🧭 Anthropic's Inaugural "Public Record" Survey: 52,000 Americans on AI Hopes and Fears
Anthropic has published the findings of its first Anthropic Public Record survey — a large-scale study conducted November–December 2025 with nearly 52,000 Americans via YouGov. The data paints a nuanced picture: majorities hold genuine hope for what AI can accomplish in healthcare and science while simultaneously expressing serious anxiety about job displacement and institutional trust. For developers building on Claude, the numbers set the context for why Anthropic's public-facing decisions — from Claude Corps to its usage policies — look the way they do.
Top-line findings
- No. 1 hope (48%): AI cures cancer and Alzheimer's disease — more than any other single application listed.
- No. 1 fear (64%): Job displacement — nearly two-thirds of respondents cite it as their leading concern.
- Institutional trust deficit: Only 15% of Americans trust AI companies to guide development responsibly — the lowest of any institution measured, below government, academia, and civil society.
- Bipartisan regulation support: Over 70% support government AI regulation; the consensus holds across party lines.
- Daily users are different: People who use AI tools daily show notably lower job-loss anxiety (54%) versus non-users (70%), suggesting hands-on familiarity actively reshapes risk perception.
Why this is worth a developer's attention
The trust figure is striking: fewer than one in six Americans trust AI companies. That institutional credibility gap directly shapes the environment in which developers deploy AI products. Users arriving at AI-powered features may carry baseline scepticism that purely capability-focused messaging won't address. Anthropic is explicitly using the Public Record series to track how perception evolves over time — meaning the data will be updated and is intended as a longitudinal baseline, not a one-off snapshot.
The daily-user trust gap is your onboarding hypothesis
If job-loss anxiety falls from 70% to 54% simply through regular use, onboarding flows that put users in the driver's seat early — letting them accomplish a real task before explaining what the AI is doing — may do more for trust than any transparency disclosure. The survey data supports a "show, then explain" approach over "explain, then ask permission."
Public Record survey
public opinion
job displacement
trust
YouGov
AI regulation
onboarding
🧭 Claude Code v2.1.176: Model Allowlist Enforcement, Hook Path Fixes & Smarter Session Titles
The Claude Code v2.1.176 release (shipped June 12–13) resolves several edge-case reliability problems that production teams have been working around for weeks, plus tightens a security gap in model selection that could have allowed environment-variable overrides to bypass operator-configured allowlists.
Model allowlist enforcement — closed a meaningful security gap
Before this release, setting the ANTHROPIC_MODEL environment variable to a model alias (e.g. claude-latest) could cause the runtime to silently redirect to a model not included in the operator's availableModels list in settings.json. The operator saw their allowlist respected in the UI but not necessarily in execution. v2.1.176 adds a strict alias-resolution check: if the resolved canonical model ID is not in availableModels, the request is rejected at the session layer rather than passed through. The /fast toggle has the same protection — it now refuses to activate if the Fast Mode model falls outside the allowlist.
// settings.json — allowlist now strictly enforced even for alias env-var overrides
{
"availableModels": [
"claude-fable-5-20261009",
"claude-opus-4-8-20260530"
]
}
// ANTHROPIC_MODEL=claude-latest will now be REJECTED if "claude-latest" resolves
// to a model not in the list — previously it silently passed through
Hook `if` glob patterns now match correctly
A long-reported bug where if conditions on Read, Edit, and Write tool hooks failed to match glob patterns (e.g. **/*.ts not matching files in nested directories) is fixed. Teams using hooks to gate file access or enforce code review on specific paths no longer need the regex workaround introduced in v2.1.160.
Other fixes in this window
- Session titles auto-generated in the user's language — previously all auto-titles were in English regardless of conversation language.
- Bedrock credential caching respects actual token expiration — previously hardcoded to a 1-hour cap, which caused unnecessary re-auth for credentials with shorter TTLs and silent failures for credentials with longer ones.
- Remote Control + backgrounded agent session fixes — multiple stability patches for scenarios where backgrounded agents detached from their parent session context.
Check your hook configurations after upgrading
If you wrote regex workarounds for the glob bug in earlier versions, test them under v2.1.176 — you likely need to simplify back to glob syntax. Both patterns will continue to work, but glob paths are more readable and now correctly optimised at the match layer.
Claude Code
v2.1.176
model allowlist
hook glob fix
Bedrock
settings.json
security
🧭 Anthropic + MITRE: One Year of AI-Enabled Cyber Threats and the ATT&CK Framework Gap
Anthropic has published a joint analysis with MITRE examining 832 banned accounts engaged in malicious cyber activity across a full year (March 2025–March 2026). The report maps each attack pattern to the MITRE ATT&CK framework and reveals a structural gap: the ATT&CK database lacks categories for autonomous AI orchestration, causing genuinely novel attacks to score as moderate-risk under current metrics while constituting high-severity operations in practice. A November 2025 state-sponsored espionage operation — the most complex case in the dataset — scored maximum risk internally but appeared moderate through the standard ATT&CK lens.
What the data says about attacker behaviour shifts
- Initial access is not the growth area: AI assistance is most pronounced in post-compromise operations — lateral movement, privilege escalation, and malware development — not in the initial phishing or vulnerability scanning phases where defenders have the most tooling.
- Skill democratisation is real: Less-experienced actors successfully executed multi-stage attacks that previously required specialist knowledge, enabled by AI scaffolding that generates working exploit code and guides step-by-step.
- Autonomous orchestration creates blind spots: Attacks where an AI agent autonomously chains tool calls across multiple sessions leave artefacts that don't map to existing ATT&CK tactic/technique IDs, making automated detection rule authoring harder.
What Anthropic changed as a result
Anthropic deployed new domain-specific safety classifiers on its most capable models (Fable 5 and Opus 4.8) that flag requests matching post-compromise attack patterns — lateral movement, credential harvesting, C2 communication configuration — even when framed as "legitimate pen-testing." Prompts that match these classifiers require explicit verification of authorised scope before the model proceeds. MITRE and Anthropic are co-authoring a proposed extension to ATT&CK that adds an "AI Orchestration" tactic column — expected to enter public comment in Q3 2026.
For security teams using Claude in offensive tooling
The new classifiers are intentionally conservative. Authorised red-team workflows that previously worked may now trigger the verification gate. Anthropic recommends scoping operator system prompts to explicitly declare the authorised engagement domain (e.g. This assistant is deployed for authorised penetration testing of {org}'s infrastructure under SOW #{n}). Declaration in the system prompt — not the user turn — is what the classifier checks first.
MITRE ATT&CK
cyber security
AI threat report
red team
safety classifiers
post-compromise
autonomous orchestration
