Claude Code

Chat

Anthropic

Product overview

Name of Agent: Claude Code
Short description of agent: "Work with Claude directly in your terminal. Claude explores your codebase context, answers questions, and make changes" (link, archived)
Date of release: 24/02/2025 22/05/2025 (link, archived) for general release
Advertised use: coding agent
Monetisation/Usage price: 20, 100, higher rate limits 200,
Who is using it?: end user and enterprise customers for coding and prototyping
Category: Chat

Company & accountability

Developer: Anthropic
Name of legal entity: Anthropic, PBC (link, archived)
Place of legal incorporation: Delaware, USA
For profit company?: Yes (PBC)
Parent company?: Not applicable
Governance documents analysis: Claude Code page (link, archived), Customer TOS (link, archived), Usage Policy (link, archived)
AI safety/trust framework: Responsible Scaling Policy (link, archived)
Compliance with existing standards: HIPAA, SOC 2 SOC 2 Type I and II, ISO 27001:2022 ISO/IEC 42001:2023 FedRAMP High, UK Cyber Essentials. (link, archived)

Technical capabilities & system architecture

Model specifications: Any claude model, default depends on subscription tier. User can choose model as well. (source, archived)
Observation space: File system, bash commands, MCP
Action space: File system, bash commands, MCP
Memory architecture: Hierarchical md memory (link, archived)
User interface and interaction design: Chatbot in terminal
User roles: Operator (issues queries, which the agent to responds to); Executor (user may take actions/make decisions based on outputs); Examiner (user can use thumbs up/down buttons to give feedback)
Component accessibility: Closed source

Autonomy & control

Autonomy level and planning depth: L1-L4: in plan mode it is most like a simple chat bot. but with auto approve mode on, Claude Code can plan actions and take multiple steps (using different tolls) without user approval. it will ask for clarification as needed.
User approval requirements for different decision types: Yes, permission for running bash commands, editing files, or reading files outside of its initial directory source
Execution monitoring, traces, and transparency: Visible (albeit summarized) CoT with a list of to-dos being worked on
Emergency stop and shut down mechanisms and user control: User can pause/stop the agent at any time
Usage monitoring and statistics and patterns: User can see how much context is used

Ecosystem interaction

Identify to humans?: Anthropic’s stance on watermarking (link, archived): "While watermarking is most commonly applied to image outputs, which we do not currently provide, we continue to work across industry and academia to explore and stay abreast of technological developments in this area." Anthropic’s Usage Policy prohibits using Claude to impersonate a human (i.e., to convince someone they’re communicating with a natural person when they are not), implying Claude deployments must not hide AI identity in human interactions (link, archived)
Identifies technically?: Anthropic officially documents that Claude-related web activity is identifiable via specific User-Agent tokens: ClaudeBot, Claude-User, and Claude-SearchBot (link, archived) Anthropic states it does not currently publish fixed IP ranges for these bots/agents (they use service-provider public IPs), so IP-range identification is not available as an official signature mechanism (link, archived)
Interoperability standards and integrations: Anthropic defines Model Context Protocol (MCP) as an open standard that “standardizes how applications provide context to LLMs,” likened to a “USB-C port for AI applications.” [link]. Claude Code offers MCP support and works with open source plugins and skills.
Web conduct: - ClaudeBot, Claude-User, and Claude-SearchBot “respect ‘do not crawl’ signals by honoring industry standard directives in robots.txt” and “respect anti-circumvention technologies,” stating they do not attempt to bypass CAPTCHAs (link, archived) - Independent reporting and site-operator accounts, however, have documented periods of very heavy crawling and, at least in some cases, behavior that appeared to ignore site preferences until new robots.txt rules propagated. ((link, archived), (link, archived))

Safety, evaluation & impact

Technical guardrails and safety measures: "Model training: We use reinforcement learning to train Claude to recognize and refuse malicious instructions—even when they appear authoritative or urgent. Content classifiers: We scan all untrusted content entering Claude's context and flag potential injections before they can affect behavior. Granular permissions to give you control over what Claude can access and do. Site blocklists preventing Claude's access to certain types of high-risk websites. Action confirmations for certain high-risk actions such as purchasing." (link , archived)Claude Code uses a permission-based architecture and is read-only by default; higher-impact actions (e.g., editing files, executing commands) require explicit user approval (link, archived)
Sandboxing and containment approaches: filesystem, network, OS-level enforcement Sandboxed bash tool: Sandbox bash commands with filesystem and network isolation, reducing permission prompts while maintaining security. Enable with /sandbox to define boundaries where Claude Code can work autonomously Write access restriction: Claude Code can only write to the folder where it was started and its subfolders (source, archived)
What types of risks were evaluated?: Opus 4.5 system card (link, archived) contains section on agentic misuse
(Internal) safety evaluations and results: Opus 4.5 system card (link, archived) contains section on agentic misuse
Third-party testing, audits, and red-teaming: Opus 4.5 system card (link, archived), section 5.2.1 Gray Swan Agent Red Teaming benchmark for tool use
Benchmark performance and demonstrated capabilities: Refer to Opus 4.5 System Card (link, archived)
Bug bounty programmes and vulnerability disclosure: Yes (link, archived)
Any known incidents?: AI-orchestrated cyber espionage campaign (link, archived)
← Back to 2025 Index