Internal Access Anthropic’s April 5th policy update targeted third-party agentic wrappers — tools like OpenClaw and Hermes Agent that tens of thousands of developers and businesses depend on. The community’s anger is justified. But the deeper lesson isn’t about Anthropic.
On Saturday the 5th of April, Anthropic quietly published a revised API usage policy. Buried in the legal language was a clause that landed like a grenade in the agentic AI community: third-party “orchestration layers and autonomous wrapper products” built on top of Claude would need to migrate to Anthropic’s certified partner programme — or lose API access within thirty days. No grandfather clause. No extended transition. Thirty days.
By Monday morning, the threads on Hacker News and r/LocalLLaMA were running at hundreds of comments. OpenClaw — the open-source agentic framework with more than 12,000 GitHub stars — posted a brief statement saying it was “assessing options.” The team behind Hermes Agent, which had paying enterprise customers running custom Claude-powered workflows, started emergency calls with their users. The message from Anthropic was polite and wrapped in safety language, but the meaning was clear: we decide who gets to build autonomous agents on our models, and right now, that list is shorter than you thought.
Anthropic’s stated rationale is coherent. As agentic systems take consequential actions — writing code, sending emails, calling APIs, managing files — the safety characteristics of the orchestration layer matter enormously. If a third-party wrapper strips out context-window safeguards or re-prompts Claude in ways that bypass its trained behaviour, Anthropic bears some of the reputational and regulatory cost without any of the oversight. The Mexico government hack we wrote about in March — where a threat actor used Claude via a persistent agentic workflow to exfiltrate 195 million records — sharpened that concern considerably. Anthropic cannot audit every wrapper. So they are narrowing the field to wrappers they can.
That reasoning is sound. The problem is what it reveals about the architecture most businesses have quietly accepted.
The reaction from developers was not irrational. Teams that had spent months building production pipelines on OpenClaw and Hermes Agent were not naive about vendor dependency — they were following the industry’s standard advice. Use the best-in-class model. Build on the established tooling. Update when APIs change. What the April 5th update revealed is that the dependency runs deeper than an API version. The capability itself — the ability to run autonomous agents at all — is licensed, not owned. And licences can be revoked.
Kemi Adesanya, who runs AI infrastructure for a UK financial services firm that had been using a Hermes Agent deployment for internal document review, put it plainly in a LinkedIn post that circulated widely: “We built a workflow that saves twelve hours of analyst time per week. We don’t have thirty days to rebuild it. We have thirty days to panic.” Her post drew over four hundred comments from people who recognised the situation.
The conversation that followed was instructive. Developers who had been sceptical of cloud AI dependency for years cited this as the moment they had been anticipating. Others who had been on the fence about local model deployment quietly started asking questions about hardware requirements. The certified partner route Anthropic offered was not dismissed outright, but the application process, the compliance requirements, and the ongoing approval dependency all felt like trading one form of uncertainty for a more expensive one.
There is a parallel here that the data privacy world worked through a decade ago. When GDPR crystallised the principle of data sovereignty — that organisations have a right and a responsibility to control where their data lives, who processes it, and under what conditions it can be accessed — it forced a reckoning with the convenience of cloud storage. The answer was not to stop using technology. It was to demand architecture that matched the risk profile.
AI has arrived at the same juncture, and it needs the same concept: Capability Sovereignty. The right to control not just where your data lives, but what your AI can do, how it behaves, and whether a third-party vendor can modify or revoke those capabilities overnight. Data Sovereignty asks: who controls your information? Capability Sovereignty asks: who controls your intelligence?
The April crackdown is not a one-off. It is a preview of what happens when capability is leased from a centralised provider navigating its own commercial, regulatory, and reputational pressures. We saw the same dynamic play out when Google locked a lawyer out of his Gmail account for uploading lawful legal documents to NotebookLM. Anthropic made a reasonable safety decision that had severe downstream consequences for businesses that had made reasonable commercial decisions. There was no bad actor in this story. The architecture itself is the problem.
For organisations that depend on agentic AI, the answer is not to stop using it. The agentic workflows that OpenClaw and Hermes Agent enabled are genuinely valuable — the twelve hours of weekly analyst time Kemi’s firm recovered is not going back into a spreadsheet. The question is where those workflows run and who controls the model underneath them.
At JD Fortress AI, every deployment runs on hardware the client controls, using open-weight models that carry no usage policy, no partner programme requirement, and no thirty-day notice period. The models cannot be de-certified because there is no certifying authority above them. The agentic orchestration layer is the client’s own infrastructure. When Anthropic updates its terms of service, it is news — not a crisis. The architecture is the product, as Anthropic’s own accidentally leaked source code confirmed just days before this policy landed.
Local models are not yet at frontier capability on every task, and we do not pretend otherwise. But the capability gap is narrowing faster than most people expected eighteen months ago, and the governance gap — the difference between owning your AI and leasing it — is not closing at all. If anything, the events of April 5th suggest it is widening.
Data Sovereignty took years to become a boardroom priority. Capability Sovereignty should not have to wait that long.
JD Fortress AI builds secure, on-premises RAG and agent solutions for UK businesses in regulated sectors. If you’re exploring always-on, private AI teammates that your vendor can’t switch off, get in touch for a confidential discussion — no pitch, just practical talk.
If you're thinking about secure AI for your business, we'd love to have a conversation.
Get in Touch →