Episode 12 of Agent Mode AI. Abby and Avery walk AM-009, the claim that Anthropic's Claude for Chrome launch is a procurement-decision data point about the maturity of the browser-resident agentic AI class rather than about Anthropic specifically. The published security disclosure on the launch reports a twenty-three point six percent prompt-injection success rate pre-mitigation, eleven point two percent post-mitigation, and zero percent on URL-injection variants after subsequent patches, against a defined attack corpus. The procurement-relevant signal is the published-disclosure posture itself, which places Anthropic in Cohort A under the AM-007 vendor-response-split framework. Brave Software's adjacent research on Comet confirms the prompt-injection class is structural to browser-resident agents rather than Anthropic-specific. The episode concludes with five questions a chief information officer and chief information security officer can require answered in writing before authorising browser-agent pilots.

Sources cited:

- Anthropic Claude for Chrome announcement, 26 August 2025

- Anthropic published security disclosure on Claude for Chrome

- Brave Software research on Comet prompt injection

- Simon Willison agentic-browser-security commentary, 25 August 2025

- Zenity Labs AgentFlayer research, Black Hat USA 2025

- EchoLeak CVE-2025-32711, disclosed August 2025

Claims tracked:

- AM-009 — Claude for Chrome procurement-grade disclosure pattern — agentmodeai.com/holding/?claim=AM-009

- AM-007 — AgentFlayer cross-agent prompt-injection class vendor-response split — agentmodeai.com/holding/?claim=AM-007

- AM-146 — Three accuracy-disclosure questions for procurement — agentmodeai.com/holding/?claim=AM-146

Newsletter and the full Holding-up ledger: agentmodeai.com