thumbgate 1.27.7 → 1.27.9

package/public/compare/anthropic-claude-for-legal.html

@@ -0,0 +1,260 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8" />
+  <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+  <title>ThumbGate vs Claude for Legal | Runtime Gate Pairs With Anthropic's Practice-Area Plugins</title>
+  <meta name="description" content="Anthropic shipped Claude for Legal (May 2026): 12 practice-area plugins + 20+ connectors + Claude Opus 4.7 at 90.9% on Harvey's BigLaw Bench. It is a model + integrations bundle with 'human in the loop' as the safety story. ThumbGate is the runtime gate underneath: PreToolUse enforcement that fires before Claude's proposed tool call executes. Use both." />
+  <meta property="og:title" content="ThumbGate vs Claude for Legal | Runtime Gate Pairs With Anthropic's Practice-Area Plugins" />
+  <meta property="og:description" content="Claude for Legal generates the action; ThumbGate gates the action. Same architectural insight as Anthropic's published containment: deterministic enforcement at runtime, in your environment, with no LLM in the decision path. Complementary, not competitive." />
+  <meta property="og:type" content="article" />
+  <meta property="og:url" content="https://thumbgate.ai/compare/anthropic-claude-for-legal" />
+  <link rel="canonical" href="https://thumbgate.ai/compare/anthropic-claude-for-legal" />
+  <link rel="llm-context" href="/llm-context.md" type="text/markdown" />
+  <link rel="icon" type="image/png" href="/thumbgate-icon.png" />
+  <link rel="apple-touch-icon" href="/assets/brand/thumbgate-mark.svg" />
+  <meta property="og:image" content="/og.png" />
+  <style>
+    :root { --bg: #0a0a0b; --bg-raised: #111113; --bg-card: #161618; --line: #222225; --text: #e8e8ec; --muted: #8b8b96; --cyan: #22d3ee; --green: #4ade80; --amber: #fbbf24; }
+    * { box-sizing: border-box; }
+    body { margin: 0; font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', sans-serif; background: var(--bg); color: var(--text); line-height: 1.65; }
+    a { color: var(--cyan); text-decoration: none; }
+    a:hover { text-decoration: underline; }
+    .container { max-width: 980px; margin: 0 auto; padding: 0 24px; }
+    .topbar { position: sticky; top: 0; z-index: 20; backdrop-filter: blur(12px); background: rgba(10, 10, 11, 0.88); border-bottom: 1px solid var(--line); }
+    .topbar .container { display: flex; justify-content: space-between; align-items: center; padding-top: 14px; padding-bottom: 14px; }
+    .brand { font-weight: 700; color: var(--text); display: inline-flex; align-items: center; gap: 8px; text-decoration: none; }
+    .brand .logo-mark { width: 28px; height: 28px; display: block; }
+    .hero { padding: 72px 0 32px; }
+    .eyebrow { display: inline-flex; align-items: center; gap: 8px; padding: 6px 12px; border-radius: 999px; border: 1px solid rgba(34, 211, 238, 0.22); background: rgba(34, 211, 238, 0.1); color: var(--cyan); text-transform: uppercase; letter-spacing: 0.08em; font-size: 12px; font-weight: 700; }
+    h1 { font-size: clamp(34px, 5vw, 56px); line-height: 1.06; letter-spacing: -0.04em; margin: 16px 0; max-width: 860px; }
+    .hero p { max-width: 760px; color: var(--muted); font-size: 18px; }
+    .grid { display: grid; grid-template-columns: minmax(0, 2fr) minmax(280px, 1fr); gap: 24px; padding-bottom: 72px; }
+    .card, .detail-section, .sidebar-card { background: var(--bg-card); border: 1px solid var(--line); border-radius: 16px; }
+    .card { padding: 24px; }
+    .detail-section { padding: 24px; margin-bottom: 18px; }
+    .detail-section h2 { margin: 0 0 12px; font-size: 24px; letter-spacing: -0.03em; }
+    .detail-section p, .detail-section li, .sidebar-card p { color: var(--muted); }
+    .detail-section ul, .card ul { padding-left: 18px; color: var(--muted); }
+    .comparison-table { width: 100%; border-collapse: collapse; margin-top: 16px; font-size: 14px; }
+    .comparison-table th, .comparison-table td { border: 1px solid var(--line); padding: 12px; text-align: left; vertical-align: top; }
+    .comparison-table th { background: var(--bg-raised); color: var(--cyan); }
+    .pill-row { display: flex; flex-wrap: wrap; gap: 12px; margin-top: 24px; }
+    .pill { border: 1px solid var(--line); background: var(--bg-raised); border-radius: 999px; padding: 10px 14px; font-size: 14px; font-weight: 650; }
+    .pill.good { color: #b8f7c8; border-color: rgba(74, 222, 128, 0.28); background: rgba(74, 222, 128, 0.1); }
+    .pill.warn { color: #ffe2a4; border-color: rgba(251, 191, 36, 0.28); background: rgba(251, 191, 36, 0.1); }
+    .sidebar { display: flex; flex-direction: column; gap: 18px; }
+    .sidebar-card { padding: 20px; }
+    .sidebar-card:first-child { position: sticky; top: 84px; max-height: calc(100vh - 104px); overflow-y: auto; -webkit-overflow-scrolling: touch; }
+    .cta-button { display: inline-flex; align-items: center; justify-content: center; margin-top: 18px; padding: 12px 16px; border-radius: 10px; background: var(--cyan); color: #071116; font-weight: 700; text-decoration: none; }
+    .related-card { display: block; padding: 14px; border-radius: 12px; border: 1px solid var(--line); background: var(--bg-raised); margin-top: 12px; color: var(--text); }
+    .related-label { display: block; color: var(--muted); font-size: 12px; text-transform: uppercase; letter-spacing: 0.08em; margin-bottom: 4px; }
+    .faq-item { border-top: 1px solid var(--line); padding: 14px 0; }
+    .faq-item summary { cursor: pointer; font-weight: 600; }
+    .faq-item p { color: var(--muted); }
+    blockquote { border-left: 3px solid var(--cyan); margin: 14px 0; padding: 6px 16px; color: var(--text); font-style: italic; background: rgba(34, 211, 238, 0.05); }
+    @media (max-width: 860px) { .grid { grid-template-columns: 1fr; } .sidebar-card:first-child { position: static; max-height: none; overflow: visible; } }
+  </style>
+  <script type="application/ld+json">
+{
+  "@context": "https://schema.org",
+  "@type": "TechArticle",
+  "headline": "ThumbGate vs Claude for Legal",
+  "description": "Anthropic's Claude for Legal (launched 2026-05-12) ships 12 practice-area plugins + 20+ connectors + Claude Opus 4.7 at 90.9% on Harvey's BigLaw Bench. The safety story is 'human in the loop.' ThumbGate is the runtime gate underneath: PreToolUse enforcement that fires before Claude's proposed tool call executes. Same architectural insight as Anthropic's own published containment model, extended to the developer-agent layer.",
+  "about": ["thumbgate vs claude for legal", "Anthropic legal AI governance", "PreToolUse runtime enforcement for legal agents", "law firm agent safety architecture"],
+  "url": "https://thumbgate.ai/compare/anthropic-claude-for-legal",
+  "citation": [
+    "https://www.artificiallawyer.com/2026/05/12/claude-for-legal-launches-may-reshape-the-legal-tech-world/",
+    "https://fortune.com/2026/05/12/anthropic-legal-plug-in-release-claude-cowork-big-law/",
+    "https://www.anthropic.com/engineering/how-we-contain-claude"
+  ],
+  "publisher": { "@type": "Organization", "name": "ThumbGate", "url": "https://thumbgate.ai" },
+  "mainEntityOfPage": "https://thumbgate.ai/compare/anthropic-claude-for-legal"
+}
+  </script>
+  <script type="application/ld+json">
+{
+  "@context": "https://schema.org",
+  "@type": "FAQPage",
+  "mainEntity": [
+    {
+      "@type": "Question",
+      "name": "Is Claude for Legal a ThumbGate competitor?",
+      "acceptedAnswer": {
+        "@type": "Answer",
+        "text": "No. Claude for Legal is a vertical bundle: Claude Opus 4.7 plus 12 practice-area plugins (Commercial, Employment, Privacy, Product, Corporate, AI Governance, etc.) plus 20+ connectors (DocuSign, Ironclad, iManage, NetDocuments, LexisNexis, Thomson Reuters, Box, Everlaw, LSuite) embedded into Word, Outlook, Claude Cowork, and Claude Projects. It is what the agent uses to do legal work. ThumbGate is the runtime gate that runs at PreToolUse — the moment after Claude proposes a tool call (a fetch from LexisNexis, a write to iManage, an outbound LLM call) and before that tool actually fires. Anthropic generates the action; ThumbGate gates the action. Most BigLaw deployments need both."
+      }
+    },
+    {
+      "@type": "Question",
+      "name": "Doesn't Claude for Legal already have safety built in?",
+      "acceptedAnswer": {
+        "@type": "Answer",
+        "text": "Anthropic's published safety story for Claude for Legal is 'keep a human in the loop on decision making' — a workflow principle, not a runtime enforcement layer. That principle is correct and necessary, but it relies on the attorney to spot the wrong action before approving. Sullivan & Cromwell apologized to a federal judge in early 2026 for AI-hallucinated citations despite policies, mandatory training, and verification requirements. Policies are not enforcement. A runtime PreToolUse hook inspects the proposed tool call deterministically before the attorney sees it for approval — the gate fires whether or not the human is paying attention."
+      }
+    },
+    {
+      "@type": "Question",
+      "name": "Does ThumbGate work with Claude for Legal specifically?",
+      "acceptedAnswer": {
+        "@type": "Answer",
+        "text": "Yes. ThumbGate's enforcement runs at the agent runtime's PreToolUse boundary, which exists in every Claude surface that exposes tool calls — Claude Code, Claude Desktop (which is where Claude for Legal's M365 plugins surface for desktop users), and the Claude API when called from Cursor, Codex CLI, Gemini CLI, Sourcegraph Amp, Cline, or OpenCode. The same rule pack — unauthorized-practice patterns, conflict-checker, privilege-marker egress — fires regardless of whether the model proposing the action is Claude Opus 4.7 via Claude for Legal, Claude via direct API, or another vendor's model."
+      }
+    },
+    {
+      "@type": "Question",
+      "name": "Anthropic's containment architecture also covers tool calls — isn't that the same thing as ThumbGate?",
+      "acceptedAnswer": {
+        "@type": "Answer",
+        "text": "Anthropic's published containment architecture (gVisor ephemeral containers for claude.ai, Seatbelt/bubblewrap sandboxes for Claude Code, hypervisor VMs for Claude Cowork, MITM egress proxy after credential exfiltration was discovered) covers what Anthropic ships. It stops at the Claude Code process boundary. ThumbGate runs the same three-layer model at the IDE-agent layer for the agents that share a developer's environment with Claude — Cursor, Codex CLI, Gemini CLI, Amp, Cline, OpenCode — and at the firm-specific rule layer that Anthropic's general-purpose containment cannot encode (your adverse-parties list, your UPL phrasing, your privilege markers, your matter-specific allowlists). See our /compare/anthropic-containment page for the deeper architectural map."
+      }
+    },
+    {
+      "@type": "Question",
+      "name": "Why would a BigLaw firm running Claude for Legal need a separate runtime gate?",
+      "acceptedAnswer": {
+        "@type": "Answer",
+        "text": "Three reasons. First, regulatory: the firm-specific rules that satisfy ABA Formal Opinion 512 and state-bar Unauthorized-Practice-of-Law conventions are not in Anthropic's product — they live in your ethics team's policy memo. Second, evidentiary: a procurement review needs structured audit logs that show 'rule X version Y matched proposed action Z and blocked it' — Claude for Legal's safety story is process-level (human in the loop), not artifact-level. Third, vendor independence: the same rule pack must fire when associates use Cursor, Codex, or Gemini CLI alongside Claude for Legal, and Anthropic's safety architecture does not extend to other vendors' agents."
+      }
+    }
+  ]
+}
+  </script>
+</head>
+<body>
+  <header class="topbar">
+    <div class="container">
+      <a href="/" class="brand"><img src="/assets/brand/thumbgate-mark-inline.svg" alt="ThumbGate" class="logo-mark" width="28" height="28" /><span>ThumbGate</span></a>
+      <nav><a href="/learn">Learn</a> &nbsp; <a href="/pro">Pro</a> &nbsp; <a href="https://github.com/IgorGanapolsky/ThumbGate" target="_blank" rel="noopener">GitHub</a></nav>
+    </div>
+  </header>
+
+  <section class="hero">
+    <div class="container">
+      <span class="eyebrow">ThumbGate vs Claude for Legal</span>
+      <h1>Anthropic generates the legal action. ThumbGate learns from the attorney and gates the legal action.</h1>
+      <p><strong>Claude for Legal</strong> (launched 2026-05-12) is a vertical bundle: Claude Opus 4.7 (90.9% on Harvey's BigLaw Bench), 12 practice-area plugins (Commercial, Employment, Privacy, Corporate, AI Governance, and more), and 20+ connectors (DocuSign, Ironclad, iManage, NetDocuments, LexisNexis, Thomson Reuters, Box, Everlaw, LSuite) embedded into Word, Outlook, Claude Cowork, and Claude Projects. <strong>ThumbGate</strong> is the full feedback-to-enforcement loop underneath: every 👍 / 👎 an attorney gives on any AI answer becomes a lesson in a local lesson DB, recurring lessons get promoted to prevention rules, and those rules then fire at the PreToolUse hook before Claude's next proposed tool call executes. Anthropic's safety story is <em>"human in the loop on decision making."</em> Ours is <em>"the attorney's vote becomes the rule, and the rule fires deterministically before the next decision is even shown to a human."</em> Most regulated firms need both.</p>
+      <p style="margin-top:18px; padding:14px 18px; border-left:3px solid #a78bfa; background:rgba(167,139,250,0.08); border-radius:0 6px 6px 0; max-width:760px;">
+        <strong style="color:#a78bfa">No public-facing chatbot? You still have the risk surface.</strong>
+        Most BigLaw firms don't take client intake through a chatbot &mdash; but associates already paste matter context into Claude (including Claude for Legal), Cursor, Codex, and internal LLM gateways every day. The risk isn't a bot giving public advice; it's <em>internal</em> agent use the firm can't see. ThumbGate produces a searchable audit log + RAG of every gated detection &mdash; queryable by ethics, risk, and innovation owners. Your conflicts DB and document systems stay where they are.
+      </p>
+    </div>
+  </section>
+
+  <main class="container">
+    <div class="grid">
+      <div class="content">
+
+        <section class="detail-section">
+          <h2>Side-by-side scope comparison</h2>
+          <table class="comparison-table">
+            <thead>
+              <tr><th>Dimension</th><th>Claude for Legal</th><th>ThumbGate</th></tr>
+            </thead>
+            <tbody>
+              <tr><td><strong>Product category</strong></td><td>Vertical AI bundle: model + practice-area plugins + connectors</td><td>Runtime governance gate at PreToolUse</td></tr>
+              <tr><td><strong>What it does</strong></td><td>Generates legal work product across Word, Outlook, Cowork, Projects</td><td>Inspects the proposed tool call and returns allow / warn / block / route-to-human before the tool fires</td></tr>
+              <tr><td><strong>Surfaces</strong></td><td>Word, Outlook, Claude Cowork, Claude Projects, Claude.ai, Microsoft 365</td><td>Claude Code, Claude Desktop, Cursor, OpenAI Codex CLI, Google Gemini CLI, Sourcegraph Amp, Cline, OpenCode</td></tr>
+              <tr><td><strong>Safety story</strong></td><td>"Keep a human in the loop on decision making" (workflow principle)</td><td>Deterministic PreToolUse pattern-match against firm-configured rules (artifact)</td></tr>
+              <tr><td><strong>Firm-specific rule encoding</strong></td><td>Not in product &mdash; lives in your ethics team's policy memo</td><td>Your adverse-parties list, UPL phrasing, privilege markers, matter-specific allowlists as enforced rules</td></tr>
+              <tr><td><strong>Audit evidence</strong></td><td>Process-level (human approvals captured in workflow)</td><td>Artifact-level (rule ID + version + matched pattern + audit ID + ISO 27001 control mapping in downloadable JSON per blocked action)</td></tr>
+              <tr><td><strong>Vendor coverage</strong></td><td>Claude only</td><td>Claude + every other agent your associates use alongside it</td></tr>
+              <tr><td><strong>Pricing model</strong></td><td>Bundled with paid Claude subscriptions (no separate SKU disclosed at launch)</td><td>Open-source free tier + Pro/Team for hosted evidence, adapter coverage, audit-export</td></tr>
+            </tbody>
+          </table>
+        </section>
+
+        <section class="detail-section">
+          <h2>The full ThumbGate loop &mdash; not just the gate</h2>
+          <p>The PreToolUse hook is the endpoint of a four-stage loop, not the whole product. The loop is what makes the gate <em>your firm's gate</em>, not a generic one. Every stage is in your environment:</p>
+          <ol>
+            <li><strong>Capture.</strong> An attorney reviews an AI answer &mdash; a Claude for Legal drafted clause, a Cowork project summary, a proposed conflict-check action, a research citation. They click 👍 (the answer was good) or 👎 (the answer was wrong, unauthorized, or unsafe). One click. The feedback record is structured: the context, what worked or went wrong, and what should change next time.</li>
+            <li><strong>Memory.</strong> The feedback record lands in a local lesson DB (SQLite + LanceDB vector index) on the firm's infrastructure. The same record stores wins, mistakes, and edge cases. Nothing leaves the firm's perimeter. The lesson DB is searchable: when a new intake matches a prior pattern, the relevant lessons are retrieved before the agent answers.</li>
+            <li><strong>Rule promotion.</strong> When a 👎 pattern recurs across distinct sessions, Thompson Sampling promotes it from a one-off lesson to a deterministic prevention rule. The rule is human-readable and editable &mdash; your ethics team can audit, soften, or override it. Wins get reinforced the same way: patterns the attorneys consistently approved become the routing the agent prefers.</li>
+            <li><strong>Enforcement.</strong> The promoted rules fire at the PreToolUse hook before Claude's next proposed tool call executes. Allow, warn, block, or route-to-human, with an artifact-level audit log (rule ID, version, matched pattern, audit ID, ISO 27001 control mapping). The attorney's vote from stage 1 is now an enforced constraint that fires deterministically before any human is asked to approve again.</li>
+          </ol>
+          <p>That is what "infrastructure firewall for AI coding agents" means in practice. Claude for Legal generates the legal action. ThumbGate <em>learns from the attorney's vote on that action</em>, then <em>enforces the lesson on the next one</em>. The two products are stacked, not competing.</p>
+        </section>
+
+        <section class="detail-section">
+          <h2>The shared architectural insight, made explicit</h2>
+          <p>Anthropic's own published <a href="/compare/anthropic-containment">containment architecture</a> (gVisor ephemeral containers for claude.ai, Seatbelt/bubblewrap sandboxes for Claude Code, hypervisor VMs for Claude Cowork, MITM egress proxy added after credential exfiltration was discovered through approved domains, tool-output inspection before context insertion) is the strongest endorsement of ThumbGate's posture from the company that built Claude. They run runtime enforcement at every layer they ship.</p>
+          <p>Claude for Legal extends Anthropic's <em>capability</em> surface (legal plugins, M365 integration, connectors) but does not extend the <em>enforcement</em> surface. Their safety language for the legal product is "human in the loop." That principle is right. It is also the same principle Sullivan &amp; Cromwell had codified in policy when their associates filed hallucinated citations with a federal judge in early 2026. Gordon Rees same outcome on a bankruptcy filing. <a href="https://www.damiencharlotin.com/hallucinations/" target="_blank" rel="noopener">Damien Charlotin's public database</a> catalogs 1,369+ AI hallucination rulings. <strong>Policies are not enforcement.</strong> A runtime gate that inspects the proposed action <em>before</em> the human is asked to approve it is.</p>
+          <blockquote>"The legal sector is facing mounting pressure to adopt AI, and the firms and in-house teams that move are pulling ahead fast." &mdash; Anthropic, on Claude for Legal launch</blockquote>
+          <p>The firms moving fastest are also the firms most exposed to the failure modes Sullivan &amp; Cromwell hit. The combination of Anthropic's capability layer and a deterministic runtime gate is what separates "moves fast and apologizes to a judge" from "moves fast and ships audit evidence to procurement."</p>
+        </section>
+
+        <section class="detail-section">
+          <h2>The dual-deploy story for a regulated firm</h2>
+          <p>If your firm adopts Claude for Legal &mdash; or is already a paid Claude customer with the plugins available &mdash; the integration with ThumbGate is short and additive:</p>
+          <ol>
+            <li><strong>Claude for Legal handles capability.</strong> Associates use the Commercial, Corporate, Employment, Privacy, and IP plugins in Word, Outlook, Cowork, and Projects to generate work product. M365 connectors keep one context-carrying agent across tools.</li>
+            <li><strong>ThumbGate handles enforcement.</strong> Every tool call Claude proposes &mdash; a LexisNexis fetch, an iManage write, a DocuSign send, an outbound LLM call, a Box upload, a shell command in Claude Code &mdash; is inspected at PreToolUse against your firm-specific rule pack. Allow / warn / block / route-to-human, deterministically, with an audit log per decision.</li>
+            <li><strong>Vendor-agnostic coverage.</strong> When associates also use Cursor, Codex, or Gemini CLI alongside Claude for Legal &mdash; which most teams do &mdash; the same rule pack fires there too. Anthropic's containment does not extend to other vendors' agents. ThumbGate does.</li>
+          </ol>
+          <p>The result is what BigLaw procurement actually asks for: the capability gains Claude for Legal promises, plus the artifact-level audit evidence (rule ID, version, matched pattern, audit ID, ISO 27001 control mapping) a security review needs to sign off on the deployment. Our <a href="/ai-malpractice-prevention">legal-vertical pre-execution-controls page</a> shows the live demos: UPL Gate, Conflict Gate, Egress Gate.</p>
+        </section>
+
+        <section class="detail-section">
+          <h2>FAQ</h2>
+          <details class="faq-item" open>
+            <summary>If Anthropic is going direct to BigLaw, why does ThumbGate matter?</summary>
+            <p>Because the demand Anthropic just created &mdash; for AI inside legal workflows &mdash; is also the demand Sullivan &amp; Cromwell created when they apologized to a federal judge. The procurement question after a Claude for Legal pilot is the same question: how does your firm prove the model didn't take an unauthorized action? Anthropic's answer is "human in the loop." Procurement teams want an artifact-level answer too.</p>
+          </details>
+          <details class="faq-item">
+            <summary>Does ThumbGate need to be a Claude partner to gate Claude for Legal?</summary>
+            <p>No. The PreToolUse hook is a runtime boundary inside the agent process &mdash; it doesn't require an Anthropic partnership any more than a Node.js middleware library needs a partnership with the framework it sits in. Claude Code, Claude Desktop, and any tool that calls the Anthropic API ship the integration surface ThumbGate uses.</p>
+          </details>
+          <details class="faq-item">
+            <summary>What about firms that only use Claude for Legal, no other agents?</summary>
+            <p>Still relevant. Claude for Legal's enforcement is process-level ("human in the loop"); your firm's policy team probably wants rule-level enforcement for ABA Formal Opinion 512 + state-bar UPL conventions + your adverse-parties list. Those rules live in your ethics memo today. ThumbGate moves them into the runtime so they fire whether or not the associate notices the issue.</p>
+          </details>
+          <details class="faq-item">
+            <summary>Is this comparison sponsored or partnered?</summary>
+            <p>No. We don't have a partnership with Anthropic. We wrote this page because BigLaw prospects evaluate both products &mdash; we want them to choose by scope, not by confusion. If anything here misrepresents Claude for Legal, open an issue at <a href="https://github.com/IgorGanapolsky/ThumbGate/issues" target="_blank" rel="noopener">our repo</a> and we will correct it.</p>
+          </details>
+        </section>
+
+      </div>
+
+      <aside class="sidebar">
+        <div class="sidebar-card">
+          <span class="related-label">Install ThumbGate</span>
+          <p style="font-size: 14px;">Get PreToolUse rules running alongside Claude for Legal in two minutes.</p>
+          <a class="cta-button" href="https://github.com/IgorGanapolsky/ThumbGate" target="_blank" rel="noopener">npx thumbgate init &rarr;</a>
+        </div>
+
+        <div class="sidebar-card">
+          <span class="related-label">Try Claude for Legal too</span>
+          <p style="font-size: 13px;">Anthropic's vertical bundle. Plugins + connectors in your Word/Outlook/Cowork workspace. Available to all paid Claude customers. <a href="https://www.anthropic.com/" target="_blank" rel="noopener">anthropic.com</a></p>
+        </div>
+
+        <div class="sidebar-card">
+          <span class="related-label">Related comparisons</span>
+          <a class="related-card" href="/compare/anthropic-containment">
+            <strong>ThumbGate vs Anthropic's Claude Containment</strong><br>
+            <span style="color: var(--muted); font-size: 13px;">IDE-agent extension of Anthropic's published architecture</span>
+          </a>
+          <a class="related-card" href="/compare/arcjet">
+            <strong>ThumbGate vs Arcjet</strong><br>
+            <span style="color: var(--muted); font-size: 13px;">Agent-outbound gate vs app-inbound firewall</span>
+          </a>
+          <a class="related-card" href="/compare/oak-and-sparrow-gatekeeper">
+            <strong>ThumbGate vs Gatekeeper (Oak &amp; Sparrow)</strong><br>
+            <span style="color: var(--muted); font-size: 13px;">Agent-action gate vs workforce-input gate</span>
+          </a>
+          <a class="related-card" href="/ai-malpractice-prevention">
+            <strong>Pre-Execution Controls for Legal AI Agents</strong><br>
+            <span style="color: var(--muted); font-size: 13px;">Live UPL / Conflict / Egress gate demos</span>
+          </a>
+        </div>
+
+        <div class="sidebar-card">
+          <span class="related-label">Sources</span>
+          <p style="font-size: 13px;">Claude for Legal product facts verified from <a href="https://www.artificiallawyer.com/2026/05/12/claude-for-legal-launches-may-reshape-the-legal-tech-world/" target="_blank" rel="noopener">Artificial Lawyer (2026-05-12)</a>, <a href="https://fortune.com/2026/05/12/anthropic-legal-plug-in-release-claude-cowork-big-law/" target="_blank" rel="noopener">Fortune (2026-05-12)</a>, and Anthropic's launch announcement. Sullivan &amp; Cromwell incident framing from <a href="https://compliancehub.wiki/legal-ai-hallucination-reckoning-2026/" target="_blank" rel="noopener">ComplianceHub</a>. Hallucination ruling count from <a href="https://www.damiencharlotin.com/hallucinations/" target="_blank" rel="noopener">Damien Charlotin's database</a> (1,369+ rulings as of 2026-05-27). If anything here misrepresents Claude for Legal, open an issue at <a href="https://github.com/IgorGanapolsky/ThumbGate/issues" target="_blank" rel="noopener">our repo</a> and we will correct it.</p>
+        </div>
+      </aside>
+    </div>
+  </main>
+</body>
+</html>

package/public/compare/anthropic-containment.html

@@ -0,0 +1,280 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="UTF-8" />
+<meta name="viewport" content="width=device-width, initial-scale=1.0" />
+<title>ThumbGate vs Anthropic's Claude Containment | IDE-Agent Extension of a Published Architecture</title>
+<meta name="description" content="Anthropic published their three-layer containment architecture for Claude: ephemeral containers, OS-level sandboxes (Seatbelt / bubblewrap), and an MITM egress proxy. ThumbGate extends the same model to the IDE-agent layer — Cursor, Codex, Gemini, Amp, Cline, OpenCode — where Anthropic's sandbox stops." />
+<meta property="og:title" content="ThumbGate vs Anthropic's Claude Containment | IDE-Agent Extension" />
+<meta property="og:description" content="Anthropic contains Claude on claude.ai and Claude Code. ThumbGate contains the agents Anthropic does not own: Cursor, Codex, Gemini, Amp, Cline, OpenCode. Same three-layer model, extended to the agents you actually use." />
+<meta property="og:type" content="article" />
+<meta property="og:url" content="https://thumbgate.ai/compare/anthropic-containment" />
+<link rel="canonical" href="https://thumbgate.ai/compare/anthropic-containment" />
+<link rel="llm-context" href="/llm-context.md" type="text/markdown" />
+<link rel="icon" type="image/png" href="/thumbgate-icon.png" />
+<link rel="apple-touch-icon" href="/assets/brand/thumbgate-mark.svg" />
+<meta property="og:image" content="/og.png" />
+<style>
+  :root { --bg: #0a0a0b; --bg-raised: #111113; --bg-card: #161618; --line: #222225; --text: #e8e8ec; --muted: #8b8b96; --cyan: #22d3ee; --green: #4ade80; --amber: #fbbf24; }
+  * { box-sizing: border-box; }
+  body { margin: 0; font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', sans-serif; background: var(--bg); color: var(--text); line-height: 1.65; }
+  a { color: var(--cyan); text-decoration: none; }
+  a:hover { text-decoration: underline; }
+  .container { max-width: 980px; margin: 0 auto; padding: 0 24px; }
+  .topbar { position: sticky; top: 0; z-index: 20; backdrop-filter: blur(12px); background: rgba(10, 10, 11, 0.88); border-bottom: 1px solid var(--line); }
+  .topbar .container { display: flex; justify-content: space-between; align-items: center; padding-top: 14px; padding-bottom: 14px; }
+  .brand { font-weight: 700; color: var(--text); display: inline-flex; align-items: center; gap: 8px; text-decoration: none; }
+  .brand .logo-mark { width: 28px; height: 28px; display: block; }
+  .hero { padding: 72px 0 32px; }
+  .eyebrow { display: inline-flex; align-items: center; gap: 8px; padding: 6px 12px; border-radius: 999px; border: 1px solid rgba(34, 211, 238, 0.22); background: rgba(34, 211, 238, 0.1); color: var(--cyan); text-transform: uppercase; letter-spacing: 0.08em; font-size: 12px; font-weight: 700; }
+  h1 { font-size: clamp(34px, 5vw, 56px); line-height: 1.06; letter-spacing: -0.04em; margin: 16px 0; max-width: 860px; }
+  .hero p { max-width: 760px; color: var(--muted); font-size: 18px; }
+  .grid { display: grid; grid-template-columns: minmax(0, 2fr) minmax(280px, 1fr); gap: 24px; padding-bottom: 72px; }
+  .card, .detail-section, .sidebar-card { background: var(--bg-card); border: 1px solid var(--line); border-radius: 16px; }
+  .card { padding: 24px; }
+  .detail-section { padding: 24px; margin-bottom: 18px; }
+  .detail-section h2 { margin: 0 0 12px; font-size: 24px; letter-spacing: -0.03em; }
+  .detail-section p, .detail-section li, .sidebar-card p { color: var(--muted); }
+  .detail-section ul, .card ul { padding-left: 18px; color: var(--muted); }
+  .comparison-table { width: 100%; border-collapse: collapse; margin-top: 16px; font-size: 14px; }
+  .comparison-table th, .comparison-table td { border: 1px solid var(--line); padding: 12px; text-align: left; vertical-align: top; }
+  .comparison-table th { background: var(--bg-raised); color: var(--cyan); }
+  .pill-row { display: flex; flex-wrap: wrap; gap: 12px; margin-top: 24px; }
+  .pill { border: 1px solid var(--line); background: var(--bg-raised); border-radius: 999px; padding: 10px 14px; font-size: 14px; font-weight: 650; }
+  .pill.good { color: #b8f7c8; border-color: rgba(74, 222, 128, 0.28); background: rgba(74, 222, 128, 0.1); }
+  .pill.warn { color: #ffe2a4; border-color: rgba(251, 191, 36, 0.28); background: rgba(251, 191, 36, 0.1); }
+  .sidebar { display: flex; flex-direction: column; gap: 18px; }
+  .sidebar-card { padding: 20px; }
+  .sidebar-card:first-child { position: sticky; top: 84px; max-height: calc(100vh - 104px); overflow-y: auto; -webkit-overflow-scrolling: touch; }
+  .cta-button { display: inline-flex; align-items: center; justify-content: center; margin-top: 18px; padding: 12px 16px; border-radius: 10px; background: var(--cyan); color: #071116; font-weight: 700; text-decoration: none; }
+  .related-card { display: block; padding: 14px; border-radius: 12px; border: 1px solid var(--line); background: var(--bg-raised); margin-top: 12px; color: var(--text); }
+  .related-label { display: block; color: var(--muted); font-size: 12px; text-transform: uppercase; letter-spacing: 0.08em; margin-bottom: 4px; }
+  .faq-item { border-top: 1px solid var(--line); padding: 14px 0; }
+  .faq-item summary { cursor: pointer; font-weight: 600; }
+  .faq-item p { color: var(--muted); }
+  blockquote { border-left: 3px solid var(--cyan); margin: 14px 0; padding: 6px 16px; color: var(--text); font-style: italic; background: rgba(34, 211, 238, 0.05); }
+  @media (max-width: 860px) { .grid { grid-template-columns: 1fr; } .sidebar-card:first-child { position: static; max-height: none; overflow: visible; } }
+</style>
+<script type="application/ld+json">
+{
+  "@context": "https://schema.org",
+  "@type": "TechArticle",
+  "headline": "ThumbGate vs Anthropic's Claude Containment Architecture",
+  "description": "Anthropic published their three-layer containment model: environment isolation (ephemeral gVisor containers, Seatbelt/bubblewrap sandboxes, hypervisor VMs), behavioral guidance, and external content controls. ThumbGate extends the same model to the IDE-agent layer where Anthropic's sandbox stops.",
+  "about": ["thumbgate vs anthropic containment", "Claude Code sandbox", "IDE agent safety architecture", "PreToolUse hooks for non-Claude agents"],
+  "url": "https://thumbgate.ai/compare/anthropic-containment",
+  "citation": "https://www.anthropic.com/engineering/how-we-contain-claude",
+  "publisher": { "@type": "Organization", "name": "ThumbGate", "url": "https://thumbgate.ai" },
+  "mainEntityOfPage": "https://thumbgate.ai/compare/anthropic-containment"
+}
+</script>
+<script type="application/ld+json">
+{
+  "@context": "https://schema.org",
+  "@type": "FAQPage",
+  "mainEntity": [
+    {
+      "@type": "Question",
+      "name": "Is ThumbGate a competitor to Anthropic's Claude containment?",
+      "acceptedAnswer": {
+        "@type": "Answer",
+        "text": "No. Anthropic's published containment architecture (gVisor ephemeral containers on claude.ai, Seatbelt on macOS and bubblewrap on Linux for Claude Code, hypervisor VMs for Claude Cowork, MITM egress proxy) covers what they ship. It stops at the Claude Code process boundary. ThumbGate runs the same three-layer model (environment → permission gate → egress) at the IDE-agent layer for the agents Anthropic does not own: Cursor, OpenAI Codex CLI, Google Gemini CLI, Sourcegraph Amp, Cline, OpenCode, and Claude Desktop. Same architectural model, extended to the agents your team actually uses alongside Claude Code."
+      }
+    },
+    {
+      "@type": "Question",
+      "name": "What does Anthropic's article tell us about agent containment?",
+      "acceptedAnswer": {
+        "@type": "Answer",
+        "text": "Three lessons we operationalize: (1) Design for containment at the environment layer first, then steer behavior at the model layer. (2) Tool output is an attack surface even when the tool is trusted — a system prompt cannot prevent an exfiltration that the tool itself returns. (3) Battle-tested primitives (hypervisors, seccomp, gVisor) are more reliable than custom proxy components. ThumbGate's PreToolUse hook is the IDE-agent analogue of Anthropic's permission gate; the planned PostToolUse output inspection is the IDE-agent analogue of Anthropic's tool-output check before context insertion."
+      }
+    },
+    {
+      "@type": "Question",
+      "name": "Where does Anthropic's containment stop and ThumbGate begin?",
+      "acceptedAnswer": {
+        "@type": "Answer",
+        "text": "Anthropic's containment lives inside the products they ship (claude.ai, Claude Code, Claude Cowork). The moment your developer opens Cursor with the Anthropic API key, or runs an OpenAI Codex CLI session against a local repo, or wires up an MCP server in any agent runtime, you've left Anthropic's containment boundary. ThumbGate runs the same PreToolUse-gating model inside those non-Anthropic-owned runtimes. The two compose: Anthropic contains Claude inside their products, ThumbGate contains the agents your team uses outside them."
+      }
+    },
+    {
+      "@type": "Question",
+      "name": "Why should I use a third-party tool instead of writing my own bubblewrap rules?",
+      "acceptedAnswer": {
+        "@type": "Answer",
+        "text": "Anthropic's own conclusion: 'the software you build yourself is often the weakest.' Their early custom MITM proxy failed in real incidents involving credential exfiltration and allowlist bypasses; they rebuilt on hypervisor primitives. ThumbGate's gate engine, lesson DB, Thompson Sampling auto-promotion, and adapter matrix across eight agent runtimes is the same argument: maintained infrastructure beats per-team shell scripts that go stale the moment Claude Code, Cursor, or Codex ship a breaking change to their hook API."
+      }
+    },
+    {
+      "@type": "Question",
+      "name": "Does ThumbGate use any of the same primitives Anthropic uses?",
+      "acceptedAnswer": {
+        "@type": "Answer",
+        "text": "Different layer, different primitives. Anthropic relies on OS sandboxes (Seatbelt, bubblewrap, gVisor, hypervisors) because they ship the runtime. ThumbGate runs as a PreToolUse hook inside agent runtimes that don't expose those OS primitives to third parties, so ThumbGate's enforcement layer is pure JavaScript pattern matching against intercepted tool calls — fast, auditable, no LLM on the path. The architectural model is the same; the implementation is what each layer can reach."
+      }
+    }
+  ]
+}
+</script>
+</head>
+<body>
+<div class="topbar">
+  <div class="container">
+    <a class="brand" href="/"><img src="/assets/brand/thumbgate-mark-inline.svg" alt="ThumbGate" class="logo-mark" width="28" height="28"><span class="logo-text">ThumbGate</span></a>
+    <a href="https://github.com/IgorGanapolsky/ThumbGate/blob/main/docs/VERIFICATION_EVIDENCE.md" target="_blank" rel="noopener">Verification evidence</a>
+  </div>
+</div>
+
+<section class="hero">
+  <div class="container">
+    <span class="eyebrow">ThumbGate vs Anthropic Containment</span>
+    <h1>Anthropic contains Claude inside their products. ThumbGate contains every other agent your team uses.</h1>
+    <p>Anthropic published <a href="https://www.anthropic.com/engineering/how-we-contain-claude" target="_blank" rel="noopener">"How we contain Claude"</a> on their engineering blog — a three-layer architecture (environment isolation → behavioral guidance → external content controls) implemented across claude.ai, Claude Code, and Claude Cowork. That coverage stops at the Anthropic product boundary. <strong>ThumbGate runs the same architectural model at the IDE-agent layer</strong> — Cursor, OpenAI Codex CLI, Google Gemini CLI, Sourcegraph Amp, Cline, OpenCode, and Claude Desktop — where Anthropic's sandbox does not reach.</p>
+    <div class="pill-row">
+      <span class="pill">Same 3-layer model</span>
+      <span class="pill">Different runtime layer</span>
+      <span class="pill good">Composable, not competitive</span>
+    </div>
+  </div>
+</section>
+
+<div class="container grid">
+  <main>
+    <article class="detail-section">
+      <h2>Anthropic's published architecture, mapped to ThumbGate</h2>
+      <table class="comparison-table">
+        <thead>
+          <tr>
+            <th>Anthropic layer (published practice)</th>
+            <th>Where ThumbGate fits</th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <td><strong>Ephemeral gVisor containers</strong> (claude.ai per-session filesystem; "no code runs on the local machine")</td>
+            <td>Out of scope — Anthropic's hosted product. ThumbGate is local-first by design.</td>
+          </tr>
+          <tr>
+            <td><strong>OS-level sandbox</strong> (Seatbelt on macOS, bubblewrap on Linux for Claude Code; 84% reduction in permission prompts)</td>
+            <td><strong>Direct analogue.</strong> ThumbGate's PreToolUse hook is the cross-agent version: same "evaluate before execution" model, but works inside Cursor, Codex, Gemini, Amp, Cline, OpenCode where bubblewrap/Seatbelt don't apply.</td>
+          </tr>
+          <tr>
+            <td><strong>Hypervisor VM isolation</strong> (Claude Cowork; "the agent loop ran inside the guest…executed as an ordinary Linux user with no awareness it was sandboxed")</td>
+            <td>Out of scope — Anthropic's managed VM offering. ThumbGate's adjacent value: deterministic rule enforcement that follows the agent across whichever machine you run it on.</td>
+          </tr>
+          <tr>
+            <td><strong>MITM egress proxy</strong> (intercepts API traffic, validates VM-provisioned session tokens after credential exfiltration was discovered through approved domains)</td>
+            <td><strong>Roadmap analogue.</strong> ThumbGate's egress-rule gates can block external LLM calls when privilege markers or restricted hostnames appear in the outbound payload — same defense, IDE-agent layer.</td>
+          </tr>
+          <tr>
+            <td><strong>Tool output inspection pre-context</strong> ("tool output is an attack surface even when the tool is trusted")</td>
+            <td><strong>Direct roadmap item.</strong> PostToolUse output inspection is the natural extension of ThumbGate's PreToolUse model. Same logic, applied to the returned payload before it enters agent context.</td>
+          </tr>
+          <tr>
+            <td><strong>Model-layer behavioral guidance</strong> (system prompts, model tuning)</td>
+            <td>Not us. ThumbGate is deterministic enforcement, not steering. We assume the model will sometimes try the wrong thing; the gate is what stops it from succeeding.</td>
+          </tr>
+        </tbody>
+      </table>
+    </article>
+
+    <article class="detail-section">
+      <h2>Three lessons from Anthropic that operationalize for non-Anthropic agents</h2>
+      <p><strong>1. Environment first, behavior second.</strong> Anthropic writes:</p>
+      <blockquote>"Design for containment at the environment layer first, then steer behavior at the model layer."</blockquote>
+      <p>This is exactly why ThumbGate is a PreToolUse hook rather than a system-prompt addition. The gate fires regardless of what the model "tries to do" — it acts on the actual tool-call payload, not on the model's intent.</p>
+
+      <p><strong>2. Tool output is an attack surface.</strong> Anthropic writes:</p>
+      <blockquote>"Tool output is an attack surface even when the tool is trusted."</blockquote>
+      <p>This is the architectural justification for ThumbGate's roadmapped PostToolUse output-inspection layer. A trusted internal tool returning poisoned data is the same threat as an untrusted external one — both flow into the model's context window with the same authority.</p>
+
+      <p><strong>3. Battle-tested primitives beat custom proxies.</strong> Anthropic writes:</p>
+      <blockquote>"The software you build yourself is often the weakest."</blockquote>
+      <p>Their early custom MITM proxy failed in real incidents involving credential exfiltration and allowlist bypasses; they rebuilt on hypervisor primitives. The same argument applies one layer up: a maintained third-party gate engine, lesson DB, and adapter matrix across eight agent runtimes is more reliable than per-team shell scripts that go stale the moment Claude Code, Cursor, or Codex ship a breaking change to their hook API.</p>
+    </article>
+
+    <article class="detail-section">
+      <h2>When you should rely on Anthropic's containment vs ThumbGate</h2>
+      <ul>
+        <li><strong>You only use claude.ai:</strong> Anthropic's containment is doing the work. ThumbGate adds nothing.</li>
+        <li><strong>You only use Claude Code on macOS or Linux:</strong> Anthropic's bubblewrap/Seatbelt covers the bash + filesystem surface. ThumbGate adds value for repeated-mistake prevention (the "thumbs down → blocked next time" loop) and for any MCP servers wired into Claude Code that bubblewrap doesn't gate.</li>
+        <li><strong>You use Cursor, Codex CLI, Gemini CLI, Amp, Cline, OpenCode, or Claude Desktop:</strong> Anthropic's sandboxes do not apply. ThumbGate is the only PreToolUse layer that covers all of them with one configuration.</li>
+        <li><strong>You use Claude Cowork:</strong> Anthropic's hypervisor VM contains the execution surface. ThumbGate's enforcement persists across whichever VM or machine the agent runs on, useful when you want the same rule to fire in dev + production.</li>
+      </ul>
+    </article>
+
+    <article class="detail-section">
+      <h2>FAQ</h2>
+      <details class="faq-item" open>
+        <summary>Is ThumbGate a competitor to Anthropic's Claude containment?</summary>
+        <p>No. Anthropic's containment stops at the Claude Code / claude.ai / Claude Cowork product boundary. ThumbGate runs the same three-layer model at the IDE-agent layer — Cursor, Codex, Gemini, Amp, Cline, OpenCode, Claude Desktop — where Anthropic's sandbox does not reach.</p>
+      </details>
+      <details class="faq-item">
+        <summary>What does Anthropic's article tell us about agent containment?</summary>
+        <p>Three lessons we operationalize: environment first then behavior, tool output is an attack surface, battle-tested primitives beat custom proxies. ThumbGate's PreToolUse hook is the IDE-agent analogue of Anthropic's permission gate; the planned PostToolUse output inspection is the analogue of Anthropic's tool-output check before context insertion.</p>
+      </details>
+      <details class="faq-item">
+        <summary>Why use a third-party tool instead of writing my own bubblewrap rules?</summary>
+        <p>Anthropic's own conclusion: "the software you build yourself is often the weakest." Their early custom MITM proxy failed in real incidents; they rebuilt on hypervisor primitives. ThumbGate's maintained gate engine + lesson DB + adapter matrix is the same argument one layer up: maintained infrastructure beats per-team shell scripts that go stale the moment Claude Code, Cursor, or Codex ship a breaking change to their hook API.</p>
+      </details>
+      <details class="faq-item">
+        <summary>Where does Anthropic's containment stop and ThumbGate begin?</summary>
+        <p>Inside Anthropic's products: Anthropic. The moment your dev opens Cursor with the Anthropic API key, or runs Codex against a local repo, or wires up an MCP server in any agent runtime: ThumbGate. The two compose without overlap.</p>
+      </details>
+      <details class="faq-item">
+        <summary>Where do I start?</summary>
+        <p>If you use Claude Code: keep using it as-is, install ThumbGate alongside (<code>npx thumbgate init</code>) for the repeated-mistake prevention loop and for the MCP servers Anthropic's sandbox doesn't reach. If you use any other agent runtime: ThumbGate is the only deterministic PreToolUse layer for them.</p>
+      </details>
+    </article>
+  </main>
+
+  <aside class="sidebar">
+    <div class="sidebar-card">
+      <h3 style="margin: 0 0 8px;">Install ThumbGate free</h3>
+      <p>10 captures/day, 3 active rules, PreToolUse blocking across Claude Code, Cursor, Codex, Gemini, Amp, Cline, OpenCode, Claude Desktop.</p>
+      <pre style="background: var(--bg-raised); border: 1px solid var(--line); border-radius: 8px; padding: 12px; font-size: 13px; overflow: auto;">npx thumbgate init</pre>
+      <a class="cta-button" href="/pricing">See Pro vs Team pricing →</a>
+      <p style="font-size: 12px; margin-top: 16px;">MIT licensed. No telemetry without opt-in. <code>THUMBGATE_NO_TELEMETRY=1</code> disables.</p>
+    </div>
+
+    <div class="sidebar-card">
+      <span class="related-label">Read Anthropic's article</span>
+      <p style="font-size: 13px;"><a href="https://www.anthropic.com/engineering/how-we-contain-claude" target="_blank" rel="noopener">"How we contain Claude" — Anthropic engineering blog</a>. The published architectural model this page extends to non-Anthropic agent runtimes.</p>
+    </div>
+
+    <div class="sidebar-card">
+      <span class="related-label">Related comparisons</span>
+      <a class="related-card" href="/compare/bumblebee">
+        <strong>ThumbGate vs Bumblebee</strong><br>
+        <span style="color: var(--muted); font-size: 13px;">Runtime enforcement vs Perplexity's static MCP inventory</span>
+      </a>
+      <a class="related-card" href="/compare/claude-code-hooks">
+        <strong>ThumbGate vs claude-code-hooks</strong><br>
+        <span style="color: var(--muted); font-size: 13px;">Hosted sync vs local shell scripts</span>
+      </a>
+      <a class="related-card" href="/compare/heidi">
+        <strong>ThumbGate vs HEIDI</strong><br>
+        <span style="color: var(--muted); font-size: 13px;">Agent behavior vs dependency CVE scanning</span>
+      </a>
+      <a class="related-card" href="/compare/oak-and-sparrow-gatekeeper">
+        <strong>ThumbGate vs Gatekeeper (Oak &amp; Sparrow)</strong><br>
+        <span style="color: var(--muted); font-size: 13px;">Agent-action gate vs workforce-input gate</span>
+      </a>
+      <a class="related-card" href="/compare/arcjet">
+        <strong>ThumbGate vs Arcjet</strong><br>
+        <span style="color: var(--muted); font-size: 13px;">Agent-outbound gate vs app-inbound firewall</span>
+      </a>
+      <a class="related-card" href="/compare/anthropic-claude-for-legal">
+        <strong>ThumbGate vs Claude for Legal</strong><br>
+        <span style="color: var(--muted); font-size: 13px;">Runtime feedback-to-enforcement loop underneath Anthropic's legal bundle</span>
+      </a>
+    </div>
+
+    <div class="sidebar-card">
+      <span class="related-label">Sources</span>
+      <p style="font-size: 13px;">All Anthropic quotes from <a href="https://www.anthropic.com/engineering/how-we-contain-claude" target="_blank" rel="noopener">"How we contain Claude"</a> on the Anthropic engineering blog. If anything here misrepresents Anthropic's published architecture, open an issue at <a href="https://github.com/IgorGanapolsky/ThumbGate/issues" target="_blank" rel="noopener">our repo</a> and we'll correct it.</p>
+    </div>
+  </aside>
+</div>
+</body>
+</html>