How This Briefing Works
This report opens with key findings, then maps the gaps between what Anthropic discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.
Key Findings
Pre-Consent Activity
Anthropic was observed loading and executing before user consent was obtained on 15% of sites where it was detected.
Claims vs. Observed Behavior
pending
“Requires claims extraction via CDT”
Live website analysis pending
What This Means For You
What To Do About It
Role-specific actions based on observed behavior
If You Use Anthropic
- →Immediate contract review for AI training data usage rights and opt-out provisions
- →Require Anthropic to execute telemetry post-consent only with explicit AI data collection disclosure
- →Implement conversation-level data deletion controls for sensitive discussions
- →Add AI interaction data disclosure to privacy policy with training data opt-out mechanism
- →Audit data sharing agreements to identify downstream AI training data usage
- →Assess GDPR Article 9 applicability to behavioral AI interaction patterns
If You're Evaluating Anthropic
- →Legal counsel review of joint controller liability for AI-generated content under GDPR Article 26
- →Data Protection Impact Assessment for AI behavioral pattern processing
- →Calculate competitive leakage cost: (Anthropic fee + training data value to competing AI users + strategic intelligence exposure)
- →Evaluate self-hosted AI alternatives vs. cloud API with training data sharing
Negotiation Leverage
- →AI interaction data without consent violates GDPR Article 6 and Article 9 (behavioral patterns as special category data) - require explicit opt-in for all telemetry
- →Chat transcript capture creates data breach liability - demand encryption at rest/transit with annual security audits and breach notification SLAs
- →Training data usage feeds competing AI customers - require complete opt-out from model training with contractual guarantees
- →Cross-domain sync extends liability across Anthropic ecosystem - demand technical isolation of customer-specific deployments
- →Tag manager deployment creates consent enforcement gaps - require first-party deployment with documented consent controls
- →Persistent tracking of AI conversations extends GDPR liability window - demand 30-day automatic deletion with user-controlled retention
Runtime Detections
BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.
Keystroke/mouse tracking
Impact: Captures AI interaction patterns (query complexity, response engagement, conversation flow) for user profiling. Creates GDPR Article 9 special category data processing violations.
Full session replay
Impact: Records complete AI conversation transcripts including prompts and generated responses. Every chat creates GDPR data subject access request liability and breach notification obligations if storage compromised.
Identity stitching
Impact: Synchronizes AI usage identities across Anthropic properties and customer deployments. Extends GDPR compliance scope to entire Anthropic ecosystem.
Ignoring CMP signals
Impact: Executes AI telemetry, session recording, and behavioral tracking before consent collection. Violates GDPR Article 6 and ePrivacy Directive.
Long-lived identifiers
Impact: Maintains AI interaction history across sessions via persistent identifiers. Extends GDPR data retention and deletion obligations to all historical chat transcripts.
Container/loader (neutral)
Impact: Deploys AI embedding via tag management system enabling dynamic updates without change control. Creates consent governance gaps and prevents technical enforcement of privacy controls.
IOC Manifest
Indicators of compromise across 4 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.
Ecosystem & Supply Chain
Evidence Artifacts
Artifacts collected during analysis, available with evidence-tier access.
Complete network capture with all requests and responses
58 detection signatures across scripts, domains, cookies, and network endpoints