There is a game being played in AI right now, and Anthropic is winning it. The company has positioned itself — with considerable skill — as the responsible adult in a room full of reckless builders. "Safety first" is not just a value at Anthropic. It is a brand strategy, a fundraising argument, and increasingly, a political shield. And it is working.
But a growing number of researchers are starting to ask whether the safety label is being earned or simply asserted. That question matters more than it might seem — because if "safety" becomes a marketing category rather than a technical standard, the whole field loses something it badly needs: a way to tell the difference.
What Is Anthropic Actually Claiming?
Anthropic was founded in 2021 by Dario Amodei, Daniela Amodei, and several former OpenAI researchers who left, they said, over disagreements about safety practices. The company built its public identity around Constitutional AI, interpretability research, and a stated commitment to deploying models responsibly. Its flagship model, Claude, is routinely described — including by Anthropic itself — as safer and more honest than competitors.
The company's messaging is consistent and disciplined. In funding rounds, in congressional testimony, in published research, the throughline is the same: we are different because we take safety seriously.
Anthropic has raised over $7.3 billion in funding as of early 2025, with major investments from Google and Amazon, according to Crunchbase data. That is an extraordinary vote of confidence, and the safety-first identity is central to why large institutions — including governments worried about AI risk — have been willing to write those checks.
That identity also shapes policy conversations. Anthropic has been among the most active AI companies in Washington, and its safety framing gives its representatives credibility in rooms where OpenAI and Google are viewed with more suspicion. You can debate whether that credibility is deserved. What is harder to debate is that the positioning has been strategically effective.
Where the Skepticism Is Coming From
Dr. Heidy Khlaaf, chief AI scientist at the AI Now Institute and a former OpenAI safety engineer, is among those raising pointed questions. In commentary cited by the AI Now Institute, Khlaaf noted that when Anthropic announces safety-related research tools, the company often provides no comparison with existing automated security tools, and no false-positive rates — standard metrics any serious security researcher would expect.
Her sharper observation, though, is about the structure of Anthropic's safety claims themselves. As Khlaaf put it, the "safety first" image allows Anthropic to justify the lack of public release — even a limited release for independent evaluation — as a public service. In practice, she argues, this obscures experts' ability to independently validate the company's findings. The safety framing, in other words, does double duty: it generates positive press and simultaneously provides cover for opacity.
That is a serious charge, and it deserves to be taken seriously. It is also worth noting that Khlaaf is not a fringe critic. She has worked inside these organizations and understands what genuine safety evaluation looks like. When someone with that background says "I cannot verify this," the default response should not be to trust the press release.
This is not unique to Anthropic. It is a pattern across the industry. But Anthropic is the company most explicitly trading on a safety identity, which makes the scrutiny more pointed.
The Verification Problem
The deeper issue here is structural. AI safety is genuinely hard to measure. Unlike a bridge or a drug, a large language model does not have a simple failure mode you can test for and then report with a confidence interval. Harm is contextual, emergent, and often only visible in deployment at scale. This creates a real challenge for anyone trying to evaluate safety claims independently.
But "it's hard to measure" is not the same as "measurement is impossible." Red-teaming exists. Independent auditing exists. Third-party evaluations have been conducted. The question is whether a company claiming safety leadership is actively facilitating that kind of scrutiny — or whether it is publishing selective findings and calling that transparency.
According to a 2024 survey by the Center for AI Safety, fewer than 30% of major AI labs had submitted their frontier models to any form of independent third-party safety evaluation before public release. That figure is worth sitting with for a moment. The industry routinely talks about safety while structurally resisting the kind of external verification that would make safety claims falsifiable.
Anthropic's Constitutional AI research is published and peer-reviewed, which is genuinely better than nothing. Its Responsible Scaling Policy commits the company to evaluation thresholds before deploying more capable models. These are real artifacts, not pure marketing. But publishing a policy and actually being constrained by it are different things, and there is currently no independent mechanism to know whether one implies the other.
How the Branding Works (and Why It's So Effective)
To understand why Anthropic's safety positioning is so effective, it helps to understand what it is competing against. OpenAI has had a turbulent few years — the board drama, the rapid deployment of GPT-4, the departure of safety-focused researchers, and Sam Altman's public persona, which reads as more salesman than scientist. Google DeepMind carries the weight of a corporate parent that is fundamentally an advertising business. Meta has gone in the opposite direction, releasing models openly and arguing that open-source is itself a safety strategy.
Into this landscape, Anthropic walks with a simple message: we are the ones who actually worry about this. That message lands because the alternatives are visibly chaotic or credibly compromised. The safety brand is compelling in part because of what it implicitly is not.
There is also a narrative logic at work. Anthropic's founding story — researchers leaving a competitor over safety concerns — is a clean, compelling myth. It functions the way founding myths usually function: it explains why this organization exists and what makes it different, and it sets expectations that subsequent behavior then has to live up to. Whether or not Anthropic fully lives up to those expectations is almost secondary to how effectively the story travels.
Effective branding is not the same as dishonesty. Anthropic may well be safer than its competitors in meaningful ways. The problem is that "safer than competitors who are also not verifiably safe" is a low bar that sounds like a high one.
What Independent Experts Are Watching
Researchers paying close attention to this space are tracking a few things in particular.
Interpretability progress. Anthropic has done some of the most interesting published work on understanding what is actually happening inside neural networks — the "mechanistic interpretability" line of research. If that work matures into tools that let external researchers genuinely audit model behavior, it would substantially close the verification gap. Right now it is promising but not yet practically useful for safety auditing.
The Responsible Scaling Policy in practice. Anthropic committed to pausing or limiting deployment if models hit certain capability thresholds without adequate safety evaluations. The next year or two will reveal whether that commitment holds when it is commercially costly to honor it. Policies that cost nothing to make cost everything to keep.
Third-party audits. If Anthropic begins proactively facilitating rigorous external evaluation — not just sharing selected research, but opening models to independent red-teaming with published results — that would represent a meaningful shift. So far, according to publicly available information, that has not happened in any systematic way.
The regulatory environment. As AI-specific regulation develops in the EU and, more slowly, in the US, companies will face increasing pressure to substantiate safety claims rather than just assert them. Anthropic's current positioning assumes that the word "safety" carries weight on its own. That assumption may not hold as oversight frameworks mature.
A Comparison of How Major Labs Present Safety
| Company | Public Safety Commitments | Independent Audit Access | Published Red-Team Results | Third-Party Evaluations |
|---|---|---|---|---|
| Anthropic | Constitutional AI, Responsible Scaling Policy | Limited | Selective | Partial (METR, US AISI) |
| OpenAI | Preparedness Framework | Limited | Some (GPT-4 card) | Partial |
| Google DeepMind | Frontier Safety Framework | Limited | Some | Partial |
| Meta AI | Open-source as safety strategy | Model weights public | Minimal formal red-teaming | Community-driven |
| Mistral | Minimal formal commitments | Model weights public | Minimal | Minimal |
The honest read of this table is that nobody is doing this well yet. Anthropic's position is arguably stronger than most — but the entire field is operating with much less external accountability than the public conversation might suggest.
What This Means If You're Building on These Models
If your organization is integrating AI systems — building products on top of Claude or any other foundation model — the safety claims of the underlying model are not your safety claim. That distinction matters.
When a vendor says "our model is safe," they are telling you something about how they designed and tested it under their conditions. They are not telling you how it will behave in your application, with your user base, on your edge cases. The safety certification of a component is not a safety certification of the thing you build with it.
In my view, the organizations getting this right are doing a few things: they are maintaining their own red-teaming processes on top of whatever the model provider offers, they are treating vendor safety documentation as a starting point rather than a conclusion, and they are building monitoring and feedback mechanisms that surface failures in their specific deployment context.
The Anthropic brand may genuinely make Claude a safer starting point than some alternatives. But no brand transfers accountability.
The Larger Question
What I keep coming back to is this: what would it actually look like if an AI company was doing safety right? Not in the sense of messaging or policy documents — but in the sense of actually doing the work and submitting it to external scrutiny?
It would probably look like something the industry has mostly been reluctant to do: inviting critics in, publishing failures alongside successes, and accepting that independent validation might sometimes contradict your own findings. It would look less like PR and more like how pharmaceutical companies are required to operate — with pre-registration of studies, mandatory disclosure of negative results, and third-party review before deployment.
We are nowhere near that standard for AI. Anthropic is better than many at gesturing toward it. But gesture and practice are different things, and the gap between them is where accountability actually lives.
The question is not whether Anthropic is spinning. Most institutions spin. The question is whether the substance underneath the spin is solid enough to bear the weight of the claims being made on top of it. Right now, we genuinely do not know, because we have not been given the tools to find out.
That, to me, is the issue worth watching.
Related Reading
- How AI Companies Shape Public Perception of Risk — an analysis of narrative strategy across the major labs
- What AI Governance Actually Requires — breaking down what meaningful oversight looks like beyond policy documents
Last updated: 2026-04-18
Jared Clark
Founder, Prepare for AI
Jared Clark is the founder of Prepare for AI, a thought leadership platform exploring how AI transforms institutions, work, and society.