You trust Anthropic more than other AI labs. Fair enough — they earned it. Every Claude release ships with a system card: what the model can do, where it breaks, what guardrails exist. A nutrition label for AI. Thirteen since July 2023, all listed publicly. More transparency than most labs bother faking.
Then on April 8, 2026, Anthropic shipped Claude as an autonomous worker — one that wakes itself up, runs for hours, pushes code under your name — and forgot the nutrition label.
The precedent that makes this embarrassing
You know Managed Agents and Routines. This channel has covered them to death. Managed Agents launched April 8, Routines followed on April 14. Claude now runs autonomously, unsupervised, on a schedule, with tool access and persistent memory.
Neither shipped with a system card.
Now rewind to October 2024. Anthropic launched Computer Use beta — Claude clicking around your screen. That came with a dedicated Model Card Addendum covering autonomous action risks: prompt injection via browser content, screenshot misinterpretation rates, safeguards against destructive commands, explicit warnings that the feature "may take unexpected actions," and a full list of attack surfaces where malicious content could hijack Claude's actions.
Computer Use let Claude click buttons. Managed Agents lets Claude run your infrastructure. Guess which one got the safety documentation.
"Thoughts and prayers" in blog form
On April 9 — one day after Managed Agents shipped — Anthropic posted "Trustworthy agents in practice": five principles covering human control, value alignment, interaction security, transparency, privacy. The document itself concedes these safeguards "aren't foolproof" and that the model "behaves differently when it thinks it is being tested."
That's not a safety evaluation. That's the disclaimer printed on the back of a bungee-jumping waiver.
A system card gives you failure modes, red-team results, quantified risks. A principles blog gives you vibes and the implicit suggestion that you'll figure it out.
What the missing document would say
A model card documents a brain. An agent card documents a worker with keys to your infrastructure. Here's what Anthropic would need to publish:
Permission scopes. Managed Agents connects to Notion, Sentry, Asana, and arbitrary APIs. The Computer Use addendum explicitly listed which actions were gated. For agents? Nothing.
Side-effect inventory. Can it delete files? Push code? Modify database records? Send emails as you? The answer changes per integration, and nobody's mapped it.
Cost-runaway scenarios. A Routine fires every 5 minutes, each run spawning subagents that spawn subagents. Your billing dashboard finds out before you do.
Kill switch. How do you stop a running agent mid-task? What state does it leave your codebase in? What half-written commits are sitting in your repo?
Data retention. Persistent sessions store context across runs. Where does that data live? Who accesses it? For how long? These policies remain "not fully specified".
The academic world already proposed a framework. Researchers published "Agent Cards" in February 2026. NIST launched an AI Agent Standards Initiative the same month. Nobody adopted either. But nobody else built their entire brand on publishing safety docs before shipping.
Your homework now
You're deploying these products. Teams already are. And you're writing the safety assessment Anthropic used to write for you.
Scope your agent's permissions. Cap its spending. Document its side effects. Define how a human intervenes. Test what happens when tools go down — because some developers already learned that subagents hallucinate output instead of failing when tools vanish.
Model cards were Anthropic's gift to the industry. Agent cards are the debt it just shipped to production.
