availability this week, putting programmatic ad-platform telemetry inside Claude Cowork and Claude Code workflows for the marketing-ops cohort. Zoom shipped meeting-intelligence integration into Claude that lets agents act on transcript summaries, action-item extraction, and call analytics from a Cowork session directly — the kind of integration that until last quarter would have required a custom RAG pipeline and a Zoom developer account.
Both fit the pattern from yesterday’s consumer connector launch: vertical apps shipping first-party MCP servers because being inside Claude is now the most productive distribution surface for an SMB product to win at. The 200+ connector directory is a count, but the more useful metric is how often two connectors get used together in the same Cowork session — the multi-connector composite is where the agent actually does useful work, not the single-app round-trip. Watch for the next vertical to break through: legal research, healthcare scheduling, or supply-chain procurement are the three categories where the “agent that actually does my job” thesis has the clearest fit and where Anthropic has not yet picked winners.
Opus 4.7 Holds SWE-Bench Verified at 87.6% — The 6.8-Point Gain Over Opus 4.6 Is the Story
Ten days after launch, Opus 4.7 still leads SWE-Bench Verified at 87.6%, with GPT-5.3-Codex at 85.0% in the #2 slot, Gemini 3.1 Pro at 80.6%, the open-weight MiniMax M2.5 at 80.2%, GPT-5.2 at 80.0%, and Sonnet 4.6 hanging in at 79.6%. SWE-Bench Pro, the harder evaluation, has Opus 4.7 at 64.3% — the highest published number on Pro to date. The 6.8-point Verified gain over Opus 4.6 is the tell: not a marginal upgrade, an actual generation step on the metric that decides where coding workloads route.
The cost-quality angle is what platform teams will care about more. Sonnet 4.6 at 79.6% on Verified is one-fifth the price of Opus 4.7 and within striking distance of every non-frontier-tier competitor; that’s the model that wins on routing weight when the task fits inside its envelope. Salesforce’s decision Friday to bundle Sonnet 4.5 (not Opus 4.7) into every Developer Edition org as the default coding model is the practical read of the same trade-off — the mid-tier reliability is what production wants. Opus 4.7 is the “hardest jobs only” tier, and that’s how it should be priced on internal cost models.
The “Cannot Control” Filing Is the Most Important Document of the Week
Take the week in aggregate and the cap-table-and-compute story dominated the headlines, but the document that will matter most a year from now is the federal court filing in which Anthropic stated, on the record, that it has no technical ability to control Claude 4 once deployed. That sentence reorganizes the AI liability conversation. Until this week, the implicit contract between a frontier lab and an enterprise deployer was “the model is yours to use, but the lab will help you keep it safe.” The filing changes that to “the model is yours, full stop — safety is your problem on your infra.” That posture is intellectually defensible and economically rational from the lab side. It is also exactly the language plaintiffs in product-liability cases will want to read into evidence, and exactly the language regulators in jurisdictions that don’t love the U.S. fair-use ruling will want to use to write tighter mandates.
Put it next to the Claude Code regression weekend and the picture clarifies. The lab is moving fast on the developer surface. The lab is also drawing a sharper legal perimeter around what it owns and what the deployer owns. Neither of those is bad strategy in isolation. Together they are the operational signature of a company preparing to be a public company — one that has decided which risks are existential (loss of frontier-model lead, sovereign regulatory shutdown) and which risks are manageable line items (one bad release, one piracy settlement, one liability framework that puts the deployer on the hook). The thing to watch for May is whether the next round of enterprise master service agreements references the “cannot control once deployed” language explicitly or whether Anthropic walks it back through clarifying briefs. The first version is the public posture. The second version is the contract you sign.