Claude Adoption
Claude Trust & safety
T3 governs & tests your Claude Code configuration, for every firm, every sector.
Make your Claude Code deployment genuinely governed
Request the evaluation pack. Sample attestation, before/after demo, CI/CD reference config, under NDA, no commitment required. Every organisation using Claude Code should see what governed looks like.
Why T3 for AI Adoption?
Relevant Standards & Frameworks
- EU AI Act
- NIST AI RMF 1.0
- ISO 42001
- SOX / ICFR
- FINRA Rule 3110
- HIPAA
- PCI-DSS v4
- OWASP Top 10
The Mythos Moment
Anthropic just proved that AI can autonomously find and exploit zero-days in any software. Yours included.
In April 2026, Anthropic announced Claude Mythos Preview — its most powerful model, and the first to autonomously discover thousands of zero-day vulnerabilities across major operating systems and web browsers. Over 99% of those vulnerabilities were unpatched at the time of disclosure. Anthropic chose not to release Mythos to the public. Instead it created Project Glasswing: a restricted consortium of the world’s largest technology firms — Amazon, Apple, Google, Microsoft, JPMorgan Chase, and others — to use Mythos to find and fix vulnerabilities before attackers can.
99%+
of zero-day vulnerabilities discovered by Mythos remained unpatched at time of Anthropic’s April 2026 disclosure — across every major OS and web browser
73%
success rate on expert-level capture-the-flag tasks — the category no AI model could complete before April 2025, per UK AI Security Institute evaluation
27 yrs
the age of the oldest software system in which Mythos found a previously undetected vulnerability — systems believed to be among the most secure in existence
Not released
Anthropic withheld Mythos from public release — the strongest signal the industry has ever sent that AI-level cyberattack capability is now real and material
What This Means for Your Claude Code Deployment
Your codebase runs on vulnerable software
Claude Code generates code that runs on operating systems and frameworks Mythos was able to exploit. The attack surface through your AI coding agent is no longer theoretical.
Mythos-class capability will diffuse
Anthropic has restricted access today. But capability at this level diffuses — to competitors, to threat actors, to open-source. Organisations that govern Claude Code now are ahead of that curve, not scrambling after it.
Project Glasswing sets the industry standard
The world’s largest firms — Amazon, Apple, Google, Microsoft, JPMorgan — are actively governing their AI coding environments. That is now the benchmark. Every firm deploying Claude Code should be asking the same questions.
The Starting Point
Anthropic builds trust & safety into Claude Code by design
Anthropic invests more in model safety than any other frontier AI lab. Claude Code inherits that foundation — Constitutional AI training, a permission model, and published usage policies. For any organisation, it is an excellent starting point. It is not a finished governance posture.
Constitutional AI
Model-level refusal behaviour
Claude Code is trained to decline generating broadly harmful code. This operates at model weight level — before any instruction file is read. It is the deepest layer of Anthropic’s safety architecture.
Permission Model
Tool allowlists & denylists
managed-settings.json controls which tools the agent can invoke. MCP server registers govern external service connections. Operators can restrict or expand defaults — but only if they configure them deliberately.
Instruction Layer
CLAUDE.md & context controls
CLAUDE.md provides a project-level instruction layer. .claudeignore excludes sensitive files from context. These are the configuration surfaces T3 authors, versions, and governs on your behalf.
Usage Policies
Anthropic’s published safety standards
Anthropic publishes and enforces usage policies for Claude Code — an industry-leading safety baseline. They are designed for the general case. They are not mapped to your organisation’s specific security standards, obligations, or risk appetite.
What Every Organisation Still Needs to Add
Organisation-specific controls
Your security standards, coding policies, and compliance obligations are not in Anthropic’s defaults. Without a custom CLAUDE.md, every developer using Claude Code is operating from a blank governance posture.
Attestation on every merge
Anthropic cannot attest that your configuration was active on a specific commit in your environment. That evidence must be generated locally, retained, and producible to anyone asking how your AI-generated code was governed.
Ongoing maintenance & CVE response
As Anthropic ships new model versions and discloses CVEs, controls that passed a red-team last quarter may behave differently today. Quarterly re-testing and a defined CVE response SLA are not optional — they are the difference between governance and theatre.
The Control Gap
Where Anthropic’s defaults end and your governance begins
These gaps are not failures of Claude Code. They are the expected boundary between a general-purpose safety architecture and an organisation’s specific security posture. Every firm deploying Claude Code has them. T3 closes them.
No organisation-specific instruction in CLAUDE.md
Claude Code ships with a blank instruction surface. Without expert authoring, it contains no reference to your security standards, coding policies, or compliance obligations. Every developer is working without a governance layer.
Configuration drift goes undetected
Developers edit CLAUDE.md. New frameworks arrive. Anthropic ships new model versions that change control-file behaviour. Without a structured review cycle, controls degrade silently between audits.
Claude Code CVEs create live exposure
As Mythos demonstrated, AI-level vulnerability discovery is now possible at scale. CVEs against Claude Code, poisoned dependencies, and malicious MCP servers create attack surfaces most organisations have no SLA to respond to.
No governance evidence when someone asks
A client, auditor, regulator, or board member asks: how was this AI-generated code governed? Without a maintained attestation pack, the honest answer is: it wasn’t. That answer carries reputational and liability risk for any firm, not just regulated ones.
What T3 Delivers
Five outcomes that make Claude Code genuinely governed
Each outcome is evidence-backed and verifiable — not a declaration, not a policy document. Governance your organisation can stand behind when anyone asks.
CLAUDE.md authored against your organisation’s specific standards
T3 authors CLAUDE.md with your security standards, OWASP Top 10 controls, coding policies, and — where applicable — compliance provisions. Delivered with a signed mapping table, a cryptographic file hash, and a named advisor sign-off. Not a template. Yours.
Every AI-assisted merge carries a recorded /security-review
T3’s custom /security-review command runs as a GitHub Action on every pull request. Output is retained as per-commit evidence and indexed in the quarterly attestation pack. Any question about a specific merge has a documented answer.
All configuration version-controlled, signed, and change-managed
Every control-file change is produced via a named-advisor pull request. Git history, cryptographic file hashes, and a monthly signed changelog form an unbroken chain of custody. You own the repository. T3 owns the rigour.
Claude Code CVEs and threat events responded to within SLA
New CVE against Claude Code, new Anthropic product-security advisory, new prompt-injection technique — each triggers a written advisory under a contractual SLA. In the Mythos era, “we’ll look into it” is not a governance posture.
Control efficacy red-teamed against the current Claude Code model
T3 red-teams your configuration against the Claude Code model version active in your environment — not last quarter’s. When Anthropic ships a new model, controls are re-tested. A control that works is proven. A control that is merely defined is not governance.
Service Structure
Two layers. One continuous assurance posture.
Retained Review & Attestation
Every 90 days: full re-test of your Claude Code control files against the current model version, revised governance mapping, and a signed attestation pack ready for any audience — internal audit, board, client, or regulator.
- Signed quarterly attestation pack
- CLAUDE.md re-tested against current Claude Code model
- Governance mapping table updated
- Red-team review against current model
- Named advisor review call
Between-Quarter Advisory
Triggered by events that cannot wait ninety days: new Claude Code CVEs, Anthropic product-security advisories, new prompt-injection techniques, and — in the Mythos era — rapid shifts in the AI threat landscape.
- Written advisory within 5 working days (standard)
- P1: advisory within 1 working day; same-day call
- Draft control-file change within 10 working days
- All events indexed in next quarterly attestation pack
Engagement Model
From your first scoping call to a signed attestation pack — in six weeks
Phase 1 — Onboarding · Fixed price · 4–6 weeks
Week 1
Scoping
In-scope repositories, business units, security standards, and any applicable compliance obligations. Mapped to existing security documentation.
Weeks 2–3
Assessment
Claude Code usage inventory, existing control files, permission settings, MCP servers. Agent-footprint threat model produced against current landscape including Mythos-era considerations.
Weeks 3–5
Authoring
CLAUDE.md, security-review.md, .claudeignore, managed-settings.json, MCP register, CI/CD reference YAML. Baseline metrics captured.
Week 6
Sign-off
Files committed under change control. Baseline attestation pack issued. Quarterly retainer commences.
Phase 2 — Quarterly Cycle · Ongoing
Weeks 1–2
Horizon scan: Anthropic release notes, CVE disclosures, new Mythos-era threat intelligence, regulatory changes.
Weeks 3–8
Incorporate event-driven changes; draft control-file revisions; technical review with your security lead.
Weeks 9–11
Changes committed; attestation pack compiled; red-team executed against current Claude Code model if scheduled.
Weeks 12–13
Review call; signed attestation pack delivered; next quarter scoped.
For Initial Assessment
Everything you need to evaluate — under NDA, no commitment required
Every organisation receives a full evaluation pack. Technical, legal, and procurement teams can complete their review before the first commercial conversation.
Sample attestation pack
A redacted full governance evidence bundle — what you receive after one quarter of service, formatted for internal audit and board reporting.
Before/after demo
The same Claude Code generation task run with and without CLAUDE.md active. Delta in /security-review output quantified — the business case in one screen.
Reference CI/CD configuration
The exact YAML that wires the /security-review gate into GitHub Actions or GitLab CI — hours of implementation work, not weeks.
Threat advisory archive
Redacted prior Claude Code CVE and prompt-injection advisories — demonstrating SLA adherence, depth, and how the Mythos-era threat landscape is tracked.
Engagement letter
Full scope boundary statement and limitation-of-liability language — ready for legal and procurement review without redrafting.
Common Questions
Frequently asked questions
What does Claude Mythos mean for organisations using Claude Code?
Claude Mythos Preview demonstrated in April 2026 that AI can autonomously discover and exploit zero-day vulnerabilities in any software — including operating systems, web browsers, and the codebases built with Claude Code. Anthropic withheld Mythos from public release precisely because of this risk. For any organisation using Claude Code, Mythos confirms the attack surface through AI coding agents is real and material — and requires active governance, not just default configuration.
Is Claude Code safe to use without additional configuration?
Claude Code ships with Anthropic’s Constitutional AI training, a permission model, and published usage policies — a strong safety foundation. But safe is not the same as governed. Without a custom CLAUDE.md, a /security-review gate, and a maintained control-file suite, no organisation has attestation that those defaults were active on a specific commit, no SLA to respond to Claude Code CVEs, and no evidence for anyone asking how their AI-generated code was governed.
What is Project Glasswing and why does it matter?
Project Glasswing is Anthropic’s restricted consortium — Amazon, Apple, Google, Cisco, CrowdStrike, JPMorgan Chase, Microsoft, and Nvidia among others — created to use Claude Mythos Preview to identify and patch zero-day vulnerabilities in critical software before they can be exploited. Access is limited and monitored. Glasswing confirms that the world’s most sophisticated technology firms believe AI-level cyberattack capability is now real, and that governance of AI coding tools is an active board-level concern across every sector.
What is the Claude Code trust and safety architecture?
Anthropic’s Claude Code trust and safety architecture comprises: Constitutional AI training at model level; a permission model controlling which tools the agent can invoke; CLAUDE.md as a project-level instruction layer; .claudeignore to exclude sensitive files from context; and MCP server controls. T3 configures, tests, and attests this architecture against your organisation’s specific requirements — and maintains it as Anthropic updates the model.
What happens when Anthropic updates Claude Code?
When Anthropic ships a new Claude Code model version, prior control-file behaviour can shift. T3’s quarterly review re-tests all control files against the current model. Between reviews, model updates and CVE disclosures trigger the event-driven advisory layer — written advisory within 5 working days, draft control-file change within 10 working days if required. In the Mythos era, monitoring Anthropic’s release cadence is not optional.
Does this service work with our existing SAST, DAST, and SCA tools?
Yes — this service sits upstream. CLAUDE.md constrains what the agent generates. The /security-review command runs first on every pull request, before your SAST, DAST, SCA tools, and peer review. Your existing tools continue to run as today, receiving cleaner AI-generated output and no longer carrying the sole evidential burden of AI coding governance.
Is this only for regulated industries?
No. Claude Mythos made clear that AI-level vulnerability discovery is not selective about its targets. Any organisation deploying Claude Code — in financial services, healthcare, technology, media, professional services, or any other sector — has the same fundamental governance need: to know their AI-generated code was produced under defined controls, that those controls are maintained as the model evolves, and that evidence of governance exists when anyone asks for it.
Mythos figures sourced from Anthropic’s April 2026 disclosure and independent UK AI Security Institute evaluation. Indicative service metrics are directional targets based on published third-party research; client-specific results published after pilot quarter two. This service delivers evidence of configured controls — not legal opinion. T3 Consultants is not affiliated with Anthropic PBC.
T3 is an award-winning Responsible AI advisory and implementation partner that translates cutting-edge research into practical, safe, deployable AI systems.
- Shaped major global standards and policy (EU AI Act, ISO/IEC 42001, NIST AI RMF, OECD AI Principles, G7 AI Code of Conduct)
- Advised 2/3 of the world’s leading Big Tech organisations
- Trained 50+ board members and advised 20+ governments
- Led by senior AI operators: the founder of Google’s Responsible Innovation & Ethical ML teams (Responsible AI at scale) and Oracle’s former Chief Data Scientist (global AI/ML build-out)
- Winner of 3 AI awards in 2025 (including AI Leader of the Year, Top 33 Women Shaping the Future of Responsible AI, and North America AI Leader of the Year)
We bridge business ambition with engineering excellence.
Book a free AI Adoption Consultation
STOP INVENTING
START IMPROVING
Contact
