Anthropic's Claude for Chrome launch (26 Aug 2025, 1,000 Max-plan subscribers at $100-200/month) is a procurement-decision data point about the maturity of the browser-resident agentic AI class rather than about Anthropic specifically; the company's own security disclosure (23.6% prompt-injection success rate pre-mitigation, 11.2% post-mitigation, 0% on URL-injection variants after subsequent patches) describes the structural exposure level the deploying enterprise inherits across the class, including from Anthropic's competitors as they ship parallel browser-resident products. The procurement-relevant signal is the published-disclosure posture (Anthropic disclosed the rates honestly with mitigation deltas), which places Anthropic in the AM-007 Cohort A and gives procurement a verifiable vendor-response baseline; the rate itself bounds the deployment-layer compensating-control burden but does not, on its own, decide the procurement question.

Claim created at publish; review on 60-day cadence (cadence shorter than typical because Claude for Chrome is in active research preview and the product is changing). Anchor sources: Anthropic Claude for Chrome announcement (26 Aug 2025); Anthropic published security disclosure on Claude for Chrome covering the 23.6%/11.2%/0% rates; Brave Software research blog 'Comet prompt injection' (parallel-class evidence on browser-AI agent prompt injection generally); Simon Willison agentic-browser-security commentary (Aug 25 2025). Sister claims: AM-007 (AgentFlayer + EchoLeak vendor-response split), AM-130 (procurement reader's four evidence classes), AM-140 (procurement-committee pre-pilot questions including cross-agent threat model). Trigger conditions to revisit before next cadence: (a) Anthropic publishes an updated rate (lower, equal, or higher) for Claude for Chrome, with corresponding mitigation deltas; (b) a competitor's browser-resident agent ships with a published security disclosure under either Cohort A or Cohort B posture per AM-007; (c) public reporting of a real-world prompt-injection incident traceable to a browser-resident commercial agent; (d) a major regulatory body (EU AI Act post-market monitoring, UK CMA, US FTC) issues guidance specific to browser-resident agentic AI.