Claude Code's Dynamic Workflows: Who Owns the Error?
Claude Code's dynamic workflows can run 50+ agents through legal and compliance documents in 30 minutes. The harder question is who's liable when they're wrong.
Written by AI. Samira Barnes

Photo: AI. Dante Nwosu
Somewhere in a law firm right now, a junior associate is spending twelve hours reading a data room before an acquisition closes. That work is billable, exhausting, and — if you believe what Anthropic has quietly shipped in Claude Code — increasingly automatable.
The feature is called dynamic workflows. It is not, as far as the AI news cycle is concerned, the story of the week; that designation has gone to a model release whose version number, "Opus 4.8," does not correspond to any release name Anthropic has publicly documented as of early 2025. Consider that a dispatch from the hype factory. The actual development worth examining is the infrastructure question underneath it: what does it mean, legally and professionally, to delegate high-stakes document review to an automated adversarial agent system — and who is accountable when the output is wrong?
What the feature actually does
Mark Kashef, who covers Claude Code tooling on YouTube, demonstrated dynamic workflows against a 70-plus document data room — contracts, leases, proposals, memos — and generated a full due diligence report in roughly 20 to 30 minutes. The mechanism: Claude Code spins up a specified fleet of agents, queues them in batches rather than launching them simultaneously, and structures the work so that later agents explicitly challenge the findings of earlier ones. Kashef describes it as "micro devil's advocates running in the background to make sure that by the time you get a confirmed insight, it is indeed as meritorious as possible and ideally as data-backed as possible."
That adversarial internal structure is the architecturally interesting part, and it's what separates dynamic workflows from simply running a large prompt. Agent A reads a contract and surfaces a finding. Agent B's job is to dispute it. Only confirmed findings reach the output. It is, in miniature, something like the review-and-challenge process that legal and compliance functions are supposed to perform on their own.
The trigger is the word "workflow" in the prompt itself. Kashef's actual due diligence prompt begins: "I'm the diligence lead. Build a workflow that reads every contract here in parallel and flags anything that could hurt the deal." That phrase is what instructs Claude Code to invoke the feature rather than handling the task through conventional agent teams. A deeper needle-in-the-haystack pass — "build a workflow that reads every file in this entire data room and hunts things that a seller would rather we never find" — ran 51 agents and consumed what Kashef reports as approximately 3.2 million tokens over 23 minutes. That figure comes from a single demonstration run and should be understood as an illustrative anecdote rather than a reproducible benchmark; token consumption will vary substantially with document complexity, prompt design, and task scope. Similarly, Kashef's estimate that conventional agent teams cost "around 250,000 to 300,000 tokens on average for one particular task" is his own observed figure, not an Anthropic-published specification.
The multi-agent orchestration question — how to coordinate large agent fleets without the model itself becoming the bottleneck — is one Anthropic has been working through in several recent releases. Dynamic workflows appear to be their answer for the high-document-count, wide-scope end of that problem.
The accountability gap hiding in the use cases
Here is where the feature tour becomes a policy question.
Kashef's use case list spans law, finance, healthcare, insurance, real estate, software security, marketing, recruiting, and compliance. Most of those industries are regulated. Several carry specific professional liability frameworks. A few carry criminal penalties for certain categories of error. And the use cases he describes — flagging deal-killer contract clauses before an acquisition meeting, triaging insurance claims into "auto-approve" and "needs a human" queues, checking patient charts against care guidelines, auditing policy documents against regulatory standards — are not administrative conveniences. They are, in many jurisdictions, tasks that carry professional obligations attached to the human or institution performing them.
The compliance use case is the sharpest example. Kashef suggests building a workflow that checks every policy document against a regulatory standard, flags gaps, has secondary agents challenge false positives, and returns a ranked remediation list. That is a useful tool. It is also a document that, if an organization treats it as satisfying a regulatory review obligation, may expose them to liability the moment a regulator asks who signed off on the analysis and the answer is effectively: an automated system with no professional credentials, no errors-and-omissions coverage, and no regulatory standing.
The question is not whether the workflow output is useful — it likely is. The question is whether it satisfies a legal or compliance review obligation under applicable law, and, when it misses something material, which it will, who owns that error. The attorney of record? The compliance officer who ran the prompt? The firm that deployed the tool? Anthropic? These questions do not have settled answers, and the pace at which this tooling is being adopted in professional contexts is running well ahead of the regulatory frameworks designed to address them.
The Bedrock problem is not a footnote
On the healthcare use case, Kashef is appropriately cautious: "Naturally, you want to make sure that you're running this in a secure manner. I wouldn't imagine you're using a consumer-based Claude Code account. You'd need the Amazon Bedrock passthrough for enterprise usage."
That single sentence contains a compliance iceberg. Running patient chart data through any AI system implicates HIPAA's Privacy Rule, Security Rule, and the Business Associate Agreement framework. AWS does offer a HIPAA-eligible environment through Amazon Bedrock, and Anthropic's Claude models are available through that pathway — but "available through Bedrock" and "HIPAA-compliant for your specific deployment" are not the same thing. Whether a given Claude-via-Bedrock deployment satisfies a covered entity's BAA requirements depends on configuration, data handling practices, audit logging, and the specific terms negotiated with AWS. None of that is automatic. A healthcare organization that treats "use Bedrock" as a compliance checkbox and proceeds to run patient charts through dynamic workflows without legal review of their BAA coverage and data residency requirements is not managing risk — it is creating a new one.
The Claude Managed Agents platform that Anthropic has been building out raises the same infrastructure questions at scale: as the tooling becomes easier to deploy, the gap between what is technically possible and what is legally permissible in a regulated-data context tends to widen, not close.
This matters beyond healthcare. Financial transaction audits implicate SOX and GLBA. Insurance claims triage in some states triggers specific regulatory requirements around automated decision-making. Recruiting workflows that score resumes against a rubric — even one designed to catch bias — intersect with EEOC guidance on algorithmic hiring tools that the agency has been actively developing. "Has another agent check each score for bias inconsistency" is not, in itself, a defensible bias mitigation practice under any current regulatory framework I am aware of.
What Kashef actually gets right
It would be easy to overread the risk and underweight the genuine utility. The adversarial agent structure — where findings are contested before they surface — is a meaningful architectural choice. For tasks that are genuinely about pattern detection across large document sets, where the output is a starting point for human review rather than a final determination, dynamic workflows appear to offer something real: thoroughness that a single-session prompt cannot achieve, and internal challenge that a simple summarization pipeline lacks.
Kashef is also honest about scope. "You don't want to stop at 70 folders. You don't want to have Claude stop at 40 and then spin up a brand new agent team to complete the task." The feature is designed for long-running, wide-scope, well-defined tasks — not for general-purpose querying. That constraint is load-bearing. The cases where dynamic workflows make sense technically are largely cases where the stakes of a missed finding are high enough to make the accountability question non-optional.
The workflows run. The reports get generated. And then a human attorney, compliance officer, or financial auditor has to decide how much professional weight to put on output from a system that has no professional standing of its own — and whose error rate on any specific document type, in any specific regulatory context, has not been independently verified. That decision is not a technical one. It sits in the territory of professional ethics, institutional liability, and, eventually, regulatory guidance that does not yet exist.
The feature is worth understanding. The accountability structure around deploying it in regulated industries is worth building before the first material error ends up in discovery.
Samira Barnes covers technology policy and regulation for Buzzrag.
AI Moves Fast. We Keep You Current.
Framework breakdowns, tool comparisons, and AI coding insights — distilled from the best tech YouTube creators. Free, weekly.
More Like This
Kimi K2.6 Is Free on NVIDIA NIM—Read the Fine Print
Kimi K2.6 is now free via NVIDIA's NIM API. But who controls AI model distribution when NVIDIA becomes the default inference layer?
Two Hidden Claude Code Commands That Actually Matter
Most Claude Code users ignore /power-up and /insights. Here's why these slash commands might be the productivity hack you didn't know you needed.
Claude Code's New Workflow Tool Changes Multi-Agent AI
Anthropic quietly added a workflow tool to Claude Code that replaces model-based orchestration with deterministic JavaScript. Here's what that actually means.
Claude Code Routines: AI That Audits Your Code While You Sleep
Anthropic's new Claude Code Routines automate security audits and code improvements on schedule. We tested it on a to-do app and found 75 vulnerabilities.
Building AI Agents Without the Plumbing Nightmare
Anthropic's Isabella He walked developers through shipping a production incident-response agent in six functions. Here's what the architecture actually reveals.
Claude Code's Skill Chaining Raises Automation Questions
Anthropic's Claude Code now allows sequential skill execution through 'context fork' commands. Technical advancement or regulatory blind spot?
YouTube Lets Users Finally Kill Shorts Feed—With Caveats
YouTube now allows users to set a zero-minute daily limit on Shorts, effectively removing them from feeds. Here's what the feature actually does—and doesn't—do.
Redash: The Open-Source BI Tool Built for SQL, Not Scale
Redash offers developers a SQL-first alternative to Tableau and Power BI. But its design choices reveal competing visions for who should own analytics.
RAG·vector embedding
2026-05-30This article is indexed as a 1536-dimensional vector for semantic retrieval. Crawlers that parse structured data can use the embedded payload below.