Skip to content
AM-009
← Back to ledger
Holding·last review07 May 2026

Anthropic's Claude for Chrome launch (26 Aug 2025, 1,000 Max-plan subscribers at $100-200/month) is a procurement-decision data point about the maturity of the browser-resident agentic AI class rather than about Anthropic specifically; the company's own security disclosure (23.6% prompt-injection success rate pre-mitigation, 11.2% post-mitigation, 0% on URL-injection variants after subsequent patches) describes the structural exposure level the deploying enterprise inherits across the class, including from Anthropic's competitors as they ship parallel browser-resident products. The procurement-relevant signal is the published-disclosure posture (Anthropic disclosed the rates honestly with mitigation deltas), which places Anthropic in the AM-007 Cohort A and gives procurement a verifiable vendor-response baseline; the rate itself bounds the deployment-layer compensating-control burden but does not, on its own, decide the procurement question.

Claim created at publish; review on 60-day cadence (cadence shorter than typical because Claude for Chrome is in active research preview and the product is changing). Anchor sources: Anthropic Claude for Chrome announcement (26 Aug 2025); Anthropic published security disclosure on Claude for Chrome covering the 23.6%/11.2%/0% rates; Brave Software research blog 'Comet prompt injection' (parallel-class evidence on browser-AI agent prompt injection generally); Simon Willison agentic-browser-security commentary (Aug 25 2025). Sister claims: AM-007 (AgentFlayer + EchoLeak vendor-response split), AM-130 (procurement reader's four evidence classes), AM-140 (procurement-committee pre-pilot questions including cross-agent threat model). Trigger conditions to revisit before next cadence: (a) Anthropic publishes an updated rate (lower, equal, or higher) for Claude for Chrome, with corresponding mitigation deltas; (b) a competitor's browser-resident agent ships with a published security disclosure under either Cohort A or Cohort B posture per AM-007; (c) public reporting of a real-world prompt-injection incident traceable to a browser-resident commercial agent; (d) a major regulatory body (EU AI Act post-market monitoring, UK CMA, US FTC) issues guidance specific to browser-resident agentic AI.

Published
07 May 2026
Last reviewed
07 May 2026
Next review
+18d· 06 Jul 2026
Source piece
Claude for Chrome: what Anthropic's 23.6% to 11.2% prompt-injection numbers tell procurementRead piece →
Primary sources
Permalink/holding/AM-009/
Embed this claimiframe + oEmbed
HTML iframe
Paste-the-URL (Substack, Medium, Notion, WordPress)

The card auto-updates when the claim's status, last-reviewed date, or correction log changes. Embedders never need to refresh — the card is rendered live from the canonical record.

Watch this claim

Email-me when AM-009's status, next review date, or correction log changes. One email per change. No newsletter subscription, no other mail.

The claim: Anthropic's Claude for Chrome launch (26 Aug 2025, 1,000 Max-plan subscribers at $100-200/month) is a procurement-decision data point about the maturity of the browser-resident agentic AI class rather than about Anthropic specifically; the company's own security disclosure (23.6% prompt-injection success rate pre-mitigation, 11.2% post-mitigation, 0% on URL-injection variants after subsequent patches) describes the structural exposure level the deploying enterprise inherits across the class, including from Anthropic's competitors as they ship parallel browser-resident products. The procurement-relevant signal is the published-disclosure posture (Anthropic disclosed the rates honestly with mitigation deltas), which places Anthropic in the AM-007 Cohort A and gives procurement a verifiable vendor-response baseline; the rate itself bounds the deployment-layer compensating-control burden but does not, on its own, decide the procurement question.

About this register

The Reporting register tracks claims published from articles addressed to senior enterprise IT leaders — CIOs, IT directors, heads of platform. Claims are reviewed on a 30–90 day cadence; each review either reaffirms the claim, marks one substantive part as Partial, or marks it Not holding once the underlying evidence has been overtaken.

Recent corrections in Reporting

  • AM-008 · Partial · 17 Jun 2026

    Source-text figure re-review: Google's 2024 Environmental Report reports a 28% year-over-year increase to 8.1 billion gallons, not the 33% (from a 6.1 billion 2023 base) asserted at publish. The 8.1B 2024 figure and the Microsoft WUE 0.30 L/kWh / 39%-improvement figure are unchanged and verified. Article corrected to 28% and the unsupported 6.1B base removed; the claim text retains the original figure with this correction per the Holding-up protocol.

  • AM-132 · Partial · 10 Jun 2026

    One of four legs unanchored on re-review. The claim text attributes '12% of deployments clearing 300%+ ROI with 88% at or below break-even at 12-18 months' to the Stanford DEL 2026 Enterprise AI Playbook. Full-text verification on 10 Jun 2026 found no such figure in that source: the playbook (Pereira, Graylin, Brynjolfsson, Apr 2026) studies 51 successful deployments by design and contains no ROI distribution, no 300%-plus cohort, and no break-even measurement point (full finding at AM-029, correction of 10 Jun 2026). The only verified figure carrying the same 12/88 numerals is IDC research with Lenovo (via CIO.com, Mar 2025): roughly 88% of AI proof-of-concepts never reach production and roughly 12% graduate — a pilot-to-production graduation metric, not an ROI distribution. The Gartner 28%, McKinsey 23%/17%, and MIT NANDA 95% legs verify; they support a small high-performing tail and a large struggling body, but none documents the two-peak bimodal shape the claim asserts. Status Up -> Partial.

  • AM-129 · Partial · 10 Jun 2026

    One of three read-against anchors unanchored on re-review. The claim text cites 'Stanford Digital Economy Lab Enterprise AI Playbook (12/88 bimodal ROI distribution at 12-18 months)' and frames the realistic ROI band around 'the highest-discipline 12% cohort'. Full-text verification on 10 Jun 2026 found the playbook contains no 12/88 distribution, no bimodal ROI shape, and no 12-18-month ROI measurement point (full finding at AM-029, correction of 10 Jun 2026). The claim's core negative finding — no mid-market enterprise has produced a documented +240% ROI in 90 days under audited conditions — is unaffected; the McKinsey State of AI 2025 and MIT NANDA legs verify and continue to support it. The '12% cohort' framing has no verifiable referent. The only verified figure carrying the 12/88 numerals is IDC's pilot-graduation finding (roughly 88% of AI proof-of-concepts never reach production; via CIO.com, Mar 2025), a different metric. Status Up -> Partial.

Reviews coming up in Reporting

  • AM-063 · Holding · next +9d (27 Jun 2026)

    AI agents executing financial transactions need a four-control bundle (action-approval gates by blast radius, kill-swit…

  • AM-061 · Holding · next +9d (27 Jun 2026)

    Production agentic-AI costs at scale routinely run multiples of POC projections, and a layered optimisation programme c…

  • AM-003 · Partial · next +9d (27 Jun 2026)

    GPT-5 Pro's tiered-subscription model forces enterprises to classify problems by computational difficulty — $200/month…

Referenced within Agent Mode AI by · 1 piece