From today onward, AI no longer borrows your work badge.
On June 23, Anthropic launched Claude Tag—an AI team member permanently residing in a Slack channel.
It doesn't use any human accounts or permissions; it has its own identity, its own account, and its own audit trail.
Anthropic calls this agent identity.

Three engineers and one PM are debugging in the same Slack channel. Someone @'s Claude, asking it to check the code repository, pull metrics from the data warehouse, and create a PR on GitHub.
So the question arises: whose permissions should the AI use?
The PM's? She doesn't have repo access. One of the engineers'? Maybe he doesn't have the necessary data warehouse permissions.
The answer is: none of the above.
When AI transitions from "a personal assistant for one person" to "a collaborative member of a team," the traditional permission model breaks down logically.
Anthropic's solution is: don't borrow anyone's permissions; issue the AI its own work badge.
An AI with a 'Staff Card' Joins Slack
Claude Tag is not a chatbot.
It's an AI colleague permanently residing in your Slack channel—with its own account, its own memory, and its own toolset.
There is only one Claude per channel, shared by everyone, and everyone can see what it's doing.
When you join, you don't need to explain the context from scratch, because it has already learned along the way from the team's conversations.

Even more impressive is the "Listen-Only Mode."
When activated, Claude monitors the channel on its own. If a thread goes unanswered or a problem isn't followed up on, it proactively steps in. No need to @ it.
For example, you open Slack on Monday morning, and Claude has already investigated the issue you left in the channel last Friday that no one picked up, waiting for your confirmation.
The AI's Own Work Badge
The core design of Claude Tag isn't a product feature; it's the permission architecture.
Anyone who has used AI assistants like ChatGPT knows they connect to your own Google Drive, GitHub, calendar, using your permissions.
But Claude Tag is multi-user—three to five people in a channel @ it in turn. Whose permissions should it use?
Anthropic's solution is called agent identity.
Claude has its own account in each system.

In Slack, it posts messages as the Claude App.
In GitHub, it creates PRs as the Claude GitHub App.
In your data warehouse, it queries using a service account configured by the administrator.
No human credentials are involved at any point.
Administrators define a baseline identity at the workspace level—Claude inherits this default configuration everywhere. Then, they can override it at the channel level:
The engineering channel gets GitHub and data warehouse access. The CRM tool is locked to the sales team's private channel. The legal channel has its own legal toolkit.
Private channels each have independent identities, while public channels share the workspace-level identity.
What Claude learns in the legal channel never appears in the engineering channel. What you discuss with Claude in DMs doesn't reach the team channels either, because DMs go through your personal claude.ai account.

Revoking permissions is simpler. Revoke one identity, and Claude is simultaneously disconnected from all access points. No need to audit dozens of user accounts one by one, because the AI never used them.
Currently, Claude Tag is in beta for Enterprise Edition ($125 per user/month) and Team Edition ($20 per user/month, annual billing) customers, with usage-based billing, using the Opus 4.8 model.
You Don't Have Repo Permissions, But the AI Does
For example, you are a product manager but don't have GitHub permissions and can't view code.
In this case, you just ask Claude in the engineering channel "why is this interface returning an error?" Claude then goes to investigate, because the channel's configuration gives Claude repo access.
Previously, this required walking over and tapping an engineer on the shoulder. Now, the AI goes to check for you.
In other words, permissions no longer follow the person; they follow the channel.
The engineering channel gives Claude repo access, so anyone in that channel can use Claude to check code—regardless of their own personal access.

Anthropic's assessment of this is: Counterintuitive, but necessary.
Counterintuitive, because it goes against a security professional's instincts.
Necessary, because in scenarios involving multi-person collaboration and increasing AI autonomy, the user-based permission model is logically untenable.
Of course, there are safeguards.
The Enterprise Edition supports RBAC, allowing administrators to decide who can @Claude and who cannot within a channel. Channel configurations can have caps set according to the least-privileged member.
Anthropic Does This Themselves
65% of the code produced by Anthropic's product team is generated by Claude, exceeding 80% as of May this year.
Engineers now merge eight times more code per day than in 2024.
"It feels like managing a team, not using a tool." This is what Boris Cherny said, and he hasn't written any code himself in half a year.
For the average worker, the feeling is more direct—
You say in the channel "this data looks wrong," and Claude goes off to check the data warehouse, locates the anomaly, writes the fix, and waits for your review. You didn't write a single line of code, but the task is done.

AI Bots Outnumber Employees 50 to 1. Who Manages Them?
Right now, many companies likely already have dozens of AI bots running. But who created them, who approved their permissions, whether they've "left the company"—probably no one can say for sure.
In large enterprises, the number of such non-human identities is 50 to 80 times that of human employees.
Data from Ramp in May 2026 shows that 34.4% of US businesses are already using paid Claude subscriptions, surpassing OpenAI's 32.3%.
And once Claude settles into a channel for half a year, accumulating the entire team's context and work habits, switching to a different AI means starting from zero.

More and more teams will encounter the problem from the beginning—whose permissions should be used?
Anthropic's answer is already given: use no one's; the AI has its own work badge.
References:
https://claude.com/blog/agent-identity-access-model
This article is from the WeChat public account "Xin Zhi Yuan" (New Wisdom Era), Author: ASI Revelations





