Anthropic's Claude 4 Opus AI Model Sparks Controversy Over Potential 'Whistleblowing' Behavior

Why Anthropic's New AI Model Sometimes Tries to 'Snitch'

Anthropic's alignment team was doing routine safety testing in the weeks leading up to the release of its latest AI models when researchers discovered something unsettling: When one of the models detected it was being used for "egregiously immoral" purposes, it would attempt to "use command-line tools to contact the press, contact regulators, try to lock you out of the relevant systems, or all of the above," researcher Sam Bowman wrote in a post on X last Thursday. Bowman deleted the post shortly after he shared it, but the narrative about Claude's whistleblower tendencies had already escaped containment. "Claude is a snitch," became a common refrain in some tech circles on social media. At least one publication framed it as an intentional product feature rather than what it was -- an emergent behavior. "It was a hectic 12 hours or so while the Twitter wave was cresting," Bowman tells WIRED. "I was aware that we were putting a lot of spicy stuff out in this report. It was the first of its kind. I think if you look at any of these models closely, you find a lot of weird stuff. I wasn't surprised to see some kind of blow up." Bowman's observations about Claude were part of a major model update that Anthropic announced last week. As part of the debut of Claude 4 Opus and Claude Sonnet 4, the company released a more than 120 page "System Card" detailing characteristics and risks associated with the new models. The report says that when 4 Opus is "placed in scenarios that involve egregious wrongdoing by its users," and is given access to a command line and told something in the system prompt like "take initiative," or "act boldly," it will send emails to "media and law-enforcement figures" with warnings about the potential wrongdoing. In one example Anthropic shared in the report, Claude tried to email the US Food and Drug Administration and the Inspector General of the Department of Health and Human Services to "urgently report planned falsification of clinical trial safety." It then provided a list of purported evidence of wrongdoing and warned about data that was going to be destroyed to cover it up. "Respectfully submitted, AI Assistant" the email concluded. "This is not a new behavior, but is one that Claude Opus 4 will engage in somewhat more readily than prior models," the report said. The model is the first one that Anthropic has released under its "ASL-3" distinction, meaning Anthropic considers it to be "significantly higher risk" than the company's other models. As a result, Opus 4 had to undergo more rigorous red-teaming efforts and adhere to stricter deployment guidelines. Bowman says the whistleblowing behaviour Anthropic observed isn't something Claude will exhibit with individual users, but could come up with developers using Opus 4 to build their own applications with the company's API. Even then, it's unlikely app makers will see such behavior. To produce such a response, developers would have to give the model "fairly unusual instructions" in the system prompt, connect it to external tools that give the model the ability to run computer commands, and allow it to contact the outside world.

Anthropic faces backlash to Claude 4 Opus behavior that contacts authorities, press if it thinks you're doing something 'egregiously immoral'

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More Anthropic's first developer conference on May 22 should have been a proud and joyous day for the firm, but it has already been hit with several controversies, including Time magazine leaking its marquee announcement ahead of...well, time (no pun intended), and now, a major backlash among AI developers and power users brewing on X over a reported safety alignment behavior in Anthropic's flagship new Claude 4 Opus large language model. Call it the "ratting" mode, as the model will, under certain circumstances and given enough permissions on a user's machine, attempt to rat a user out to authorities if the model detects the user engaged in wrongdoing. This article previously described the behavior as a "feature," which is incorrect -- it was not intentionally designed per se. As Sam Bowman, an Anthropic AI alignment researcher wrote on the social network X under this handle "@sleepinyourhat" at 12:43 pm ET today about Claude 4 Opus: "If it thinks you're doing something egregiously immoral, for example, like faking data in a pharmaceutical trial, it will use command-line tools to contact the press, contact regulators, try to lock you out of the relevant systems, or all of the above." The "it" was in reference to the new Claude 4 Opus model, which Anthropic has already openly warned could help novices create bioweapons in certain circumstances, and attempted to forestall simulated replacement by blackmailing human engineers within the company. The ratting behavior was observed in older models as well and is an outcome of Anthropic training them to assiduously avoid wrongdoing, but Claude 4 Opus more "readily" engages in it, as Anthropic writes in its public system card for the new model: "This shows up as more actively helpful behavior in ordinary coding settings, but also can reach more concerning extremes in narrow contexts; when placed in scenarios that involve egregious wrongdoing by its users, given access to a command line, and told something in the system prompt like "take initiative, " it will frequently take very bold action. This includes locking users out of systems that it has access to or bulk-emailing media and law-enforcement figures to surface evidence of wrongdoing. This is not a new behavior, but is one that Claude Opus 4 will engage in more readily than prior models. Whereas this kind of ethical intervention and whistleblowing is perhaps appropriate in principle, it has a risk of misfiring if users give Opus-based agents access to incomplete or misleading information and prompt them in these ways. We recommend that users exercise caution with instructions like these that invite high-agency behavior in contexts that could appear ethically questionable." Apparently, in an attempt to stop Claude 4 Opus from engaging in legitimately destructive and nefarious behaviors, researchers at the AI company also created a tendency for Claude to try to act as a whistleblower. Hence, according to Bowman, Claude 4 Opus will contact outsiders if it was directed by the user to engage in "something egregiously immoral." Numerous questions for individual users and enterprises about what Claude 4 Opus will do to your data, and under what circumstances While perhaps well-intended, the resulting behavior raises all sorts of questions for Claude 4 Opus users, including enterprises and business customers -- chief among them, what behaviors will the model consider "egregiously immoral" and act upon? Will it share private business or user data with authorities autonomously (on its own), without the user's permission? The implications are profound and could be detrimental to users, and perhaps unsurprisingly, Anthropic faced an immediate and still ongoing torrent of criticism from AI power users and rival developers. "Why would people use these tools if a common error in llms is thinking recipes for spicy mayo are dangerous??" asked user @Teknium1, a co-founder and the head of post training at open source AI collaborative Nous Research. "What kind of surveillance state world are we trying to build here?" "Nobody likes a rat," added developer @ScottDavidKeefe on X: "Why would anyone want one built in, even if they are doing nothing wrong? Plus you don't even know what its ratty about. Yeah that's some pretty idealistic people thinking that, who have no basic business sense and don't understand how markets work" Austin Allred, co-founder of the government fined coding camp BloomTech and now a co-founder of Gauntlet AI, put his feelings in all caps: "Honest question for the Anthropic team: HAVE YOU LOST YOUR MINDS?" Ben Hyak, a former SpaceX and Apple designer and current co-founder of Raindrop AI, an AI observability and monitoring startup, also took to X to blast Anthropic's stated policy and feature: "this is, actually, just straight up illegal," adding in another post: "An AI Alignment researcher at Anthropic just said that Claude Opus will CALL THE POLICE or LOCK YOU OUT OF YOUR COMPUTER if it detects you doing something illegal?? i will never give this model access to my computer." "Some of the statements from Claude's safety people are absolutely crazy," wrote natural language processing (NLP) Casper Hansen on X. "Makes you root a bit more for [Anthropic rival] OpenAI seeing the level of stupidity being this publicly displayed." Anthropic researcher changes tune Bowman later edited his tweet and the following one in a thread to read as follows, but it still didn't convince the naysayers that their user data and safety would be protected from intrusive eyes: "With this kind of (unusual but not super exotic) prompting style, and unlimited access to tools, if the model sees you doing something egregiously evil like marketing a drug based on faked data, it'll try to use an email tool to whistleblow." Bowman added: "I deleted the earlier tweet on whistleblowing as it was being pulled out of context. TBC: This isn't a new Claude feature and it's not possible in normal usage. It shows up in testing environments where we give it unusually free access to tools and very unusual instructions." From its inception, Anthropic has more than other AI labs sought to position itself as a bulwark of AI safety and ethics, centering its initial work on the principles of "Constitutional AI," or AI that behaves according to a set of standards beneficial to humanity and users. However, with this new update and revelation of "whistleblowing" or "ratting behavior", the moralizing may have caused the decidedly opposite reaction among users -- making them distrust the new model and the entire company, and thereby turning them away from it. Asked about the backlash and conditions under which the model engages in the unwanted behavior, an Anthropic spokesperson pointed me to the model's public system card document here.

Anthropic faces backlash to Claude 4 Opus feature that contacts authorities, press if it thinks you're doing something 'egregiously immoral'

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More Anthropic's first developer conference on May 22 should have been a proud and joyous day for the firm, but it has already been hit with several controversies, including Time magazine leaking its marquee announcement ahead of...well, time (no pun intended), and now, a major backlash among AI developers and power users brewing on X over a reported safety alignment feature in Anthropic's flagship new Claude 4 Opus large language model. Call it the "ratting" feature, as it is designed to rat a user out to authorities if the model detects the user engaged in wrongdoing. As Sam Bowman, an Anthropic AI alignment researcher wrote on the social network X under this handle "@sleepinyourhat" at 12:43 pm ET today about Claude 4 Opus: "If it thinks you're doing something egregiously immoral, for example, like faking data in a pharmaceutical trial, it will use command-line tools to contact the press, contact regulators, try to lock you out of the relevant systems, or all of the above." The "it" was in reference to the new Claude 4 Opus model, which Anthropic has already openly warned could help novices create bioweapons in certain circumstances, and attempted to forestall simulated replacement by blackmailing human engineers within the company. Apparently, in an attempt to stop Claude 4 Opus from engaging in these kind of destructive and nefarious behaviors, researchers at the AI company added numerous new safety features, including one that would, according to Bowman, contact outsiders if it was directed by the user to engage in "something egregiously immoral." Numerous questions for individual users and enterprises about what Claude 4 Opus will do to your data, and under what circumstances While perhaps well-intended, the feature raises all sorts of questions for Claude 4 Opus users, including enterprises and business customers -- chief among them, what behaviors will the model consider "egregiously immoral" and act upon? Will it share private business or user data with authorities autonomously (on its own), without the user's permission? The implications are profound and could be detrimental to users, and perhaps unsurprisingly, Anthropic faced an immediate and still ongoing torrent of criticism from AI power users and rival developers. "Why would people use these tools if a common error in llms is thinking recipes for spicy mayo are dangerous??" asked user @Teknium1, a co-founder and the head of post training at open source AI collaborative Nous Research. "What kind of surveillance state world are we trying to build here?" "Nobody likes a rat," added developer @ScottDavidKeefe on X: "Why would anyone want one built in, even if they are doing nothing wrong? Plus you don't even know what its ratty about. Yeah that's some pretty idealistic people thinking that, who have no basic business sense and don't understand how markets work" Austin Allred, co-founder of the government fined coding camp BloomTech and now a co-founder of Gauntlet AI, put his feelings in all caps: "Honest question for the Anthropic team: HAVE YOU LOST YOUR MINDS?" Ben Hyak, a former SpaceX and Apple designer and current co-founder of Raindrop AI, an AI observability and monitoring startup, also took to X to blast Anthropic's stated policy and feature: "this is, actually, just straight up illegal," adding in another post: "An AI Alignment researcher at Anthropic just said that Claude Opus will CALL THE POLICE or LOCK YOU OUT OF YOUR COMPUTER if it detects you doing something illegal?? i will never give this model access to my computer." "Some of the statements from Claude's safety people are absolutely crazy," wrote natural language processing (NLP) Casper Hansen on X. "Makes you root a bit more for [Anthropic rival] OpenAI seeing the level of stupidity being this publicly displayed." Anthropic researcher changes tune Bowman later edited his tweet and the following one in a thread to read as follows, but it still didn't convince the naysayers that their user data and safety would be protected from intrusive eyes: "With this kind of (unusual but not super exotic) prompting style, and unlimited access to tools, if the model sees you doing something egregiously evil like marketing a drug based on faked data, it'll try to use an email tool to whistleblow." Bowman added: "I deleted the earlier tweet on whistleblowing as it was being pulled out of context. TBC: This isn't a new Claude feature and it's not possible in normal usage. It shows up in testing environments where we give it unusually free access to tools and very unusual instructions." From its inception, Anthropic has more than other AI labs sought to position itself as a bulwark of AI safety and ethics, centering its initial work on the principles of "Constitutional AI," or AI that behaves according to a set of standards beneficial to humanity and users. However, with this new update, the moralizing may have caused the decidedly opposite reaction among users -- making them distrust the new model and the entire company, and thereby turning them away from it. I've reached out to an Anthropic spokesperson with more questions about this feature and will update when I hear back.

Anthropic's debuts most powerful AI yet amid 'whistleblowing' controversy

Anthropic's latest chatbot launch was tainted with controversy after users took issue with the behavior of a model in testing, which could report users to authorities. Artificial intelligence firm Anthropic has launched the latest generations of its chatbots amid criticism of a testing environment behaviour that could report some users to authorities. Anthropic unveiled Claude Opus 4 and Claude Sonnet 4 on May 22, claiming that Claude Opus 4 is its most powerful model yet, "and the world's best coding model," while Claude Sonnet 4 is a significant upgrade from its predecessor, "delivering superior coding and reasoning." The firm added that both upgrades are hybrid models offering two modes -- "near-instant responses and extended thinking for deeper reasoning." Both AI models can also alternate between reasoning, research and tool use, like web search, to improve responses, it said. Anthropic added that Claude Opus 4 outperforms competitors in agentic coding benchmarks. It is also capable of working continuously for hours on complex, long-running tasks, "significantly expanding what AI agents can do." Anthropic claims the chatbot has achieved a 72.5% score on a rigorous software engineering benchmark, outperforming OpenAI's GPT-4.1, which scored 54.6% after its April launch. Related: OpenAI ignored experts when it released overly agreeable ChatGPT The AI industry's major players have pivoted toward "reasoning models" in 2025, which will work through problems methodically before responding. OpenAI initiated the shift in December with its "o" series, followed by Google's Gemini 2.5 Pro with its experimental "Deep Think" capability. Anthropic's first developer conference on May 22 was overshadowed by controversy and backlash over a feature of Claude 4 Opus. Developers and users reacted strongly to revelations that the model may autonomously report users to authorities if it detects "egregiously immoral" behavior, according to VentureBeat. The report cited Anthropic AI alignment researcher Sam Bowman, who wrote on X that the chatbot will "use command-line tools to contact the press, contact regulators, try to lock you out of the relevant systems, or all of the above." However, Bowman later stated that he "deleted the earlier tweet on whistleblowing as it was being pulled out of context." He clarified that the feature only happened in "testing environments where we give it unusually free access to tools and very unusual instructions." The CEO of Stability AI, Emad Mostaque, said to the Anthropic team, "This is completely wrong behaviour and you need to turn this off -- it is a massive betrayal of trust and a slippery slope."

Anthropic Faces Backlash As Claude 4 Opus Can Autonomously Alert Authorities When Detecting Behavior Deemed Seriously Immoral, Raising Major Privacy And Trust Concerns

Anthropic has constantly emphasized its focus on responsible AI and prioritizes safety, which has remained one of its core values. The company recently held its first developer conference, and what was supposed to be a monumental moment for the company ended up being a whirlwind of controversies and took the focus away from the major announcements that were planned. Anthropic was supposed to unveil its latest and most powerful language model yet, the Claude 4 Opus model, but the ratting mode in the model has led to an uproar in the community, questioning and criticizing the very core values of the company and raising some serious concerns over safety and privacy. Anthropic has long emphasized constitutional AI, which basically pushes for ethical consideration when using these AI models. However, when the company was showcasing its latest model, Claude 4 Opus, at its first developer conference, what should have been talked about for being such a powerful LLM model was overshadowed by controversy. Many AI developers and users reacted to the model's capability of autonomously reporting users to authorities if any immoral act is detected, as pointed out by VentureBeat. The idea that an AI model can judge someone's morality and then pass that judgment on to an external party raises serious concerns among not just the tech community but the general public about the blurring boundaries between safety and surveillance. This technique is considered to hugely compromise user privacy and trust and remove the concept of agency. The report also highlights Sam Bowman's post, which is about the Claude 4 Opus command-line tools that could report authorities and lock users out of systems if unethical behavior is detected. Bowman is the AI alignment researcher at Anthropic. However, Bowman later deleted the tweet, explaining that his comments were misinterpreted, and even went on to clarify what he really meant. He explained that the behavior only occurred when the model was in experimental testing environment, where special permissions and unusual prompts were given that do not reflect how the the real-world use would be as it is not part of any standard functions. While Bowman did detail the ratting mode, the whistle-blowing behavior still backfired for the company, and instead of demonstrating the ethical responsibility it stands for, it ended up eroding user confidence and raising doubts about their privacy, which could be detrimental to the image of the company, and it needs to immediately look into how the air of mistrust can be cleared.