The document discloses that Claude Sonnet 4.5 retains residual safety risks, including susceptibility to adversarial prompting and jailbreak techniques, and that the hardcoded and softcoded safety behaviors may not be fully reliable in all adversarial contexts.
This analysis describes what Anthropic's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision is a material disclosure of known limitations in the model's safety architecture, which is operationally significant for any operator making safety representations to their own users based on Claude's designed refusal behaviors.
Under this disclosure, users and operators should be aware that Claude Sonnet 4.5's safety behaviors, while structurally designed, are not claimed to be fully robust against all adversarial prompting techniques, and residual risk of safety behavior circumvention exists.
Cross-platform context
See how other platforms handle Residual Safety Risks and Jailbreak Acknowledgment and similar clauses.
Compare across platforms →Monitoring
Anthropic has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We recognize that Claude is not perfect, and there are cases where Claude may be manipulated through adversarial prompting techniques to behave in ways that are inconsistent with its training and values.— Excerpt from Anthropic's Claude Sonnet 5 System Card
1. REGULATORY LANDSCAPE: This provision engages with FTC guidance on substantiated safety claims and the EU AI Act's requirements for accuracy and robustness disclosures for general-purpose AI models. Where operators represent to their users that Claude categorically refuses certain content, the accuracy of that representation depends on the reliability of the hardcoded behaviors, which this provision qualifies. 2. GOVERNANCE EXPOSURE: High for operators who market their products on the basis of Claude's content safety. The disclosure that adversarial prompting may circumvent safety behaviors creates potential FTC exposure if operator-facing or consumer-facing safety representations overstate the model's actual reliability. Operators should review their marketing materials and user-facing disclosures for accuracy relative to this acknowledged limitation. 3. JURISDICTION FLAGS: EU operators subject to the EU AI Act's transparency and accuracy requirements should assess whether this residual risk disclosure affects their product conformity documentation. California operators should assess whether this disclosure triggers any obligation under California's AI transparency or consumer protection statutes. 4. CONTRACT AND VENDOR IMPLICATIONS: Operators should assess whether their commercial agreements with Anthropic adequately allocate liability for harms resulting from adversarial prompting that circumvents hardcoded safety behaviors. Standard API terms may not provide indemnification for such scenarios, and operators may face direct liability for harms to their own users. 5. COMPLIANCE CONSIDERATIONS: Compliance teams should review all user-facing and marketing representations about Claude's safety capabilities and assess whether they are consistent with this disclosed limitation. Organizations should establish incident response procedures for cases where adversarial prompting results in safety behavior failures in their deployments.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 3 platforms + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision is a material disclosure of known limitations in the model's safety architecture, which is operationally significant for any operator making safety representations to their own users based on Claude's designed refusal behaviors.
Under this disclosure, users and operators should be aware that Claude Sonnet 4.5's safety behaviors, while structurally designed, are not claimed to be fully robust against all adversarial prompting techniques, and residual risk of safety behavior circumvention exists.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Anthropic.