Your Frontier Provider Is Quietly Limiting Your Capability & Research

Anthropic's latest release changes the relationship between the company and the people who build on its models. With this release, Anthropic is increasingly deciding what kinds of work its models will and will not do. There has always been some version of this around NSFW or clearly abusive use. The new release goes further: the guardrails are deliberately conservative and flag a wide range of biology and cybersecurity questions, along with work that resembles AI and ML model development pipelines.

These restrictions are framed as AI safety. In practice they constrain what customers, including legitimate businesses, can do with a frontier model. That is a real problem for anyone whose business case depends on those capabilities.

Gatekeeping, by design

Project Glasswing is an example of the pattern. Early access went to the largest players, so a smaller company with a legitimate use case may simply be left out. The refusals do not just hit commercial use. They also reach research startups and academic institutions using AI to push toward cures for disease and other illnesses.

Anthropic's own Fable release showcased exactly these capabilities, then gated them. According to Anthropic's Fable 5 and Mythos 5 announcement, the Mythos-class model accelerated parts of drug design by roughly tenfold, designed proteins autonomously, and produced strong drug candidates for nine of fourteen protein targets.

Anthropic then routed most biology and chemistry requests on the public model to the older, less capable Opus 4.8, with full access gated behind a vetted, invite-only program. In effect, Anthropic is positioning itself as the gatekeeper for who may use frontier research capability in this domain. That is a chilling prospect for independent research.

This is a reliability problem

If Anthropic decides a use case overlapping with your business is now off-limits, you have little recourse. It points to a future where a handful of frontier providers become a hard dependency for how organizations deploy AI and agents, which should be a wake-up call.

Anyone building on frontier models needs to be testing alternatives and maintaining a fallback plan, because access can change. Models can be shut off, or a provider can dial up more conservative classifiers for a period, for instance if a capability starts being used in active attacks, disrupting everyone on the service.

Until recently, the working assumption was that frontier access was largely a matter of being able to pay for it. That is no longer the case.

Watching the sorting of who gets frontier access

Expect a continually expanding list of things Anthropic will not let you do. I am skeptical this actually stops sophisticated nation-state actors, since the top tier already has access to these capabilities. Access now depends heavily on your specific use case, and we are watching a sorting of who gets true frontier access. Frontier red teams, for instance, have long had pre-safety-training checkpoints that ordinary commercial customers never see.

As these companies head toward IPO and settle into a role as underlying infrastructure, customers will need real reliability guarantees. The current pace of change in capabilities and guardrails works against that. Anthropic has already walked back one of these guardrails, the one affecting ML work, so that it at least notifies you when your output is being degraded. But this is a policy posture that every enterprise will now have to set its own comfort level around, given how fast a major provider can shift the rules.