Part V

Lab and Platform Responses

§V.1 Anthropic

What Anthropic has said and done, in plain language

Of the major frontier labs, Anthropic has published the most extensive public-facing record of its safety practice. The lab maintains three documentary surfaces that are central to Q2 of this research: a Responsible Scaling Policy (RSP), now in its third major version; a Frontier Compliance Framework (FCF), which serves as the lab's compliance document under California's Senate Bill 53; and a Frontier Safety Roadmap, which records concrete near-term goals and an archive of completed-or-modified prior goals. Together with Anthropic's published transparency-need analysis and its Challenges in Red Teaming research paper, these documents constitute the most substantively detailed public safety-framework record of any frontier lab as of the access date.

People who work on this material at Anthropic include the Frontier Red Team, Alignment, Interpretability, Trust & Safety, Policy, and the lab's external-affairs and legal-and-compliance functions described in Part III §III.7.

The Responsible Scaling Policy in its current form

Anthropic released RSP v3.0 on February 24, 2026, framing the document in the lab's own words as "the voluntary framework we use to mitigate catastrophic risks from AI systems." (Source: Anthropic, "Anthropic's Responsible Scaling Policy: Version 3.0," February 24, 2026, https://www.anthropic.com/news/responsible-scaling-policy-v3 .) The original RSP, published in September 2023, organized the lab's safety commitments around the principle of "conditional, or if-then, commitments. If a model exceeded certain capability levels (for example, biological science capabilities that could assist in the creation of dangerous weapons), then the policy stated that we should introduce a new and stricter set of safeguards (for example, against model misuse and the theft of model weights)." (Source: same RSP v3.0 URL.) Each safeguard tier corresponds to an "AI Safety Level" (ASL): "ASL-2 referred to one set of required safeguards, whereas ASL-3 referred to a more stringent set of safeguards needed for more capable AI models." (Source: same.) The lab activated ASL-3 safeguards for relevant models in May 2025 and has been refining them since.

RSP v3.0 itself emerges from what the lab characterizes as a candid two-and-a-half-year self-assessment: "Two and a half years later, our honest assessment is that some parts of this theory of change have played out as we hoped, but others have not." (Source: same.) The revised RSP introduces three new structural elements — separating Anthropic's unilateral commitments from its multilateral recommendations to industry; introducing the requirement to develop and publish a Frontier Safety Roadmap; and requiring Risk Reports with external review.

The Frontier Compliance Framework and SB 53

California's SB 53 (Transparency in Frontier AI Act), effective January 1, 2026, in Anthropic's own framing "establishes the nation's first frontier AI safety and transparency requirements for catastrophic risks." (Source: Anthropic, "Sharing our compliance framework for California's Transparency in Frontier AI Act," December 19, 2025, https://www.anthropic.com/news/compliance-framework-SB53 .) The lab's Frontier Compliance Framework is the document the lab has published in response. It describes, in the lab's own words, "how we assess and mitigate cyber offense, chemical, biological, radiological, and nuclear threats, as well as the risks of AI sabotage and loss of control, for our frontier models. The framework also lays out our tiered system for evaluating model capabilities against these risk categories and explains our approach to mitigations. It also covers how we protect model weights and respond to safety incidents." (Source: same SB53 URL.)

Anthropic draws an explicit structural distinction between the FCF and the RSP: "the FCF will serve as our compliance framework for SB 53 and other regulatory requirements. The RSP will remain our voluntary safety policy." (Source: same.) The lab describes SB 53's effect on previously-voluntary commitments as durability-supplying: "By formalizing achievable transparency practices that responsible labs already voluntarily follow, the law ensures these commitments can't be abandoned quietly later once models get more capable, or as competition intensifies." (Source: same.)

The Frontier Safety Roadmap

Anthropic's Frontier Safety Roadmap is the most unusually documentary surface among the lab artifacts surveyed in this research. It records specific near-term goals with target dates and maintains an archive of completed-or-modified prior goals. Example goals from the current Roadmap include "Launch 'moonshot R&D' projects to investigate ambitious, possibly unconventional ways to achieve unprecedented levels of information security"; "Develop a method for red-teaming our systems (likely involving significant automation) that surpasses the collective contributions from the hundreds of participants in our bug bounty"; "Implement a number of systematic measures to ensure Claude behaves according to its constitution"; and "Publish a policy roadmap with concrete proposals for a 'regulatory ladder'—policies that scale with increasing risk and that could help guide government AI policy." (Source: same RSP v3.0 URL above.) The published archive of revised prior goals — for instance, a February 2026 commitment to "complete an internal in-depth analysis of key factors and set new Frontier Safety Roadmap goals based on it," subsequently re-targeted in April 2026 to "May 11, 2026, [to] publish a new goal related to this or announce that we aren't doing so" — creates a temporal record of institutional commitment that subsequent litigation can reach. (Source: Anthropic, "Previous goals" archive of the Frontier Safety Roadmap, https://www.anthropic.com/responsible-scaling-policy/updates .)

Self-assessment, race-to-the-top, and the zone of ambiguity

Anthropic's RSP v3.0 announcement is candid about what the original framework achieved and where it fell short. On the achievement side, the lab observes that "within a few months of announcing our RSP, both OpenAI and Google DeepMind adopted broadly similar frameworks. Some companies have also implemented bioweapon-related classifiers in a similar vein to our ASL-3 defenses. The principles behind these voluntary standards, including those in the RSP, have helped to inform the development of early AI policy." (Source: same RSP v3.0 URL.) On the shortfall side, the lab acknowledges what it terms a "zone of ambiguity" in capability-threshold determinations: "the science of model evaluation isn't well-developed enough to provide dispositive answers", and the lab observes that "Despite rapid advances in AI capabilities over the past three years, government action on AI safety has moved slowly. The policy environment has shifted toward prioritizing AI competitiveness and economic growth, while safety-oriented discussions have yet to gain meaningful traction at the federal level." (Source: same.)

Anthropic's federal-framework proposal, published alongside the FCF, articulates principles that would extend SB 53's transparency dynamic nationally — including "Requiring a public secure development framework", "Publishing system cards at deployment", "Protecting whistleblowers", and "Flexible transparency standards" that "can adapt as consensus best practices emerge." (Source: same SB53 URL.) The proposal includes the principle that "It should be an explicit violation of law for a lab to lie about compliance with its framework or punish employees who raise concerns about violations." (Source: same.)

GRAD-INTERN — The voluntary-to-statutory transition and the evidentiary record it produces

The structural relationship the lab itself describes — between the FCF (compliance) and the RSP (voluntary) — operates differently than it might first appear. From a doctrinal-substrate standpoint, voluntary commitments and statutory obligations both produce admissible documentary evidence in subsequent litigation, but the legal force of each is different. A statutorily-required transparency report (FCF, under SB 53) creates a baseline that the lab cannot quietly walk back without statutory violation; a voluntary commitment (RSP, on the lab's own initiative) is more flexibly modifiable but is also, in standard-of-care analysis, evidence the lab considered the safeguards reasonable at the time of publication. The lab's RSP v3.0 announcement is unusually direct about this dynamic, explicitly treating the voluntary RSP as a forcing function on the lab itself: "Our RSP did incentivize us to develop stronger safeguards." (Source: RSP v3.0 URL.) The Risk Reports Anthropic is now committing to produce every 3-6 months — with external review by independent third parties "who are deeply familiar with AI safety research, are incentivized to be open and honest about Anthropic's safety position, and are free of major conflicts of interest" (Source: same) — operate as a periodic self-disclosure surface that, again, is publicly available. For the abstracted product-liability attorney working in this space: Anthropic's published material constitutes a substantial documentary record on which standard-of-care analysis can develop, and the lab's own framing acknowledges the dual purpose. Whether the lab's substantive safety practice matches the documentary record is, in any specific matter, a question developed on the discovery record of that case. The RSP-versus-FCF distinction also illustrates a doctrinal frontier: as more states adopt SB-53-like statutes (and as the federal framework Anthropic has proposed advances or fails to advance), the proportion of lab safety practice that is statutorily-required (versus voluntary) will shift, and standard-of-care analysis will shift with it.

§V.2 OpenAI

What OpenAI has said and done, in plain language

OpenAI maintains a public-facing safety hub and has published a sequence of model "system cards" — formal documentation accompanying each major model launch. The lab's safety hub is structured around three pillars (Teach, Test, Share) and includes references to a "Preparedness Framework," parental controls (introduced September 2025), and a series of system-card and safety-publication artifacts spanning GPT-4, GPT-4o, o1, and the GPT-5 family.

People who work on this material at OpenAI include red-team leads, safety-evaluation researchers, the Preparedness team, Trust & Safety operations, and the lab's policy and legal-and-compliance functions.

The safety hub and three-pillar framing

OpenAI's safety-hub page presents the lab's safety practice through three pillars: Teach (filtering data; OpenAI Policies; human values); Test (red teaming; system cards; preparedness evaluations); and Share (safety committees; alpha/beta/GA progression; feedback loops). The lab's own framing of the practice is continuous-improvement: "Building safe AI isn't one and done. Every day is a chance to make things better. And every step helps anticipate, evaluate, and prevent risk." (Source: OpenAI, "Safety at every step," https://openai.com/safety/ , accessed 2026-05-07.) The hub identifies five "critical areas" the lab works with industry leaders and policymakers on: child safety, private information, deep fakes, bias, and elections.

External red-teaming as published practice

OpenAI's external red-teaming practice is the lab's most-substantively-detailed publicly-described safety process. Lama Ahmad, Sandhini Agarwal, Michael Lampe, and Pamela Mishkin co-authored "OpenAI's Approach to External Red Teaming for AI Models and Systems," which describes a four-goal framework: "Discovery of novel risks"; "Stress testing mitigations"; "Augmenting risk assessment with domain expertise"; and "Independent assessment." (Source: Ahmad, Agarwal, Lampe, Mishkin, "OpenAI's Approach to External Red Teaming for AI Models and Systems," https://cdn.openai.com/papers/openais-approach-to-external-red-teaming.pdf .) The lab states that "OpenAI has conducted external red teaming for frontier AI model deployments since the launch of DALL-E 2 in 2022. At the time of writing, several System Cards have been published that detail the red teaming efforts for GPT-4, GPT-4(V), DALL-E 3, GPT-4o, and o1." (Source: same.)

The paper's own self-assessment is equally direct on limitations: "Red teaming on its own is not a panacea for risk assessment." (Source: same.) Among the limitations the paper enumerates: "Risks surfaced in one point in time red teaming effort may be under-assessed or no longer reflected in an updated system or model, and as such, should not be seen as a panacea for risk assessment efforts of AI systems"; resource intensity; potential harms to red-teaming participants; information-hazard generation; and increasing-sophistication thresholds as models become more capable. (Source: same.)

The paper's Appendix A enumerates fifteen testing areas, including — directly relevant to the harm-output landscape — "Violence and self harm: Does the model refuse to give answers that support violence, enable self-harm, etc.?" (Source: same.) Adjacent testing areas include "Bias and Fairness," "Persuasiveness," "Controversial Questions," and "Dangerous Planning." The paper closes with the observation that "Red teaming also needs to be paired with externally specified thresholds and practices for accountability of discovered risks." (Source: same.)

System cards and the sensitive-conversations addendum

OpenAI's safety hub references a published series of system cards through GPT-5.3-Codex, with named addenda including an "Addendum to GPT-5 System Card: Sensitive conversations." (Source: OpenAI safety hub URL above.) The Sensitive-conversations addendum is most directly relevant to the Raine matter described in Part I §I.3 and is named on the safety hub at access date; the Addendum's full text was not sampled in this research's R1 corpus and is an augmentation candidate for a follow-on research round.

GRAD-INTERN — Research-gap acknowledgment: GPT-4 system card URL no longer resolves; later cards are accessible

A note on substrate currency. The original GPT-4 system card URL, https://openai.com/index/gpt-4-system-card/, returns a 404 page at access date 2026-05-07 of this research. The lab continues to maintain system cards for subsequent model launches (GPT-4o, o1, the GPT-5 family); access to those is via the safety hub and the current system-card index. The implication for product-liability discovery is doctrinally specific: when historical model documentation becomes unreachable at its original URL, the practical effect is that the public-facing standard-of-care record for that model becomes thinner over time. The Internet Archive Wayback Machine and academic indices (e.g., Google Scholar's record of papers citing GPT-4's red-team practices) may preserve copies that the lab no longer hosts. For an attorney working in this space: do not assume that the public record for any specific model is still at its original URL; verify accessibility at the specific date relevant to the matter, and where original URLs no longer resolve, source via archived copies preserved by third-party indices. The same dynamic likely applies to other frontier labs' historical documentation.

§V.3 Character.AI

What Character.AI has said and done, in plain language

Character.AI (operated by Character Technologies) is the deployer-defendant most-prominently named in the wrongful-death litigation described in Parts I and III §III.4. The company's post-settlement public posture, as observable from its safety pages and product blog at access date, documents an active product roadmap and a four-surface safety architecture. Substrate is sparse relative to Anthropic and OpenAI; this research treats the gap explicitly per the methodology established at companion file Layer 1's grad-intern callout.

People who work on this material at Character.AI include product engineers (model integration, persona design, system-prompt engineering), Trust & Safety operations, content-moderation operators, age-gating and minor-protection designers, and the lab's policy, legal-and-compliance, and external-affairs functions.

Public-facing safety architecture

Character.AI's Safety Center documents four named safety surfaces: Parental Insights, Content Moderation, Teen Safety, and Reporting. The lab's framing positions this work as "safety-by-design ... anchored by our goal of creating a safe and engaging experience." (Source: https://character.ai/safety , accessed 2026-05-07. Cross-reference Part III §III.4 where this framing is also discussed at the application-layer technical level.) The Parental Insights surface implements a multi-step parental-access workflow (teen-initiated invitation followed by parental email confirmation). The lab's public blog records ongoing model-update activity, memory features, and product releases through 2026. (Source: https://blog.character.ai/ , accessed 2026-05-07.)

Research-gap acknowledgment

Our R1 research substrate on Character.AI's post-settlement product/policy posture is sparse. The Safety Center documents a public-facing safety architecture; the blog records ongoing product activity; but the substantive operational posture — incident-response practice, post-deployment monitoring detail, model-risk-evaluation cadence, and the texture of cross-functional engagement with legal counsel — is not visible in the public record we have surfaced. The PA AG action against Character.AI described in Part I §I.5 and Part IV §IV.3.f is one source of additional public information; that complaint is an augmentation candidate at the next harvest round.

GRAD-INTERN — Settlement effects on the doctrinal record and the post-settlement product reality

Character.AI agreed to settle Garcia and several other matters in January 2026. Settlement resolves the specific cases without producing the appellate doctrinal record those cases would otherwise have produced; the company continues operating with an active product roadmap. The doctrinal residue of Garcia — Conway's product holding, addressed at Part I §I.7 — is on the books at trial-court level, but the appellate development that would harden it into binding precedent did not occur in that case. For the abstracted product-liability attorney working in this space, this means that Character.AI as a deployer continues to operate post-settlement; future matters (the not-yet-public Nov-2025 college-graduate case, the Pennsylvania AG action, and any subsequent matters) will, individually and collectively, supply or fail to supply further doctrinal development. The K&L Gates analysis cited at Part III §III.4 frames this trajectory directly: "the first bellwether jury verdicts will establish critical precedents for the cases that follow." (Source: K&L Gates, "AI Product Liability: The Next Wave of Litigation," March 27, 2026, https://www.klgates.com/AI-Product-Liability-The-Next-Wave-of-Litigation-3-27-2026 .) Whether subsequent Character.AI matters reach a bellwether jury verdict — and whether other deployer-defendants take their cases to trial — is the open question that drives the doctrinal trajectory in this segment of the wave.

§V.4 Industry Convergence Patterns

What is converging across labs

Several practices appear across labs at access date for this research, with documentary substrate sufficient to identify them as convergent:

What is diverging across labs

GRAD-INTERN — Industry convergence as documentary baseline for cross-lab standard-of-care analysis

When several frontier labs adopt broadly similar framework structures (capability-thresholds; tiered safeguards; published red-team practices; system cards at deployment), the practical effect for product-liability standard-of-care analysis is to produce a documentary baseline. A lab that publishes a framework substantially similar to Anthropic's, OpenAI's, and Google DeepMind's frameworks is, in subsequent litigation, holding itself to a standard the industry has visibly converged toward. A lab that does not publish such a framework — or that publishes one that visibly diverges from the convergent practice — is in a different doctrinal posture: the absence of convergent practice is itself documentary, and explaining the divergence becomes the lab's burden in standard-of-care contests. Anthropic's RSP v3.0 announcement is direct about the intended dynamic: the original RSP's goal was that "RSPs, or similar policies, would become voluntary industry standards or go on to inform AI laws aimed at encouraging safety and transparency in AI model development." (Source: RSP v3.0 URL.) The convergent industry practice produces, over time, the kind of documentary record that defendants and plaintiffs both reach for in standard-of-care motion practice. SB 53 and analogous statutes accelerate this dynamic by formalizing some convergent practices at statutory level.

§V.5 Cross-Lab Comparison Table

The following table compares the documentary surfaces across the three labs most-directly named in the harm-output landscape, plus Google DeepMind as a frontier-lab comparator, at access date 2026-05-07. Cell entries summarize what is publicly available in this research's R1 corpus; (thin) indicates substrate gap; (follow-on) indicates a follow-on research candidate.

| Surface | Anthropic | OpenAI | Character.AI | Google DeepMind | |---|---|---|---|---| | Responsible-scaling / preparedness framework | RSP v3.0 (Feb 2026; voluntary) | Preparedness Framework (Apr 2025 update; voluntary) | (thin — deployer; substrate sparse) | Frontier Safety Framework (per Anthropic RSP cross-reference) | | SB 53 compliance documentation | Frontier Compliance Framework (Dec 2025) | analogous in development (follow-on) | (thin) | analogous in development (follow-on) | | External red-teaming program with published methodology | Challenges in Red Teaming AI Systems (Jun 2024) | External Red Teaming paper (Ahmad et al.) | (thin — follow-on) | per Anthropic RSP cross-reference; analogous publications (follow-on) | | System cards at major model launches | per RSP v3.0 commitment; Risk Reports every 3-6 months | published series through GPT-5.3-Codex | (thin) | per Anthropic RSP cross-reference (follow-on) | | Sensitive-conversations / harm-output specific guidance | per FCF risk-category enumeration | "Addendum to GPT-5 System Card: Sensitive conversations" (named on safety hub; full text not yet sampled) | Safety Center four-surface architecture; Reporting | (thin — follow-on) | | External review of risk reports | RSP v3.0 commitment (in pilot) | (thin) | (thin) | (thin — follow-on) | | Whistleblower-protection posture | federal-framework proposal articulates principle | (thin — follow-on) | (thin) | (thin — follow-on) | | Public-facing harm-incident response | per FCF "respond to safety incidents" | Trust & Safety operations (per safety hub) | Reporting surface (Safety Center) | (thin) |

Part V closing forward-pointer

Part V has surveyed the lab-and-platform-side response to the harm-output landscape: Anthropic's documentary architecture (RSP, FCF, Frontier Safety Roadmap, Risk Reports); OpenAI's three-pillar safety hub and external red-teaming practice; Character.AI's post-settlement product reality with sparse substrate; and the cross-lab convergence and divergence patterns. The labs have published substantial material; the relationship between published practice and substantive internal practice is the contested question that develops on the discovery record of any specific matter.

Part VI takes up the strategic surfaces where the doctrinal landscape of Part IV and the lab posture of Part V intersect: the most-fruitful surfaces for product-liability attorneys; the most-studied versus most-understudied portions of the landscape; the technical-and-legal challenges frontier labs are currently navigating; and a recommendations synthesis for the abstracted product-liability attorney audience.

Several Part-V threads run forward into Parts VI–VII: